xchclow

Thank you!! I think I've uninstalled combofix because I couldn't find it back anymore. My Malwarebytes' expired already (so I don't have real time protection now). Do I need to update Malwarebytes' manually EVERYDAY? And perform quick scan everyday too? It's not appear in my notifications bar anymore. Is Malwarebytes' still able to protect my computer?

Hi elise. I've uninstalled Java kit 6 (omg, I really have older version of Java in my computer)and replaced with Java kit 7 now. I already scanned my computer using ESET OnlineScan, but there's no threat found in my computer. Only FINISHED button left after scan completed. So, I can't List and threats, and can't found any Export button too.

Hello elise! My computer looks fine now! I can connect to all webpages and even play Facebook games already! No problem with any browsers. Thank you so much!!!

Hi. I reset my router by pressing the reset button already. But I still couldn't connect to Facebook..

Hi, now I couldnt connect Facebook, Twitter and Youtube by all browsers..

Hi again. I restart my computer, this is the changes: Google Chrome: Cannot open Facebook at first and then now can(even can run Facebook games now). yes Twitter, yes Youtube. IE: Cannot for all Facebook, Twitter and Youtube. Firefox: Yes Facebook, yes Twitter, no Youtube.

Dear elise, Hi. I am unable to connect facebook right now. IE stated that, Internet Explorer cannot display the webpage. (So do Firefox) At the same time, I using Google Chrome to connect Facebook, it works fine. (For your information, sometimes I could connect Facebook, while sometimes couldn't) Besides, I cannot play Facebook games too. (It cannot connect to that page once I click the game) Google Chrome: Can open Facebook, no Twitter, no Youtube. Internet Explorer: Twitter only, no Facebook, no Youtube. Firefox: Twitter only, no Facebook, no Youtube. (same as IE)

Oops, it goes to this again: Oops! Google Chrome could not find www.facebook.com Try reloading: www.­facebook.­com Additional suggestions: Access a cached copy of www.­facebook.­com Search on Google:

Hi again. I still cannot connect to certain webpage that I used to visit. By the way, the description of I couldnt connect to those webpage had changed. It changed to: DNS Lookup failed. (Previously I couldn't run DDS due to DNS too?) I am using Google Chrome: The server at www.facebook.com can't be found, because the DNS lookup failed. DNS is the web service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.

Hi. Here is the combofix log. ComboFix 11-08-21.01 - User 8/2011 Mon 9:09.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4519 [GMT 8:00] 執行位置: c:\users\User\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\favoritevideo\InvisibleFolder c:\favoritevideo\InvisibleFolder\20110819153240_jianerma110822zanting15s.swf.tpp c:\favoritevideo\InvisibleFolder\20110819161639_jianeng110822zhu15s.swf.tpp c:\favoritevideo\InvisibleFolder\20110819161910_jianeng110822zanting15s.swf.tpp c:\favoritevideo\InvisibleFolder\20110820105015_taobao110822zanting.swf.tpp c:\favoritevideo\InvisibleFolder\20110820105756_taobao110822qipao.swf.tpp c:\favoritevideo\InvisibleFolder\20110820110008_taobao110822cha15s.swf.tpp c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll . . ((((((((((((((((((((((((( 2011-07-22 至 2011-08-22 的新的檔案 ))))))))))))))))))))))))))))))) . . 2011-08-22 01:17 . 2011-08-22 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira 2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira 2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee 2011-08-13 16:32 . 2011-08-22 01:17 -------- d-----w- C:\FavoriteVideo 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\programdata\Jlcm 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\users\User\AppData\Roaming\PPLive 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\programdata\PPLive 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\PPLive 2011-08-12 13:17 . 2011-08-12 13:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG 2011-08-12 08:04 . 2011-08-12 08:04 -------- d--h--w- c:\programdata\Common Files 2011-08-12 08:03 . 2011-08-19 01:56 -------- d-----w- c:\programdata\AVG10 2011-08-12 08:03 . 2011-08-19 01:54 -------- d-----w- c:\windows\system32\drivers\AVG 2011-08-12 08:03 . 2011-08-19 01:52 -------- d-----w- c:\program files (x86)\AVG 2011-08-12 06:35 . 2011-08-19 01:55 -------- d-----w- c:\programdata\MFAData 2011-08-11 16:53 . 2011-08-11 16:53 -------- d-----w- c:\program files (x86)\Kingsoft 2011-08-11 16:52 . 2011-08-11 16:52 -------- d-----w- c:\program files (x86)\Common Files\Kingsoft 2011-08-11 16:52 . 2011-08-12 03:52 -------- d--h--w- c:\program files (x86)\Common Files\nsklog 2011-08-11 16:52 . 2011-08-11 16:54 -------- d-----w- c:\programdata\kingsoft 2011-08-11 16:33 . 2011-08-11 16:33 -------- d-----w- c:\programdata\youku 2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll 2011-08-11 10:55 . 2011-08-11 10:55 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-11 09:48 . 2011-08-11 09:48 -------- d-----w- C:\kleaner.tmp 2011-08-10 23:34 . 2011-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Local\Yahoo 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo! 2011-08-10 09:01 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 09:01 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2011-08-10 09:01 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 08:56 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-10 08:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-08-06 13:57 . 2011-08-06 13:57 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software 2011-08-06 13:56 . 2011-08-06 13:56 -------- d-----w- c:\programdata\Lavasoft 2011-08-06 05:02 . 2011-08-06 05:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-08-05 12:59 . 2011-08-07 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-08-05 12:32 . 2011-08-06 04:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-08-05 01:34 . 2011-08-05 01:34 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Pro 2011-08-02 07:11 . 2011-08-02 07:11 497080 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\mframe.dll 2011-08-02 07:11 . 2011-08-02 07:11 251400 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll 2011-08-02 07:11 . 2011-08-02 07:11 234944 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\ppp.dll 2011-08-02 07:11 . 2011-08-02 07:11 709992 ----a-w- c:\windows\SysWow64\kindling.dll 2011-07-25 15:27 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll 2011-07-23 18:42 . 2011-08-06 03:58 -------- d-----w- C:\GVODMedia 2011-07-23 18:41 . 2011-08-08 14:03 -------- d-----w- c:\program files (x86)\GVOD 2011-07-23 18:41 . 2011-07-25 01:59 -------- d-----w- c:\programdata\GVODPlayer . . . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-22 01:05 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-08-22 01:05 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys 2011-08-21 04:24 . 2011-06-05 01:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-12 04:10 . 2011-08-19 05:56 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04D59CD-0DB4-4619-ADCE-6809104FFDDC}\mpengine.dll 2011-08-06 04:59 . 2011-02-21 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-07-16 04:26 . 2011-08-10 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-08 01:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-07-08 01:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-07-06 11:52 . 2011-07-15 02:34 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy3576.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\system32\nsy3577.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy1E4D.tmp 2011-06-18 15:30 . 2011-06-18 15:30 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-11 03:07 . 2011-07-13 04:46 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-06-08 10:21 . 2011-07-20 11:23 157728 ----a-w- c:\windows\system32\ikutm.dll 2011-06-06 18:19 . 2011-06-06 18:19 224016 ----a-w- c:\windows\system32\TABCTL32.OCX 2011-06-06 07:22 . 2011-06-06 07:22 1741886 ----a-w- c:\windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe 2011-06-06 07:12 . 2011-06-06 07:12 1520566 ----a-w- c:\windows\Chicken Invaders 4 Uninstaller.exe 2011-05-24 11:42 . 2011-06-29 10:03 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 11:14 . 2011-02-21 02:09 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:40 . 2011-06-29 10:03 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 10:03 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 10:03 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 10:03 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-08-21_10.55.56 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-21 01:53 . 2011-08-22 01:06 65930 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-08-21 10:57 34362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-08-22 01:06 34362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-02-21 01:32 . 2011-08-22 01:06 14336 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1060712862-2128723342-4021548419-1000_UserData.bin + 2011-02-22 05:18 . 2011-08-22 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-22 05:18 . 2011-08-22 01:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-02-22 05:18 . 2011-08-21 10:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-02-22 05:18 . 2011-08-22 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-21 03:02 . 2011-08-22 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-02-21 03:02 . 2011-08-22 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-22 01:18 . 2011-08-22 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-21 10:54 . 2011-08-21 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-21 10:54 . 2011-08-21 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-22 01:18 . 2011-08-22 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-08-21 10:53 673788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-08-22 01:17 673788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-22 13:37 . 2011-08-21 16:47 4930120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-02-22 13:37 . 2011-08-07 09:35 4930120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}] c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll [bU] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B0E2F470-0B07-48f0-B3B1-5749505FAE9B}] c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-08-05 442232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216] "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856] "QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ SOGOUPY.IME . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-22 30528] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360] S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104] S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112] S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] DoctorService REG_MULTI_SZ XLDoctor Service . ‘計劃任務’ 文件夾 裡的內容 . 2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . 2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672] . ------- 而外的掃描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://www.155.com/?id=104295 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: facebook.com Trusted Zone: pps.tv Trusted Zone: ppstream.com Trusted Zone: webscache.com TCP: DhcpNameServer = 219.139.81.6 168.95.1.1 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*] "hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a, 6f,62,00,84 "gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d, 6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\ "iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69, 63,70,00,00 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ 其他運行進程 ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe . ************************************************************************** . 完成時間: 2011-08-22 09:24:59 - 電腦已重新啟動 ComboFix-quarantined-files.txt 2011-08-22 01:24 ComboFix2.txt 2011-08-21 11:01 . Pre-Run: 118,865,944,576 bytes free Post-Run: 118,772,756,480 bytes free . - - End Of File - - 5BCF388512EE2A652F50E50F300AB25E

No. I din do the system restore. Sorry for the inconvenience..

I am very sorry Elise! I think it is not caused by Combofix. I'm very sorry!

Thank you elize. Can you kindly tell me what to do next in order to remove the malware?

Hi. After run COMBOFIX, I noticed that my Photoshop needs serial number to run it. I think I maybe going to restore my computer to previous point because I need a lot of Adobe softwares. Can we have different solution to fix my computer problem (remove malwares)? I forgot my serial number already. I still have my AUTOCAD exactly....

Here is the C:\Combofix.txt Is it the same as i posted above? ComboFix 11-08-21.01 - User 8/2011 Sun 18:46:03.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4386 [GMT 8:00] 執行位置: c:\users\User\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功創造新還原點 . . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\favoritevideo\InvisibleFolder c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf c:\favoritevideo\InvisibleFolder\20110128170117_wopaiwang110128zanting15s.swf c:\favoritevideo\InvisibleFolder\20110128172504_panpan110201jiaobiao.swf c:\favoritevideo\InvisibleFolder\20110323093215_pptv110323zanting15s.jpg c:\favoritevideo\InvisibleFolder\20110628183241_ipad110628zhu15s.swf c:\favoritevideo\InvisibleFolder\20110628183325_ipad110628zanting15s.swf c:\favoritevideo\InvisibleFolder\20110701201118_haiyanggongyuan110704cha15s.swf c:\favoritevideo\InvisibleFolder\20110701201256_haiyanggongyuan110704zanting15s.swf c:\favoritevideo\InvisibleFolder\20110701201555_haiyanggongyuan110704jiao15s.swf c:\favoritevideo\InvisibleFolder\20110705150125_pinganchexian110705zhu15s.swf c:\favoritevideo\InvisibleFolder\20110708110551_alibaba110711zhu15s.swf c:\favoritevideo\InvisibleFolder\20110714133021_pinganchexian110714zanting15s.swf c:\favoritevideo\InvisibleFolder\20110715105349_shenghuojia110715zanting15s.swf c:\favoritevideo\InvisibleFolder\20110715105538_shenghuojia110715zhu15s.swf c:\favoritevideo\InvisibleFolder\20110718115546_xinhuanzhugege110718zhu15s.swf c:\favoritevideo\InvisibleFolder\20110721145327_hushubao110701zanting15s.jpg c:\favoritevideo\InvisibleFolder\20110721145938_hushubao110701cha15s.swf c:\favoritevideo\InvisibleFolder\20110722215436_dongpeng110723jiaobiao.swf c:\favoritevideo\InvisibleFolder\20110726144544_modengxinrenlei110726zanting.jpg c:\favoritevideo\InvisibleFolder\20110726144832_modengxinrenlei110726zhu15s.swf c:\favoritevideo\InvisibleFolder\20110726145145_modengxinrenlei110726cha15s.jpg c:\favoritevideo\InvisibleFolder\20110726145412_xinhuanzhugege110726cha15s.jpg c:\favoritevideo\InvisibleFolder\20110729164352_maibaobao110801cha15s.swf c:\favoritevideo\InvisibleFolder\20110801123635_guangqichuanqi110801zhu15s3.swf c:\favoritevideo\InvisibleFolder\20110801123818_guangqichuanqi110801zanting15s.swf c:\favoritevideo\InvisibleFolder\20110801124028_guangqichuanqi11081cha15s.swf c:\favoritevideo\InvisibleFolder\20110801185425_newbalance110801zhu15s.swf c:\favoritevideo\InvisibleFolder\20110803172239_xinshuihu110803zhu15s.jpg c:\favoritevideo\InvisibleFolder\20110803172440_xinshuihu110803zanting15s.jpg c:\favoritevideo\InvisibleFolder\20110803172633_xinshuihu110803cha15s.jpg c:\favoritevideo\InvisibleFolder\20110804143802_shasha110804zhu15s.swf c:\favoritevideo\InvisibleFolder\20110804143934_shasha110804cha15s.swf c:\favoritevideo\InvisibleFolder\20110804144043_shasha110804zanting.swf c:\favoritevideo\InvisibleFolder\20110805164138_shandongliantong110805zhu15s.swf c:\favoritevideo\InvisibleFolder\20110809092713_tianzi110809zanting.jpg c:\favoritevideo\InvisibleFolder\20110809192159_1haodian110810cha15s.swf c:\favoritevideo\InvisibleFolder\20110809192620_1haodian110810zanting.swf c:\favoritevideo\InvisibleFolder\20110809194200_guangqi110810cha15s.swf c:\favoritevideo\InvisibleFolder\20110809194320_guangqi110810zanting.swf c:\favoritevideo\InvisibleFolder\20110809194437_guangqi110810zhu15s.swf c:\favoritevideo\InvisibleFolder\20110810155839_renbaochexian110810houtie.swf c:\favoritevideo\InvisibleFolder\20110810160157_renbaochexian110810cha15s.swf c:\favoritevideo\InvisibleFolder\20110810160522_renbaochexian110810zanting15s.swf c:\favoritevideo\InvisibleFolder\20110810165108_maibaobao110811zhu15s.swf c:\favoritevideo\InvisibleFolder\20110810165314_maibaobao110811zanting.swf c:\favoritevideo\InvisibleFolder\20110811104453_taobao110813qipao.swf c:\favoritevideo\InvisibleFolder\20110811104812_taobao110813zanting.swf c:\favoritevideo\InvisibleFolder\20110811105056_taobao110813cha15s.swf c:\favoritevideo\InvisibleFolder\20110811115654_hrs110811cha15s.swf c:\favoritevideo\InvisibleFolder\20110811182334_ludingji110812zanting.swf c:\favoritevideo\InvisibleFolder\20110812094740_tianzi110812zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812114240_kelingklei110815zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812114622_kelingklei110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110812114859_yiqizaixian110812zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812120801_yougou110812zanting.swf c:\favoritevideo\InvisibleFolder\20110812120948_yougou110812cha15s.swf c:\favoritevideo\InvisibleFolder\20110812131909_taobao110815qipao.swf c:\favoritevideo\InvisibleFolder\20110812132155_taobao110815zanting.swf c:\favoritevideo\InvisibleFolder\20110812132502_taobao110815cha15s.swf c:\favoritevideo\InvisibleFolder\20110812161119_qijishijie110814zanting.jpg c:\favoritevideo\InvisibleFolder\20110812161335_qijishijie110814qipao.swf c:\favoritevideo\InvisibleFolder\20110812163227_ludingji110813zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812164719_zhengtu2110814qipao.swf c:\favoritevideo\InvisibleFolder\20110812165402_zhengtu2110814zanting.swf c:\favoritevideo\InvisibleFolder\20110812175654_paipaiwang110815zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812175859_paipaiwang110815zanting.swf c:\favoritevideo\InvisibleFolder\20110812181724_tankeshijie110813zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812195519_yitiantulong110814zanting.swf c:\favoritevideo\InvisibleFolder\20110812195646_yitiantulong110813zhu15s.swf c:\favoritevideo\InvisibleFolder\20110813224859_baojun110815cha15s.swf c:\favoritevideo\InvisibleFolder\20110814093631_shenmozhetian110814zhu15s.swf c:\favoritevideo\InvisibleFolder\20110814093818_shenmozhetian110814zanting15s.swf c:\favoritevideo\InvisibleFolder\20110814094956_shenmozhetian110814cha15s.swf c:\favoritevideo\InvisibleFolder\20110815092802_yougouwang110815zanting.swf c:\favoritevideo\InvisibleFolder\20110815093313_yougouwang110815cha15s.swf c:\favoritevideo\InvisibleFolder\20110815135603_aiyaya110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815135947_zhongsheng110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140135_bishengyuan110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140531_panpan110815jiaobiao1.swf c:\favoritevideo\InvisibleFolder\20110815140632_kefaang110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140813_hanmei110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140855_panpan110815jiaobiao2.swf c:\favoritevideo\InvisibleFolder\20110815141015_panpan110815jiaobiao3.swf c:\favoritevideo\InvisibleFolder\20110815141052_ruizhou110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815141129_panpan110815jiaobiao4.swf c:\favoritevideo\InvisibleFolder\20110815141241_panpan110815jiaobiao5.swf c:\favoritevideo\InvisibleFolder\20110815141244_didou110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815141400_panpan110815jiaobiao6.swf c:\favoritevideo\InvisibleFolder\20110815141528_panpan110815jiaobiao7.swf c:\favoritevideo\InvisibleFolder\20110815141643_panpan110815jiaobiao8.swf c:\favoritevideo\InvisibleFolder\20110815141649_bishengyuan110815jiaobao.swf c:\favoritevideo\InvisibleFolder\20110815193655_aodili110815zhu15s.swf c:\favoritevideo\InvisibleFolder\20110815223356_baojun110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110816092049_qixiong110816zanting.swf c:\favoritevideo\InvisibleFolder\20110816105102_qixiong110818zhu15s.swf c:\favoritevideo\InvisibleFolder\20110816130435_panpan110816jiaobiao1.swf c:\favoritevideo\InvisibleFolder\20110816130634_panpan110816jiaobiao2.swf c:\favoritevideo\InvisibleFolder\20110816134856_xuanwu110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110816135034_xuanwu110819zanting.swf c:\favoritevideo\InvisibleFolder\20110816160943_lvsezhengtu110817zanting.swf c:\favoritevideo\InvisibleFolder\20110816163807_taobao110818zanting.swf c:\favoritevideo\InvisibleFolder\20110816164011_taobao110818qipao.swf c:\favoritevideo\InvisibleFolder\20110816164144_taobao110818cha15s.swf c:\favoritevideo\InvisibleFolder\20110816171330_yingxiongwudi110817zanting.swf c:\favoritevideo\InvisibleFolder\20110816173522_maibaobao110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110816181632_baojun110816zanting15s.swf c:\favoritevideo\InvisibleFolder\20110816182446_yitiantulong110817zanting.swf c:\favoritevideo\InvisibleFolder\20110816182600_yitiantulong110817zhu15s.swf c:\favoritevideo\InvisibleFolder\20110817093542_furenguo110817zhu15s.swf c:\favoritevideo\InvisibleFolder\20110817093713_furenguo110817zanting15s.swf c:\favoritevideo\InvisibleFolder\20110817100238_furenguo110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110817115739_lvsezhengtu110817zanting.swf c:\favoritevideo\InvisibleFolder\20110817131256_yingxiongwudi110817zantingnew.swf c:\favoritevideo\InvisibleFolder\20110817161308_1haodian110817zanting.swf c:\favoritevideo\InvisibleFolder\20110817162100_1haodian110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110817162445_chuanqi110817zanting15s.swf c:\favoritevideo\InvisibleFolder\20110817162636_chuanqi110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110817162811_1haodian110817zhu15s.swf c:\favoritevideo\InvisibleFolder\20110817163213_yingxiongwuni110818cha15s.swf c:\favoritevideo\InvisibleFolder\20110817163335_chuanqi110817zhu15sa.swf c:\favoritevideo\InvisibleFolder\20110817181142_yitiantulong110818zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818152939_lvsezhengtu110819zanting.swf c:\favoritevideo\InvisibleFolder\20110818162336_shenmodalu110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818164320_yitiantulong110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818164444_yitiantulong110819zanting.swf c:\favoritevideo\InvisibleFolder\20110818171218_lanmiu110818zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818171520_lanmiu110818chabo.swf c:\favoritevideo\InvisibleFolder\20110818171801_lanmiu110818zanting.swf c:\favoritevideo\InvisibleFolder\20110818175600_qixiong110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818181154_renbaochexian110818houtie.swf c:\favoritevideo\InvisibleFolder\20110818181759_renbaochexian110818zanting15s.swf c:\favoritevideo\InvisibleFolder\20110818182016_renbaochexian110818cha15s.swf c:\favoritevideo\InvisibleFolder\20110819103927_lvsezhengtu110820zanting.swf c:\favoritevideo\InvisibleFolder\20110819104727_lvsezhengtu110821zanting.swf c:\favoritevideo\InvisibleFolder\20110819113251_bingchuanyuanzheng110820zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819150436_ludingji110820zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819175742_qixiong110820zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819181933_hanghaizhiwang110819huanchong15s.swf c:\favoritevideo\InvisibleFolder\20110819182537_huanghangzhiwang110819zanting.swf c:\favoritevideo\InvisibleFolder\20110819182835_hanghaizhiwang110819chabo.swf c:\favoritevideo\InvisibleFolder\20110819185932_lanmiu110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819190159_lanmiu110819zanting.swf c:\favoritevideo\InvisibleFolder\20110819190411_lanmiu110819chabo.swf c:\favoritevideo\InvisibleFolder\oplayer.ocx c:\favoritevideo\InvisibleFolder\peer.dll c:\favoritevideo\InvisibleFolder\pplss2.swf c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll c:\windows\SysWow64\User c:\windows\SysWow64\User\User.dat c:\windows\SysWow64\User\User.sav c:\windows\SysWow64\User\users\controller_settings.bin c:\windows\SysWow64\User\users\graphics_settings.bin c:\windows\SysWow64\User\vuid c:\windows\SysWow64\User\wins\and_it_continues c:\windows\SysWow64\User\wins\father_forgive_me c:\windows\SysWow64\User\wins\getting_started c:\windows\SysWow64\User\wins\making_a_name c:\windows\SysWow64\User\wins\revenge_is_sweet c:\windows\SysWow64\User\wins\scars_from_the_past c:\windows\SysWow64\User\wins\the_meating c:\windows\SysWow64\User\wins\the_wrong_guy . . ((((((((((((((((((((((((( 2011-07-21 至 2011-08-21 的新的檔案 ))))))))))))))))))))))))))))))) . . 2011-08-21 10:53 . 2011-08-21 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira 2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira 2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee 2011-08-13 16:32 . 2011-08-21 10:53 -------- d-----w- C:\FavoriteVideo 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\programdata\Jlcm 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\users\User\AppData\Roaming\PPLive 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\programdata\PPLive 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\PPLive 2011-08-12 13:17 . 2011-08-12 13:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG 2011-08-12 08:04 . 2011-08-12 08:04 -------- d--h--w- c:\programdata\Common Files 2011-08-12 08:03 . 2011-08-19 01:56 -------- d-----w- c:\programdata\AVG10 2011-08-12 08:03 . 2011-08-19 01:54 -------- d-----w- c:\windows\system32\drivers\AVG 2011-08-12 08:03 . 2011-08-19 01:52 -------- d-----w- c:\program files (x86)\AVG 2011-08-12 06:35 . 2011-08-19 01:55 -------- d-----w- c:\programdata\MFAData 2011-08-11 16:53 . 2011-08-11 16:53 -------- d-----w- c:\program files (x86)\Kingsoft 2011-08-11 16:52 . 2011-08-11 16:52 -------- d-----w- c:\program files (x86)\Common Files\Kingsoft 2011-08-11 16:52 . 2011-08-12 03:52 -------- d--h--w- c:\program files (x86)\Common Files\nsklog 2011-08-11 16:52 . 2011-08-11 16:54 -------- d-----w- c:\programdata\kingsoft 2011-08-11 16:33 . 2011-08-11 16:33 -------- d-----w- c:\programdata\youku 2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll 2011-08-11 10:55 . 2011-08-11 10:55 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-11 09:48 . 2011-08-11 09:48 -------- d-----w- C:\kleaner.tmp 2011-08-10 23:34 . 2011-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Local\Yahoo 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo! 2011-08-10 09:01 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 09:01 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2011-08-10 09:01 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 08:56 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-10 08:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-08-06 13:57 . 2011-08-06 13:57 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software 2011-08-06 13:56 . 2011-08-06 13:56 -------- d-----w- c:\programdata\Lavasoft 2011-08-06 05:02 . 2011-08-06 05:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-08-05 12:59 . 2011-08-07 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-08-05 12:32 . 2011-08-06 04:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-08-05 01:34 . 2011-08-05 01:34 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Pro 2011-08-02 07:11 . 2011-08-02 07:11 497080 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\mframe.dll 2011-08-02 07:11 . 2011-08-02 07:11 251400 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll 2011-08-02 07:11 . 2011-08-02 07:11 234944 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\ppp.dll 2011-08-02 07:11 . 2011-08-02 07:11 709992 ----a-w- c:\windows\SysWow64\kindling.dll 2011-07-25 15:27 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll 2011-07-23 18:42 . 2011-08-06 03:58 -------- d-----w- C:\GVODMedia 2011-07-23 18:41 . 2011-08-08 14:03 -------- d-----w- c:\program files (x86)\GVOD 2011-07-23 18:41 . 2011-07-25 01:59 -------- d-----w- c:\programdata\GVODPlayer 2011-07-22 12:46 . 2011-07-22 12:46 -------- d-----w- c:\users\User\AppData\Roaming\World-Loom . . . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-21 10:56 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-08-21 10:56 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys 2011-08-21 04:24 . 2011-06-05 01:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-12 04:10 . 2011-08-19 05:56 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04D59CD-0DB4-4619-ADCE-6809104FFDDC}\mpengine.dll 2011-08-06 04:59 . 2011-02-21 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-07-16 04:26 . 2011-08-10 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-08 01:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-07-08 01:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-07-06 11:52 . 2011-07-15 02:34 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy3576.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\system32\nsy3577.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy1E4D.tmp 2011-06-18 15:30 . 2011-06-18 15:30 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-11 03:07 . 2011-07-13 04:46 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-06-08 10:21 . 2011-07-20 11:23 157728 ----a-w- c:\windows\system32\ikutm.dll 2011-06-06 18:19 . 2011-06-06 18:19 224016 ----a-w- c:\windows\system32\TABCTL32.OCX 2011-06-06 07:22 . 2011-06-06 07:22 1741886 ----a-w- c:\windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe 2011-06-06 07:12 . 2011-06-06 07:12 1520566 ----a-w- c:\windows\Chicken Invaders 4 Uninstaller.exe 2011-05-24 11:42 . 2011-06-29 10:03 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 11:14 . 2011-02-21 02:09 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:40 . 2011-06-29 10:03 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 10:03 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 10:03 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 10:03 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-08-05 442232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216] "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856] "QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ SOGOUPY.IME . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360] S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104] S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112] S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x] S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-21 30528] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] DoctorService REG_MULTI_SZ XLDoctor Service . ‘計劃任務’ 文件夾 裡的內容 . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- 而外的掃描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://www.155.com/?id=104295 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: facebook.com Trusted Zone: pps.tv Trusted Zone: ppstream.com Trusted Zone: webscache.com TCP: DhcpNameServer = 219.139.81.6 168.95.1.1 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q= . - - - - ORPHANS REMOVED - - - - . BHO-{0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll BHO-{B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*] "hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a, 6f,62,00,84 "gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d, 6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\ "iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69, 63,70,00,00 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ 其他運行進程 ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\GIGABYTE\ET6\GUI.exe c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe . ************************************************************************** . 完成時間: 2011-08-21 19:01:56 - 電腦已重新啟動 ComboFix-quarantined-files.txt 2011-08-21 11:01 . Pre-Run: 119,272,247,296 bytes free Post-Run: 118,869,110,784 bytes free . - - End Of File - - 31E3E3F8001E55947876B04180C7B626 By the way, I let it scan and away from my computer. After awhile, the log already produced, I aint sure there was installation of Microsoft Windows Recovery Console or not.