View Full Version : Problem with Windows 7 after TDSS infection
jch02140
2011-02-26, 17:21
Hi,
Two days ago my laptop was infected with a nasty TDSS rootkit and have been having the iastor.sys BSOD every time I boot into windows or safemode.
While attempt to get through to the command-line option with 10 tries, 9 times got bsod and restarted but
I managed to get to the command prompt option via F8 and used the Kaspersky TDSSkiller tool to remove the rootkit.
I have also scanned my computer and remove other virus with Malwarebytes Anti-Virus tool in safe mode.
I have also attached a log files from DSS and HiJackThis. Since my system is Windows 7 x64, I have not include the GMER log file.
I have scanned and removed all the virus/malwares from the system until all my scanners returns nothing found. Problems are mostly solved but I am still having some other problem
like the system disk check not starting up on reboot. Also, all my shortcuts on the start menu are gone as well as the one in Administrative tools, etc....
I tried to roll back but the rootkit turned the system security center off and the restore point is removed....
How do I fix this?
Seems like there is some system files corrupted or something... I ran sfc /scannow and it says I have some corrupted files but cannot be fixed...
Here is the uploaded log file from sfc as it is too big to attach here:
http://uf6.info/txt/2822109.txt
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Acer at 20:43:47.82 on 22/02/2011 ßL¶þ
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.3076.18.1781.707 [GMT 8:00]
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Acer\Desktop\dds.scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PACKET~1.LNK - C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: ÉÏ´«µ½ÌÔ½*ºþÏà²á - C:\Program Files (x86)\AliWangWang\AddToAlbum.htm
IE: ·ÖÏíµ½ÌÔ½*ºþ - C:\Program Files (x86)\AliWangWang\ShareToTJH.htm
IE: Ìí¼ÓΪ°¢ÀïÍúÍú±íÇé - C:\Program Files (x86)\AliWangWang\AddNewEmotion.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: archlord.com
Trusted Zone: hangame.com
Trusted Zone: naver.com\archlord
Trusted Zone: taobao.com
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab
DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab
DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\
FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npaliedit.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwangwang.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Acer\AppData\Local\Alibaba\AliSetup\0.1.0.51\npAliSetupOneClick.dll
FF - plugin: C:\Users\Acer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\system32\npKeyPro.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: British English Dictionary: http://forums.spybot.info/misc.php?do=email_dev&email=ZW4tR0JAZGljdGlvbmFyaWVzLmFkZG9ucy5tb3ppbGxhLm9yZw== - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: United States English Spellchecker: http://forums.spybot.info/misc.php?do=email_dev&email=ZW4tVVNAZGljdGlvbmFyaWVzLmFkZG9ucy5tb3ppbGxhLm9yZw== - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: LogMeIn, Inc. Remote Access Plugin: http://forums.spybot.info/misc.php?do=email_dev&email=TG9nTWVJbkNsaWVudEBsb2dtZWluLmNvbQ== - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: KeepTube Downloader: http://forums.spybot.info/misc.php?do=email_dev&email=d2VibWFzdGVyQGtlZXAtdHViZS5jb20= - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-20 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-20 865824]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-27 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-11-11 72216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-2-21 363344]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-3-27 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-27 243232]
R2 vpnclient;PacketiX VPN Client;C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-5-15 4601344]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-27 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-20 158848]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-20 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-21 24152]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0094.sys [2011-2-16 29808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-22 1153368]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-2 40448]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-4-20 335400]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-20 39464]
S3 CEDRIVER55;CEDRIVER55;C:\Program Files (x86)\Cheat Engine\dbk64.sys [2011-1-9 39424]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]
S3 JRSKD24;JRSKD24;C:\Windows\System32\JRSKD24.SYS [2010-12-26 14056]
S3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2010-12-26 141848]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 TesSafe;TesSafe;C:\Windows\System32\TesSafe.sys [2011-2-15 163920]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows †¢Óü¼Ðg·þ„Õ;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-29 1255736]
=============== Created Last 30 ================
2011-02-22 12:13:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-02-22 12:13:27 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-02-21 21:26:12 -------- d-----w- C:\CFLog
2011-02-21 20:17:39 -------- d-----w- C:\Windows\SysWow64\Temp
2011-02-21 10:43:46 -------- d-----w- C:\Users\Acer\AppData\Roaming\Malwarebytes
2011-02-21 10:43:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-21 10:43:40 -------- d--h--w- C:\PROGRA~3\Malwarebytes
2011-02-21 10:43:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-21 10:43:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-21 10:21:38 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-21 10:09:54 98816 ----a-w- C:\Windows\sed.exe
2011-02-21 10:09:54 89088 ----a-w- C:\Windows\MBR.exe
2011-02-21 10:09:54 256512 ----a-w- C:\Windows\PEV.exe
2011-02-21 10:09:54 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-19 19:52:52 25600 ----a-w- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
2011-02-19 19:52:52 -------- d-----w- C:\Users\Acer\AppData\Roaming\updates
2011-02-19 19:52:39 76288 --sha-r- C:\Windows\SysWow64\licmgr10J.dll
2011-02-18 16:14:43 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{220D1479-958B-45A2-AAEE-170331E86521}\mpengine.dll
2011-02-15 16:01:04 29808 ----a-w- C:\Windows\System32\drivers\Neo_0094.sys
2011-02-15 15:59:38 97280 ----a-w- C:\Windows\System32\vpncmd.exe
2011-02-15 15:59:23 -------- d-----w- C:\Program Files\PacketiX VPN Client 64-bit Edition English
2011-02-15 14:30:05 163920 ----a-w- C:\Windows\System32\TesSafe.sys
2011-02-15 14:19:49 -------- d-----w- C:\Program Files\ÌÚѶÓÎÏ·
2011-02-15 13:40:23 -------- d--h--w- C:\PROGRA~3\Tencent
2011-02-15 13:40:23 -------- d-----w- C:\Users\Acer\AppData\Roaming\Tencent
2011-02-15 13:40:18 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent
2011-02-10 13:30:50 -------- d-----w- C:\Users\Acer\AppData\Roaming\Total Immersion
2011-02-10 13:30:42 -------- d-----w- C:\Program Files (x86)\Total Immersion
2011-02-07 15:01:18 -------- d-----w- C:\Users\Acer\AppData\Local\FontCreator
2011-02-07 15:01:16 616600 ----a-w- C:\Windows\SysWow64\FontInstaller.dll
2011-02-04 03:43:00 -------- d-----w- C:\Users\Acer\AppData\Local\Humanbalance
2011-02-04 03:42:58 -------- d-----w- C:\Program Files (x86)\GraphicsGale
2011-02-03 18:10:22 -------- d-----w- C:\Users\Acer\AppData\Roaming\NNDD.F724EC019EC1F2A8EB0876D4F61C828E68A6A369.1
2011-02-03 18:10:18 -------- d-----w- C:\Program Files (x86)\NNDD
2011-02-02 16:52:30 -------- d--h--w- C:\PROGRA~3\NexonTW
2011-02-02 16:51:45 -------- d-----w- C:\Users\Acer\AppData\Local\CSO
2011-02-01 20:33:36 -------- d--h--w- C:\PROGRA~3\Nexon
2011-01-30 06:57:00 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-27 16:12:27 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec
2011-01-27 16:12:26 -------- d-----w- C:\Program Files (x86)\SourceTec
2011-01-27 15:13:32 -------- d-----w- C:\Program Files (x86)\Lost Sector Online
==================== Find3M ====================
2011-02-22 06:03:32 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-02-22 06:03:30 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-02-21 14:44:19 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-02-21 14:44:09 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-02-16 17:38:30 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2011-02-16 17:38:24 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-14 17:43:53 17640 ----a-w- C:\Windows\System32\JRSUKD25.SYS
2011-01-14 17:43:53 141848 ----a-w- C:\Windows\System32\kcrtx64.sys
2011-01-14 17:43:53 14056 ----a-w- C:\Windows\System32\JRSKD24.SYS
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-01-01 06:19:10 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-12-25 21:21:57 470024 ----a-w- C:\Windows\SysWow64\CKSetup64.exe
2010-12-25 21:21:57 124424 ----a-r- C:\Windows\SysWow64\CKAgent.exe
2010-12-25 21:21:57 124424 ----a-r- C:\Windows\System32\CKAgent.exe
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-08 15:57:03 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2010-12-08 05:12:28 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-12-08 05:12:16 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-12-08 05:12:16 33152 ----a-w- C:\Windows\System32\LMIport.dll
============= FINISH: 20:44:06.14 ===============
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
Torrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go and uninstall the programs listed above (in red).
Also, it seems you've run ComboFix by yourself which is not recommended action (Please do NOT run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806)).
Post contents of c:\ComboFix.txt file (don't rerun ComboFix). Post fresh dds logs too.
jch02140
2011-03-04, 15:19
Combofix log (the time I ran it)
ComboFix 11-02-28.01 - Acer 03/2011 週二 3:29.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.3076.18.1781.937 [GMT 8:00]
执行位置: c:\users\Acer\Desktop\Combo-Fix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\CFLog
c:\windows\SysWow64\Temp
c:\windows\TEMP\VPN_F6B1\B7091C83.dll
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TESSAFE
-------\Service_TesSafe
((((((((((((((((((((((((( 2011-01-28 至 2011-02-28 的新的档案 )))))))))))))))))))))))))))))))
.
2011-02-28 19:36 . 2011-02-28 19:36 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-02-28 19:36 . 2011-02-28 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-28 14:45 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-28 14:45 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-26 21:21 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-26 21:21 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-26 21:21 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-26 21:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 12:13 . 2011-02-22 12:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-22 12:13 . 2011-02-22 12:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-02-21 10:43 . 2011-02-21 10:43 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes
2011-02-21 10:43 . 2010-12-20 10:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-21 10:43 . 2011-02-21 10:43 -------- d--h--w- c:\programdata\Malwarebytes
2011-02-21 10:43 . 2011-02-21 10:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-21 10:43 . 2010-12-20 10:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-19 19:52 . 2011-02-21 10:19 -------- d-----w- c:\users\Acer\AppData\Roaming\updates
2011-02-19 19:52 . 2011-02-19 19:52 76288 --sha-r- c:\windows\SysWow64\licmgr10J.dll
2011-02-18 16:14 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{220D1479-958B-45A2-AAEE-170331E86521}\mpengine.dll
2011-02-15 16:01 . 2011-02-15 16:01 29808 ----a-w- c:\windows\system32\drivers\Neo_0094.sys
2011-02-15 15:59 . 2011-02-15 15:59 97280 ----a-w- c:\windows\system32\vpncmd.exe
2011-02-15 15:59 . 2011-02-28 19:38 -------- d-----w- c:\program files\PacketiX VPN Client 64-bit Edition English
2011-02-15 14:30 . 2011-02-22 13:19 163920 ----a-w- c:\windows\system32\TesSafe.sys
2011-02-15 14:19 . 2011-02-15 14:19 -------- d-----w- c:\program files\腾讯游戏
2011-02-15 13:40 . 2011-02-15 13:40 -------- d--h--w- c:\programdata\Tencent
2011-02-15 13:40 . 2011-02-15 13:40 -------- d-----w- c:\users\Acer\AppData\Roaming\Tencent
2011-02-15 13:40 . 2011-02-15 13:40 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2011-02-10 13:30 . 2011-02-10 13:30 -------- d-----w- c:\users\Acer\AppData\Roaming\Total Immersion
2011-02-10 13:30 . 2011-02-10 13:30 -------- d-----w- c:\program files (x86)\Total Immersion
2011-02-07 15:01 . 2011-02-07 15:16 -------- d-----w- c:\users\Acer\AppData\Local\FontCreator
2011-02-07 15:01 . 2009-06-16 16:02 616600 ----a-w- c:\windows\SysWow64\FontInstaller.dll
2011-02-04 03:43 . 2011-02-04 03:43 -------- d-----w- c:\users\Acer\AppData\Local\Humanbalance
2011-02-04 03:42 . 2011-02-04 03:42 -------- d-----w- c:\program files (x86)\GraphicsGale
2011-02-03 18:10 . 2011-02-03 18:10 -------- d-----w- c:\users\Acer\AppData\Roaming\NNDD.F724EC019EC1F2A8EB0876D4F61C828E68A6A369.1
2011-02-03 18:10 . 2011-02-03 18:10 -------- d-----w- c:\program files (x86)\NNDD
2011-02-02 16:51 . 2011-02-21 20:07 -------- d-----w- c:\users\Acer\AppData\Local\CSO
2011-02-01 20:33 . 2011-02-01 20:33 -------- d--h--w- c:\programdata\Nexon
2011-01-30 06:57 . 2011-01-30 06:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 19:38 . 2010-03-17 12:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-02-28 19:38 . 2010-03-21 23:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-02-28 14:57 . 2010-03-17 12:57 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-02-28 14:57 . 2010-03-17 12:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-02-16 17:38 . 2010-03-21 23:57 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2011-02-16 17:38 . 2010-03-21 23:58 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2011-01-14 17:43 . 2010-12-25 21:21 17640 ----a-w- c:\windows\system32\JRSUKD25.SYS
2011-01-14 17:43 . 2010-12-25 21:21 141848 ----a-w- c:\windows\system32\kcrtx64.sys
2011-01-14 17:43 . 2010-12-25 21:21 14056 ----a-w- c:\windows\system32\JRSKD24.SYS
2011-01-13 14:39 . 2009-08-18 04:49 564632 ---ha-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-13 14:39 . 2009-08-18 03:24 17816 ---ha-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-02 21:46 . 2011-01-02 21:46 634880 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\LineageII.exe1_9216E17DFBFB417BB1B660FE41688EF3.exe
2011-01-02 21:46 . 2011-01-02 21:46 634880 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\LineageII.exe_9216E17DFBFB417BB1B660FE41688EF3.exe
2011-01-02 21:46 . 2011-01-02 21:46 45056 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\ARPPRODUCTICON.exe
2011-01-01 06:19 . 2011-01-01 06:19 521448 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-25 21:21 . 2010-12-25 21:21 124424 ----a-r- c:\windows\SysWow64\CKAgent.exe
2010-12-25 21:21 . 2010-12-25 21:21 124424 ----a-r- c:\windows\system32\CKAgent.exe
2010-12-25 21:21 . 2010-09-30 14:08 470024 ----a-w- c:\windows\SysWow64\CKSetup64.exe
2010-12-08 15:57 . 2010-11-10 19:30 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-12-08 05:12 . 2010-11-10 19:30 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 05:12 . 2010-11-10 19:30 33152 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 05:12 . 2010-11-10 19:30 80768 ----a-w- c:\windows\system32\LMIinit.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-02-21_10.21.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-02-28 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-13 02:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-13 02:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-28 19:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-13 02:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-28 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-26 16:45 . 2011-02-28 19:19 58584 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-28 19:19 35028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-12 11:23 . 2011-02-28 19:19 13488 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3708158517-3727541704-1879287214-1000_UserData.bin
- 2010-04-20 08:19 . 2011-02-21 10:14 99334 c:\windows\system32\prfc0404.dat
+ 2010-04-20 08:19 . 2011-02-28 14:44 99334 c:\windows\system32\prfc0404.dat
+ 2011-02-22 01:53 . 2011-02-22 13:00 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-22 01:53 . 2011-02-19 21:17 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-08-12 11:17 . 2011-02-28 15:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 11:17 . 2011-02-21 09:59 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-12 11:17 . 2011-02-28 15:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-12 11:17 . 2011-02-21 09:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-28 15:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-21 09:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-13 13:51 . 2011-02-19 09:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-13 13:51 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-02-28 17:28 80736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-08-13 13:51 . 2011-02-19 09:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-13 13:51 . 2011-02-28 19:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-13 13:51 . 2011-02-19 09:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-13 13:51 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-12 11:23 . 2011-02-19 19:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-12 11:23 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-12 11:23 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-12 11:23 . 2011-02-19 19:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-28 19:38 . 2011-02-28 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-21 10:21 . 2011-02-21 10:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-21 10:21 . 2011-02-21 10:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-28 19:38 . 2011-02-28 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-28 19:38 . 2011-02-28 19:38 167424 c:\windows\temp\VPN_4657\0FC343C0.dll
+ 2010-04-20 08:19 . 2011-02-28 14:44 377870 c:\windows\system32\prfh0404.dat
- 2010-04-20 08:19 . 2011-02-21 10:14 377870 c:\windows\system32\prfh0404.dat
- 2009-07-14 02:36 . 2011-02-21 10:14 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-02-28 14:44 616008 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-02-21 10:14 106388 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-02-28 14:44 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-02-19 01:27 304324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-02-28 19:37 304324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-20 01:41 . 2011-01-16 21:39 305092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708158517-3727541704-1879287214-1000-8192.dat
+ 2010-10-20 01:41 . 2011-02-21 16:50 305092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708158517-3727541704-1879287214-1000-8192.dat
+ 2011-02-28 19:38 . 2011-02-28 19:38 2240512 c:\windows\temp\VPN_4657\B7091C83.dll
+ 2011-02-28 19:38 . 2011-02-28 19:38 1185302 c:\windows\temp\.unicode_cache_6da894d0.dat
- 2009-07-14 04:45 . 2011-02-10 11:11 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-02-28 17:18 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-08-28 17:48 . 2011-02-19 01:28 1538904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-28 17:48 . 2011-02-21 12:46 1538904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2011-02-22 01:48 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-02-28 19:28 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- 快照技术重新设置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-26 1289296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
PacketiX VPN Client Task Tray.lnk - c:\program files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe [2008-5-15 4793856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [2010-08-05 39424]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\PLAYNC\AION永恆紀元\bin32\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-01-14 14056]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2011-01-14 141848]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-05 50432]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-28 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-05 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-05-15 4601344]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0094.sys [2011-02-15 29808]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combo-fix\CF10803.cfxxe" [X]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-12 410136]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
.
------- 而外的扫描 -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: 上传到淘江湖相册 - c:\program files (x86)\AliWangWang\AddToAlbum.htm
IE: 分享到淘江湖 - c:\program files (x86)\AliWangWang\ShareToTJH.htm
IE: 添加为阿里旺旺表情 - c:\program files (x86)\AliWangWang\AddNewEmotion.htm
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: archlord.com
Trusted Zone: hangame.com
Trusted Zone: naver.com\archlord
Trusted Zone: taobao.com
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab
DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab
DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\
FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{803EDEE9-73BB-EC99-C0CE-A6529E202957}*]
"nagnbgghobgcmgkhflajelppbmhj"=hex:6b,61,6a,69,61,61,67,61,67,63,6b,6c,6c,6b,
66,6d,66,66,62,6f,68,6d,00,00
"gbipjihginpgipicblgbffkcfainecfegfcdbmdolgjoag"=hex:64,61,6a,70,6e,6e,67,6f,
00,00
"bbonpemcklneplmlkhngnkmgilgnjdeickgg"=hex:68,62,61,6d,64,6d,6d,6b,6a,65,61,61,
63,67,6b,65,6d,70,70,6d,6c,6b,64,62,65,6d,65,68,63,6e,6a,6f,6f,6b,70,6d,6b,\
"oaamhkdhmdfpfgmghinbhkophdljao"=hex:6b,61,6a,69,61,61,67,61,67,63,6b,6c,6c,6b,
66,6d,66,66,62,6f,68,6d,00,00
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,84,cb,ac,a0,b3,4d,4c,b7,0b,96,14,03,b6,bc,16,af,36,eb,8a,cc,
bb,6e,1a,cc,12,63,50,93,7c,58,76,bf,49,5c,84,13,75,32,41,7f,87,a5,51,82,76,\
"rkeysecu"=hex:96,01,4d,b0,df,be,91,b6,97,75,0b,ad,ca,d4,40,4f
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
完成时间: 2011-03-01 03:43:38 - 电脑已重新启动
ComboFix-quarantined-files.txt 2011-02-28 19:43
ComboFix2.txt 2011-02-21 10:26
Pre-Run: 50,767,613,952 bytes free
Post-Run: 50,771,341,312 bytes free
- - End Of File - - 7F470BF02A09547985F76B31D06A7623
DDS log
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Acer at 22:07:10.67 on 04/03/2011 週五
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.3076.18.1781.1016 [GMT 8:00]
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Acer\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PACKET~1.LNK - C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: 上传到淘江湖相册 - C:\Program Files (x86)\AliWangWang\AddToAlbum.htm
IE: 分享到淘江湖 - C:\Program Files (x86)\AliWangWang\ShareToTJH.htm
IE: 添加为阿里旺旺表情 - C:\Program Files (x86)\AliWangWang\AddNewEmotion.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: archlord.com
Trusted Zone: hangame.com
Trusted Zone: naver.com\archlord
Trusted Zone: taobao.com
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab
DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab
DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\
FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npaliedit.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwangwang.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Acer\AppData\Local\Alibaba\AliSetup\0.1.0.51\npAliSetupOneClick.dll
FF - plugin: C:\Users\Acer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\system32\npKeyPro.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-20 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-20 865824]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-27 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-11-11 72216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-2-21 363344]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-3-27 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-27 243232]
R2 vpnclient;PacketiX VPN Client;C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-5-15 4601344]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-27 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-20 158848]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-20 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-21 24152]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0094.sys [2011-2-16 29808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-22 1153368]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-2 40448]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-4-20 335400]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-20 39464]
S3 CEDRIVER55;CEDRIVER55;C:\Program Files (x86)\Cheat Engine\dbk64.sys [2011-1-9 39424]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]
S3 JRSKD24;JRSKD24;C:\Windows\System32\JRSKD24.SYS [2010-12-26 14056]
S3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2010-12-26 141848]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-29 1255736]
=============== Created Last 30 ================
2011-03-02 12:48:18 -------- d--h--w- C:\Windows\AxInstSV
2011-02-28 19:38:32 -------- d-----w- C:\$RECYCLE.BIN
2011-02-28 19:26:48 -------- d-----w- C:\Combo-Fix
2011-02-28 14:45:44 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-28 14:45:44 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-26 21:21:39 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-26 21:21:39 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-26 21:21:39 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-26 21:21:39 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 12:13:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-02-22 12:13:27 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-02-21 10:43:46 -------- d-----w- C:\Users\Acer\AppData\Roaming\Malwarebytes
2011-02-21 10:43:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-21 10:43:40 -------- d--h--w- C:\PROGRA~3\Malwarebytes
2011-02-21 10:43:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-21 10:43:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-21 10:09:54 98816 ----a-w- C:\Windows\sed.exe
2011-02-21 10:09:54 89088 ----a-w- C:\Windows\MBR.exe
2011-02-21 10:09:54 256512 ----a-w- C:\Windows\PEV.exe
2011-02-21 10:09:54 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-19 19:52:52 -------- d-----w- C:\Users\Acer\AppData\Roaming\updates
2011-02-19 19:52:39 76288 --sha-r- C:\Windows\SysWow64\licmgr10J.dll
2011-02-18 16:14:43 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{220D1479-958B-45A2-AAEE-170331E86521}\mpengine.dll
2011-02-15 16:01:04 29808 ----a-w- C:\Windows\System32\drivers\Neo_0094.sys
2011-02-15 15:59:38 97280 ----a-w- C:\Windows\System32\vpncmd.exe
2011-02-15 15:59:23 -------- d-----w- C:\Program Files\PacketiX VPN Client 64-bit Edition English
2011-02-15 14:30:05 163920 ----a-w- C:\Windows\System32\TesSafe.sys
2011-02-15 14:19:49 -------- d-----w- C:\Program Files\腾讯游戏
2011-02-15 13:40:23 -------- d--h--w- C:\PROGRA~3\Tencent
2011-02-15 13:40:23 -------- d-----w- C:\Users\Acer\AppData\Roaming\Tencent
2011-02-15 13:40:18 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent
2011-02-10 13:30:50 -------- d-----w- C:\Users\Acer\AppData\Roaming\Total Immersion
2011-02-10 13:30:42 -------- d-----w- C:\Program Files (x86)\Total Immersion
2011-02-07 15:01:18 -------- d-----w- C:\Users\Acer\AppData\Local\FontCreator
2011-02-07 15:01:16 616600 ----a-w- C:\Windows\SysWow64\FontInstaller.dll
2011-02-04 03:43:00 -------- d-----w- C:\Users\Acer\AppData\Local\Humanbalance
2011-02-04 03:42:58 -------- d-----w- C:\Program Files (x86)\GraphicsGale
2011-02-03 18:10:22 -------- d-----w- C:\Users\Acer\AppData\Roaming\NNDD.F724EC019EC1F2A8EB0876D4F61C828E68A6A369.1
2011-02-03 18:10:18 -------- d-----w- C:\Program Files (x86)\NNDD
2011-02-02 16:52:30 -------- d--h--w- C:\PROGRA~3\NexonTW
2011-02-02 16:51:45 -------- d-----w- C:\Users\Acer\AppData\Local\CSO
==================== Find3M ====================
2011-03-04 13:50:22 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-03-04 13:50:20 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-02-28 14:57:35 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-02-28 14:57:27 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-02-16 17:38:30 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2011-02-16 17:38:24 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-14 17:43:53 17640 ----a-w- C:\Windows\System32\JRSUKD25.SYS
2011-01-14 17:43:53 141848 ----a-w- C:\Windows\System32\kcrtx64.sys
2011-01-14 17:43:53 14056 ----a-w- C:\Windows\System32\JRSKD24.SYS
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-01-01 06:19:10 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-12-25 21:21:57 470024 ----a-w- C:\Windows\SysWow64\CKSetup64.exe
2010-12-25 21:21:57 124424 ----a-r- C:\Windows\SysWow64\CKAgent.exe
2010-12-25 21:21:57 124424 ----a-r- C:\Windows\System32\CKAgent.exe
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-08 15:57:03 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2010-12-08 05:12:28 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-12-08 05:12:16 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-12-08 05:12:16 33152 ----a-w- C:\Windows\System32\LMIport.dll
============= FINISH: 22:08:20.88 ===============
Hi,
Go to this website (http://www.bleepingcomputer.com/submit-malware.php?channel=76) and upload c:\windows\system32\kcrtx64.sys file. Kindly include a link to this topic in the message.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 24 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Post about current symptoms.
jch02140
2011-03-06, 08:34
The kcrtx64.sys file seems to have gone from the system even afterI choose to display hidden files and folders option.
Windows seems to goes back to normal but I cannot schedule chkdsk on boot, it just skipped while booting windows. Also, shortcuts from start menu and those in Administrative tools are gone too...
Hi,
Re-run ComboFix and let it update itself. Post back the log + fresh dds logs. Also, please attach a screenshot of situation with those shortcuts if possible.
jch02140
2011-03-07, 15:16
Here are the attached log files. For some reasons I noticed that each empty new line seems to have been appended with a '.' in both log....
As for the shortcuts, I managed to see them when I choose show all hidden files and folders... Somehow all the shortcuts have been changed to hidden from the properties option. I uncheck the option and all shortcuts are back to normal.
The only issue now is running chkdsk tool on bootup...
DDS log
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Acer at 21:34:12.55 on 07/03/2011 週一
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.3076.18.1781.635 [GMT 8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Acer\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PACKET~1.LNK - C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: 上传到淘江湖相册 - C:\Program Files (x86)\AliWangWang\AddToAlbum.htm
IE: 分享到淘江湖 - C:\Program Files (x86)\AliWangWang\ShareToTJH.htm
IE: 添加为阿里旺旺表情 - C:\Program Files (x86)\AliWangWang\AddNewEmotion.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: archlord.com
Trusted Zone: hangame.com
Trusted Zone: naver.com\archlord
Trusted Zone: taobao.com
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab
DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab
DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\
FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-20 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-20 865824]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-27 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-11-11 72216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-2-21 363344]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-3-27 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-27 243232]
R2 vpnclient;PacketiX VPN Client;C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-5-15 4601344]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-27 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-20 158848]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-20 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-21 24152]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0094.sys [2011-2-16 29808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-22 1153368]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-2 40448]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-4-20 335400]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-20 39464]
S3 CEDRIVER55;CEDRIVER55;C:\Program Files (x86)\Cheat Engine\dbk64.sys [2011-1-9 39424]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]
S3 JRSKD24;JRSKD24;C:\Windows\System32\JRSKD24.SYS [2010-12-26 14056]
S3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2010-12-26 141848]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-29 1255736]
.
=============== Created Last 30 ================
.
2011-03-02 12:48:18 -------- d--h--w- C:\Windows\AxInstSV
2011-02-28 19:26:48 -------- d-----w- C:\Combo-Fix
2011-02-28 14:45:44 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-28 14:45:44 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-26 21:21:39 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-26 21:21:39 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-26 21:21:39 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-26 21:21:39 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 12:13:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-02-22 12:13:27 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-02-21 10:43:46 -------- d-----w- C:\Users\Acer\AppData\Roaming\Malwarebytes
2011-02-21 10:43:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-21 10:43:40 -------- d--h--w- C:\PROGRA~3\Malwarebytes
2011-02-21 10:43:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-21 10:43:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-21 10:09:54 98816 ----a-w- C:\Windows\sed.exe
2011-02-21 10:09:54 89088 ----a-w- C:\Windows\MBR.exe
2011-02-21 10:09:54 256512 ----a-w- C:\Windows\PEV.exe
2011-02-21 10:09:54 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-19 19:52:52 -------- d-----w- C:\Users\Acer\AppData\Roaming\updates
2011-02-19 19:52:39 76288 --sha-r- C:\Windows\SysWow64\licmgr10J.dll
2011-02-18 16:14:43 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{220D1479-958B-45A2-AAEE-170331E86521}\mpengine.dll
2011-02-15 16:01:04 29808 ----a-w- C:\Windows\System32\drivers\Neo_0094.sys
2011-02-15 15:59:38 97280 ----a-w- C:\Windows\System32\vpncmd.exe
2011-02-15 15:59:23 -------- d-----w- C:\Program Files\PacketiX VPN Client 64-bit Edition English
2011-02-15 14:30:05 163920 ----a-w- C:\Windows\System32\TesSafe.sys
2011-02-15 14:19:49 -------- d-----w- C:\Program Files\腾讯游戏
2011-02-15 13:40:23 -------- d--h--w- C:\PROGRA~3\Tencent
2011-02-15 13:40:23 -------- d-----w- C:\Users\Acer\AppData\Roaming\Tencent
2011-02-15 13:40:18 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent
2011-02-10 13:30:50 -------- d-----w- C:\Users\Acer\AppData\Roaming\Total Immersion
2011-02-10 13:30:42 -------- d-----w- C:\Program Files (x86)\Total Immersion
2011-02-07 15:01:18 -------- d-----w- C:\Users\Acer\AppData\Local\FontCreator
2011-02-07 15:01:16 616600 ----a-w- C:\Windows\SysWow64\FontInstaller.dll
.
==================== Find3M ====================
.
2011-03-07 13:15:30 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-03-07 13:15:28 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-02-28 14:57:35 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-02-28 14:57:27 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-02-16 17:38:30 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2011-02-16 17:38:24 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-14 17:43:53 17640 ----a-w- C:\Windows\System32\JRSUKD25.SYS
2011-01-14 17:43:53 141848 ----a-w- C:\Windows\System32\kcrtx64.sys
2011-01-14 17:43:53 14056 ----a-w- C:\Windows\System32\JRSKD24.SYS
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-01-01 06:19:10 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-12-25 21:21:57 470024 ----a-w- C:\Windows\SysWow64\CKSetup64.exe
2010-12-25 21:21:57 124424 ----a-r- C:\Windows\SysWow64\CKAgent.exe
2010-12-25 21:21:57 124424 ----a-r- C:\Windows\System32\CKAgent.exe
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-08 15:57:03 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2010-12-08 05:12:28 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-12-08 05:12:16 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-12-08 05:12:16 33152 ----a-w- C:\Windows\System32\LMIport.dll
.
============= FINISH: 21:34:36.63 ===============
Combofix log
ComboFix 11-03-06.05 - Acer 03/2011 週一 21:22:31.3.4 - x64
Microsoft Windows 7 家用進階版 6.1.7600.0.936.86.3076.18.1781.710 [GMT 8:00]
执行位置: c:\users\Acer\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\VPN_3B4F\B7091C83.dll
.
.
((((((((((((((((((((((((( 2011-02-07 至 2011-03-07 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-03-07 13:30 . 2011-03-07 13:30 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-03-07 13:30 . 2011-03-07 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-02 12:48 . 2011-03-02 12:48 -------- d--h--w- c:\windows\AxInstSV
2011-02-28 19:26 . 2011-02-28 19:43 -------- d-----w- C:\Combo-Fix
2011-02-28 14:45 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-28 14:45 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-26 21:21 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-26 21:21 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-26 21:21 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-26 21:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 12:13 . 2011-02-22 12:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-22 12:13 . 2011-02-22 12:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-02-21 10:43 . 2011-02-21 10:43 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes
2011-02-21 10:43 . 2010-12-20 10:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-21 10:43 . 2011-02-21 10:43 -------- d--h--w- c:\programdata\Malwarebytes
2011-02-21 10:43 . 2011-02-21 10:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-21 10:43 . 2010-12-20 10:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-19 19:52 . 2011-02-21 10:19 -------- d-----w- c:\users\Acer\AppData\Roaming\updates
2011-02-19 19:52 . 2011-02-19 19:52 76288 --sha-r- c:\windows\SysWow64\licmgr10J.dll
2011-02-18 16:14 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{220D1479-958B-45A2-AAEE-170331E86521}\mpengine.dll
2011-02-15 16:01 . 2011-02-15 16:01 29808 ----a-w- c:\windows\system32\drivers\Neo_0094.sys
2011-02-15 15:59 . 2011-02-15 15:59 97280 ----a-w- c:\windows\system32\vpncmd.exe
2011-02-15 15:59 . 2011-03-07 13:16 -------- d-----w- c:\program files\PacketiX VPN Client 64-bit Edition English
2011-02-15 14:30 . 2011-02-22 13:19 163920 ----a-w- c:\windows\system32\TesSafe.sys
2011-02-15 14:19 . 2011-02-15 14:19 -------- d-----w- c:\program files\腾讯游戏
2011-02-15 13:40 . 2011-02-15 13:40 -------- d--h--w- c:\programdata\Tencent
2011-02-15 13:40 . 2011-02-15 13:40 -------- d-----w- c:\users\Acer\AppData\Roaming\Tencent
2011-02-15 13:40 . 2011-02-15 13:40 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2011-02-10 13:30 . 2011-02-10 13:30 -------- d-----w- c:\users\Acer\AppData\Roaming\Total Immersion
2011-02-10 13:30 . 2011-02-10 13:30 -------- d-----w- c:\program files (x86)\Total Immersion
2011-02-07 15:01 . 2011-02-07 15:16 -------- d-----w- c:\users\Acer\AppData\Local\FontCreator
2011-02-07 15:01 . 2009-06-16 16:02 616600 ----a-w- c:\windows\SysWow64\FontInstaller.dll
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 13:15 . 2010-03-17 12:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-03-07 13:15 . 2010-03-21 23:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-02-28 14:57 . 2010-03-17 12:57 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-02-28 14:57 . 2010-03-17 12:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-02-16 17:38 . 2010-03-21 23:57 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2011-02-16 17:38 . 2010-03-21 23:58 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2011-01-14 17:43 . 2010-12-25 21:21 17640 ----a-w- c:\windows\system32\JRSUKD25.SYS
2011-01-14 17:43 . 2010-12-25 21:21 141848 ----a-w- c:\windows\system32\kcrtx64.sys
2011-01-14 17:43 . 2010-12-25 21:21 14056 ----a-w- c:\windows\system32\JRSKD24.SYS
2011-01-13 14:39 . 2009-08-18 04:49 564632 ---ha-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-13 14:39 . 2009-08-18 03:24 17816 ---ha-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-02 21:46 . 2011-01-02 21:46 634880 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\LineageII.exe1_9216E17DFBFB417BB1B660FE41688EF3.exe
2011-01-02 21:46 . 2011-01-02 21:46 634880 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\LineageII.exe_9216E17DFBFB417BB1B660FE41688EF3.exe
2011-01-02 21:46 . 2011-01-02 21:46 45056 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\ARPPRODUCTICON.exe
2011-01-01 06:19 . 2011-01-01 06:19 521448 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-25 21:21 . 2010-12-25 21:21 124424 ----a-r- c:\windows\SysWow64\CKAgent.exe
2010-12-25 21:21 . 2010-12-25 21:21 124424 ----a-r- c:\windows\system32\CKAgent.exe
2010-12-25 21:21 . 2010-09-30 14:08 470024 ----a-w- c:\windows\SysWow64\CKSetup64.exe
2010-12-08 15:57 . 2010-11-10 19:30 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-12-08 05:12 . 2010-11-10 19:30 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 05:12 . 2010-11-10 19:30 33152 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 05:12 . 2010-11-10 19:30 80768 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-02-28_19.38.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-03-07 13:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-28 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-03-07 13:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-28 19:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-28 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-07 13:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-26 16:45 . 2011-03-07 13:17 58956 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-07 13:17 35028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-02-28 19:19 35028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-12 11:23 . 2011-03-07 13:17 13648 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3708158517-3727541704-1879287214-1000_UserData.bin
+ 2010-04-20 08:19 . 2011-03-06 13:57 99334 c:\windows\system32\prfc0404.dat
- 2010-04-20 08:19 . 2011-02-28 14:44 99334 c:\windows\system32\prfc0404.dat
+ 2010-08-12 11:17 . 2011-03-07 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 11:17 . 2011-02-28 15:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 11:17 . 2011-02-28 15:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-12 11:17 . 2011-03-07 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-28 15:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-07 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-13 13:51 . 2011-03-07 13:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-13 13:51 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-03-04 14:27 82688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-08-13 13:51 . 2011-03-07 13:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-13 13:51 . 2011-02-28 19:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-13 13:51 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-13 13:51 . 2011-03-07 13:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-12 11:23 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-12 11:23 . 2011-03-07 13:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-12 11:23 . 2011-03-07 13:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-12 11:23 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-28 19:38 . 2011-02-28 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-07 13:15 . 2011-03-07 13:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-28 19:38 . 2011-02-28 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-07 13:15 . 2011-03-07 13:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-30 16:37 . 2011-03-02 13:29 207122 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-04-20 08:19 . 2011-02-28 14:44 377870 c:\windows\system32\prfh0404.dat
+ 2010-04-20 08:19 . 2011-03-06 13:57 377870 c:\windows\system32\prfh0404.dat
- 2009-07-14 02:36 . 2011-02-28 14:44 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-06 13:57 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-06 13:57 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-28 14:44 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-02-28 19:37 304324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-03-06 13:58 304324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-02-28 19:28 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-03-07 13:28 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-26 1289296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
PacketiX VPN Client Task Tray.lnk - c:\program files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe [2008-5-15 4793856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [2010-08-05 39424]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\PLAYNC\AION永恆紀元\bin32\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-01-14 14056]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2011-01-14 141848]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-05 50432]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-28 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-05 144640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-05-15 4601344]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0094.sys [2011-02-15 29808]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-12 410136]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
.
------- 而外的扫描 -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: 上传到淘江湖相册 - c:\program files (x86)\AliWangWang\AddToAlbum.htm
IE: 分享到淘江湖 - c:\program files (x86)\AliWangWang\ShareToTJH.htm
IE: 添加为阿里旺旺表情 - c:\program files (x86)\AliWangWang\AddNewEmotion.htm
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: archlord.com
Trusted Zone: hangame.com
Trusted Zone: naver.com\archlord
Trusted Zone: taobao.com
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab
DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab
DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\
FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{803EDEE9-73BB-EC99-C0CE-A6529E202957}*]
"nagnbgghobgcmgkhflajelppbmhj"=hex:6b,61,6a,69,61,61,67,61,67,63,6b,6c,6c,6b,
66,6d,66,66,62,6f,68,6d,00,00
"gbipjihginpgipicblgbffkcfainecfegfcdbmdolgjoag"=hex:64,61,6a,70,6e,6e,67,6f,
00,00
"bbonpemcklneplmlkhngnkmgilgnjdeickgg"=hex:68,62,61,6d,64,6d,6d,6b,6a,65,61,61,
63,67,6b,65,6d,70,70,6d,6c,6b,64,62,65,6d,65,68,63,6e,6a,6f,6f,6b,70,6d,6b,\
"oaamhkdhmdfpfgmghinbhkophdljao"=hex:6b,61,6a,69,61,61,67,61,67,63,6b,6c,6c,6b,
66,6d,66,66,62,6f,68,6d,00,00
.
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,84,cb,ac,a0,b3,4d,4c,b7,0b,96,14,03,b6,bc,16,af,36,eb,8a,cc,
bb,6e,1a,cc,12,63,50,93,7c,58,76,bf,49,5c,84,13,75,32,41,7f,87,a5,51,82,76,\
"rkeysecu"=hex:96,01,4d,b0,df,be,91,b6,97,75,0b,ad,ca,d4,40,4f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2011-03-07 21:32:39
ComboFix-quarantined-files.txt 2011-03-07 13:32
ComboFix2.txt 2011-02-28 19:43
ComboFix3.txt 2011-02-21 10:26
.
Pre-Run: 50,369,081,344 bytes free
Post-Run: 50,194,755,584 bytes free
.
- - End Of File - - 498DC0A259508D8C5A295A6E067B9252
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
http://forums.spybot.info/showthread.php?p=397372#post397372
Suspect::[76]
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
C:\Windows\SysWow64\licmgr10J.dll
C:\Windows\System32\kcrtx64.sys
C:\Windows\SysNative\kcrtx64.sys
DirLook::
C:\Users\Acer\AppData\Roaming\updates
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Regnull::
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{803EDEE9-73BB-EC99-C0CE-A6529E202957}*]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. Update Java as instructed earlier.
jch02140
2011-03-07, 21:13
Here is the log from ComboFix.
==============================================
ComboFix 11-03-06.05 - Acer 03/2011 週二 3:39.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.3076.18.1781.931 [GMT 8:00]
执行位置: c:\users\Acer\Desktop\ComboFix.exe
Command switches used :: c:\users\Acer\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\Acer\AppData\Local\Temp\VPN_98B7\B7091C83.dll
c:\windows\TEMP\VPN_EDEA\B7091C83.dll
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Legacy_TESSAFE
-------\Service_TesSafe
.
.
((((((((((((((((((((((((( 2011-02-07 至 2011-03-07 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-03-07 19:47 . 2011-03-07 19:47 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-03-07 19:47 . 2011-03-07 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-07 16:21 . 2011-03-07 19:10 -------- d-----w- C:\Download
2011-03-07 13:44 . 2011-03-07 13:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-02 12:48 . 2011-03-02 12:48 -------- d--h--w- c:\windows\AxInstSV
2011-02-28 19:26 . 2011-02-28 19:43 -------- d-----w- C:\Combo-Fix
2011-02-28 14:45 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-28 14:45 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-26 21:21 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-26 21:21 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-26 21:21 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-26 21:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 12:13 . 2011-02-22 12:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-22 12:13 . 2011-02-22 12:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-02-21 10:43 . 2011-02-21 10:43 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes
2011-02-21 10:43 . 2010-12-20 10:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-21 10:43 . 2011-02-21 10:43 -------- d-----w- c:\programdata\Malwarebytes
2011-02-21 10:43 . 2011-02-21 10:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-21 10:43 . 2010-12-20 10:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-19 19:52 . 2011-02-21 10:19 -------- d-----w- c:\users\Acer\AppData\Roaming\updates
2011-02-19 19:52 . 2011-02-19 19:52 76288 ------w- c:\windows\SysWow64\licmgr10J.dll
2011-02-18 16:14 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{220D1479-958B-45A2-AAEE-170331E86521}\mpengine.dll
2011-02-15 16:01 . 2011-02-15 16:01 29808 ----a-w- c:\windows\system32\drivers\Neo_0094.sys
2011-02-15 15:59 . 2011-02-15 15:59 97280 ----a-w- c:\windows\system32\vpncmd.exe
2011-02-15 15:59 . 2011-03-07 19:50 -------- d-----w- c:\program files\PacketiX VPN Client 64-bit Edition English
2011-02-15 14:30 . 2011-03-07 19:04 163920 ----a-w- c:\windows\system32\TesSafe.sys
2011-02-15 14:19 . 2011-02-15 14:19 -------- d-----w- c:\program files\腾讯游戏
2011-02-15 13:40 . 2011-02-15 13:40 -------- d-----w- c:\users\Acer\AppData\Roaming\Tencent
2011-02-15 13:40 . 2011-02-15 13:40 -------- d-----w- c:\programdata\Tencent
2011-02-15 13:40 . 2011-02-15 13:40 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2011-02-10 13:30 . 2011-02-10 13:30 -------- d-----w- c:\users\Acer\AppData\Roaming\Total Immersion
2011-02-10 13:30 . 2011-02-10 13:30 -------- d-----w- c:\program files (x86)\Total Immersion
2011-02-07 15:01 . 2011-02-07 15:16 -------- d-----w- c:\users\Acer\AppData\Local\FontCreator
2011-02-07 15:01 . 2009-06-16 16:02 616600 ----a-w- c:\windows\SysWow64\FontInstaller.dll
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 19:49 . 2010-03-17 12:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-03-07 19:49 . 2010-03-21 23:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-02-28 14:57 . 2010-03-17 12:57 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-02-28 14:57 . 2010-03-17 12:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-02-16 17:38 . 2010-03-21 23:57 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2011-02-16 17:38 . 2010-03-21 23:58 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2011-02-02 13:40 . 2010-08-13 13:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-14 17:43 . 2010-12-25 21:21 17640 ----a-w- c:\windows\system32\JRSUKD25.SYS
2011-01-14 17:43 . 2010-12-25 21:21 141848 ----a-w- c:\windows\system32\kcrtx64.sys
2011-01-14 17:43 . 2010-12-25 21:21 14056 ----a-w- c:\windows\system32\JRSKD24.SYS
2011-01-13 14:39 . 2009-08-18 04:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-13 14:39 . 2009-08-18 03:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-02 21:46 . 2011-01-02 21:46 634880 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\LineageII.exe1_9216E17DFBFB417BB1B660FE41688EF3.exe
2011-01-02 21:46 . 2011-01-02 21:46 634880 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\LineageII.exe_9216E17DFBFB417BB1B660FE41688EF3.exe
2011-01-02 21:46 . 2011-01-02 21:46 45056 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\ARPPRODUCTICON.exe
2011-01-01 06:19 . 2011-01-01 06:19 521448 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-25 21:21 . 2010-12-25 21:21 124424 ----a-r- c:\windows\SysWow64\CKAgent.exe
2010-12-25 21:21 . 2010-12-25 21:21 124424 ----a-r- c:\windows\system32\CKAgent.exe
2010-12-25 21:21 . 2010-09-30 14:08 470024 ----a-w- c:\windows\SysWow64\CKSetup64.exe
2010-12-08 15:57 . 2010-11-10 19:30 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-12-08 05:12 . 2010-11-10 19:30 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 05:12 . 2010-11-10 19:30 33152 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 05:12 . 2010-11-10 19:30 80768 ----a-w- c:\windows\system32\LMIinit.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Acer\AppData\Roaming\updates ----
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-02-28_19.38.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-02-28 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-03-07 19:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-28 19:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-07 19:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-28 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-07 19:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-26 16:45 . 2011-03-07 14:12 59196 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-07 14:12 35028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-02-28 19:19 35028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-12 11:23 . 2011-03-07 14:12 13664 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3708158517-3727541704-1879287214-1000_UserData.bin
- 2010-04-20 08:19 . 2011-02-28 14:44 99334 c:\windows\system32\prfc0404.dat
+ 2010-04-20 08:19 . 2011-03-06 13:57 99334 c:\windows\system32\prfc0404.dat
+ 2010-08-12 11:17 . 2011-03-07 14:10 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 11:17 . 2011-02-28 15:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-12 11:17 . 2011-03-07 14:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-12 11:17 . 2011-02-28 15:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-07 14:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-28 15:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-13 13:51 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-13 13:51 . 2011-03-07 14:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-03-07 17:38 82688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-08-13 13:51 . 2011-03-07 14:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-13 13:51 . 2011-02-28 19:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-13 13:51 . 2011-03-07 14:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-13 13:51 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-12 11:23 . 2011-03-07 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 11:23 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 11:23 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-12 11:23 . 2011-03-07 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-28 19:38 . 2011-02-28 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-07 19:49 . 2011-03-07 19:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-28 19:38 . 2011-02-28 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-07 19:49 . 2011-03-07 19:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-07 19:49 . 2011-03-07 19:49 167424 c:\windows\temp\VPN_E51F\0FC343C0.dll
- 2010-12-28 13:39 . 2010-11-12 10:53 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-03-07 13:40 . 2011-02-02 13:40 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-03-07 13:40 . 2011-02-02 13:40 145184 c:\windows\SysWOW64\javaw.exe
- 2010-12-28 13:39 . 2010-11-12 10:53 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-03-07 13:40 . 2011-02-02 13:40 145184 c:\windows\SysWOW64\java.exe
- 2010-12-28 13:39 . 2010-11-12 10:53 145184 c:\windows\SysWOW64\java.exe
+ 2010-08-30 16:37 . 2011-03-02 13:29 207122 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-04-20 08:19 . 2011-03-06 13:57 377870 c:\windows\system32\prfh0404.dat
- 2010-04-20 08:19 . 2011-02-28 14:44 377870 c:\windows\system32\prfh0404.dat
- 2009-07-14 02:36 . 2011-02-28 14:44 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-06 13:57 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-06 13:57 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-28 14:44 106388 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-03-07 19:48 304324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-02-28 19:37 304324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-07 13:44 . 2011-03-07 13:44 183808 c:\windows\Installer\169a64.msi
+ 2011-03-07 19:49 . 2011-03-07 19:49 2240512 c:\windows\temp\VPN_E51F\B7091C83.dll
- 2011-02-28 19:38 . 2011-02-28 19:38 1185302 c:\windows\temp\.unicode_cache_6da894d0.dat
+ 2011-03-07 19:49 . 2011-03-07 19:49 1185302 c:\windows\temp\.unicode_cache_6da894d0.dat
- 2010-08-28 17:48 . 2011-02-21 12:46 1538904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-28 17:48 . 2011-03-07 19:49 1538904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2011-02-28 19:28 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-03-07 18:16 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- 快照技术重新设置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-26 1289296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
PacketiX VPN Client Task Tray.lnk - c:\program files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe [2008-5-15 4793856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [2010-08-05 39424]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\English\GenesisAD\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-01-14 14056]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2011-01-14 141848]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-05 50432]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-28 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-05 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-05-15 4601344]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0094.sys [2011-02-15 29808]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF21881.cfxxe" [X]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-12 410136]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
.
------- 而外的扫描 -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: 上传到淘江湖相册 - c:\program files (x86)\AliWangWang\AddToAlbum.htm
IE: 分享到淘江湖 - c:\program files (x86)\AliWangWang\ShareToTJH.htm
IE: 添加为阿里旺旺表情 - c:\program files (x86)\AliWangWang\AddNewEmotion.htm
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: archlord.com
Trusted Zone: hangame.com
Trusted Zone: naver.com\archlord
Trusted Zone: taobao.com
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab
DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab
DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\
FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,84,cb,ac,a0,b3,4d,4c,b7,0b,96,14,03,b6,bc,16,af,36,eb,8a,cc,
bb,6e,1a,cc,12,63,50,93,7c,58,76,bf,49,5c,84,13,75,32,41,7f,87,a5,51,82,76,\
"rkeysecu"=hex:96,01,4d,b0,df,be,91,b6,97,75,0b,ad,ca,d4,40,4f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
完成时间: 2011-03-08 03:56:18 - 电脑已重新启动
ComboFix-quarantined-files.txt 2011-03-07 19:56
ComboFix2.txt 2011-03-07 13:32
ComboFix3.txt 2011-02-28 19:43
ComboFix4.txt 2011-02-21 10:26
.
Pre-Run: 48,346,664,960 bytes free
Post-Run: 48,292,143,104 bytes free
.
- - End Of File - - 06C31C7C7859C2B03439C2A42E819FF2
成功上载文件
==================================================
Hi,
Those look ok. Let's uninstall ComboFix and then you may try to install Windows 7 service pack 1 to possibly fix the remaining issue.
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
jch02140
2011-03-08, 12:10
I updated the Windows 7 to SP1. but still unable to run chkdsk tool on start up. Also, the taskbar has a noticification saying my Microsoft Security Essential is turned off. However, when I tried to turn it on, it says unable to turn on.
Reinstall Microsoft Security Essentials and see if it helps on issue. Do you recall if disk check at startup stopped working after some specific action taken?
jch02140
2011-03-08, 20:18
I removed and reinstalled Microsodt Security Essential but it doesn't solve the problem. When I try to execute it, the program just appear for a split second and then closed itself. Tried to turn it on via the system notification but receive error when turn on...
The problem seems to be after I removed the TDSS rootkit with TDSSKiller and the virus came with it Malwarebyte's Anti-Malware.
I am thinking it might have been corrupted system files. I tried sfc /scannow few minutes ago and it mentioned there are some files corrupted but unable to fix them...
Hi,
I'm sorry but at this point there's not much else we can try than reformat. We might had better success if you had posted here in first place before trying any fixes.
jch02140
2011-03-09, 11:09
Hi,
Would it be possible to do a repair install on top of the current Win7 SP1 by using the DVD ISO from the Microsoft Technet subscription below?
http://technet.microsoft.com/en-us/subscriptions/downloads/default.aspx
Yes, that should be possible.
jch02140
2011-03-11, 09:56
Doing a repair install does fix the chkdsk issue. I am able to turn on the security essential again. :D
System seems to be normal these few days. Thanks again for the help.
That's good news :) Any other issues left or shall we close & archive this?
jch02140
2011-03-12, 15:52
Is it recommended to install system tuning software in Windows 7? I have heard many saying Windows 7 doesn't need any tuning softwares but I am curious if there is one that is recommened...
Hi,
I recommend to not use any tuning software that modifies Windows registry. Hard drive defragging software is ok to use.
jch02140
2011-03-14, 13:18
Hi Blade81,
Thanks for your advice. This thread can be closed now.