xchclow

August 26, 2011

Thank you!!

I think I've uninstalled combofix because I couldn't find it back anymore.

My Malwarebytes' expired already (so I don't have real time protection now).

Do I need to update Malwarebytes' manually EVERYDAY? And perform quick scan everyday too?

It's not appear in my notifications bar anymore.

Is Malwarebytes' still able to protect my computer?

August 24, 2011

Hi elise.

I've uninstalled Java kit 6 (omg, I really have older version of Java in my computer)and replaced with Java kit 7 now.

I already scanned my computer using ESET OnlineScan, but there's no threat found in my computer. Only FINISHED button left after scan completed. So, I can't List and threats, and can't found any Export button too.

August 23, 2011

Hello elise! My computer looks fine now! I can connect to all webpages and even play Facebook games already! No problem with any browsers.

Thank you so much!!!

August 23, 2011

Hi. I reset my router by pressing the reset button already. But I still couldn't connect to Facebook..

August 22, 2011

Hi, now I couldnt connect Facebook, Twitter and Youtube by all browsers..

August 22, 2011

Hi again.

I restart my computer, this is the changes:

Google Chrome: Cannot open Facebook at first and then now can(even can run Facebook games now). yes Twitter, yes Youtube.

IE: Cannot for all Facebook, Twitter and Youtube.

Firefox: Yes Facebook, yes Twitter, no Youtube.

August 22, 2011

Dear elise,

Hi. I am unable to connect facebook right now.

IE stated that, Internet Explorer cannot display the webpage.

(So do Firefox)

At the same time, I using Google Chrome to connect Facebook, it works fine.

(For your information, sometimes I could connect Facebook, while sometimes couldn't)

Besides, I cannot play Facebook games too. (It cannot connect to that page once I click the game)

Google Chrome: Can open Facebook, no Twitter, no Youtube.

Internet Explorer: Twitter only, no Facebook, no Youtube.

Firefox: Twitter only, no Facebook, no Youtube. (same as IE)

August 22, 2011

Oops, it goes to this again:

Oops! Google Chrome could not find www.facebook.com

Try reloading: www.facebook.com

Additional suggestions:

Access a cached copy of www.facebook.com

Search on Google:

August 22, 2011

Hi again.

I still cannot connect to certain webpage that I used to visit. By the way, the description of I couldnt connect to those webpage had changed.

It changed to: DNS Lookup failed. (Previously I couldn't run DDS due to DNS too?)

I am using Google Chrome:

The server at www.facebook.com can't be found, because the DNS lookup failed. DNS is the web service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.

August 22, 2011

Hi.

Here is the combofix log.

ComboFix 11-08-21.01 - User 8/2011 Mon 9:09.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4519 [GMT 8:00]

執行位置: c:\users\User\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\favoritevideo\InvisibleFolder

c:\favoritevideo\InvisibleFolder\20110819153240_jianerma110822zanting15s.swf.tpp

c:\favoritevideo\InvisibleFolder\20110819161639_jianeng110822zhu15s.swf.tpp

c:\favoritevideo\InvisibleFolder\20110819161910_jianeng110822zanting15s.swf.tpp

c:\favoritevideo\InvisibleFolder\20110820105015_taobao110822zanting.swf.tpp

c:\favoritevideo\InvisibleFolder\20110820105756_taobao110822qipao.swf.tpp

c:\favoritevideo\InvisibleFolder\20110820110008_taobao110822cha15s.swf.tpp

c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll

.

((((((((((((((((((((((((( 2011-07-22 至 2011-08-22 的新的檔案 )))))))))))))))))))))))))))))))

.

2011-08-22 01:17 . 2011-08-22 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira

2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira

2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee

2011-08-13 16:32 . 2011-08-22 01:17 -------- d-----w- C:\FavoriteVideo

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\programdata\Jlcm

2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\users\User\AppData\Roaming\PPLive

2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\programdata\PPLive

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\PPLive

2011-08-12 13:17 . 2011-08-12 13:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG

2011-08-12 08:04 . 2011-08-12 08:04 -------- d--h--w- c:\programdata\Common Files

2011-08-12 08:03 . 2011-08-19 01:56 -------- d-----w- c:\programdata\AVG10

2011-08-12 08:03 . 2011-08-19 01:54 -------- d-----w- c:\windows\system32\drivers\AVG

2011-08-12 08:03 . 2011-08-19 01:52 -------- d-----w- c:\program files (x86)\AVG

2011-08-12 06:35 . 2011-08-19 01:55 -------- d-----w- c:\programdata\MFAData

2011-08-11 16:53 . 2011-08-11 16:53 -------- d-----w- c:\program files (x86)\Kingsoft

2011-08-11 16:52 . 2011-08-11 16:52 -------- d-----w- c:\program files (x86)\Common Files\Kingsoft

2011-08-11 16:52 . 2011-08-12 03:52 -------- d--h--w- c:\program files (x86)\Common Files\nsklog

2011-08-11 16:52 . 2011-08-11 16:54 -------- d-----w- c:\programdata\kingsoft

2011-08-11 16:33 . 2011-08-11 16:33 -------- d-----w- c:\programdata\youku

2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll

2011-08-11 10:55 . 2011-08-11 10:55 -------- d-----w- c:\programdata\Kaspersky Lab

2011-08-11 09:48 . 2011-08-11 09:48 -------- d-----w- C:\kleaner.tmp

2011-08-10 23:34 . 2011-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Local\Yahoo

2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo!

2011-08-10 09:01 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 09:01 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 09:01 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-08-10 09:01 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll

2011-08-10 09:01 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll

2011-08-10 09:01 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll

2011-08-10 09:01 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll

2011-08-10 09:01 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll

2011-08-10 09:01 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll

2011-08-10 08:56 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 08:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-08-10 08:45 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 08:45 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-06 13:57 . 2011-08-06 13:57 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software

2011-08-06 13:56 . 2011-08-06 13:56 -------- d-----w- c:\programdata\Lavasoft

2011-08-06 05:02 . 2011-08-06 05:02 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-08-05 12:59 . 2011-08-07 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-05 12:32 . 2011-08-06 04:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-08-05 01:34 . 2011-08-05 01:34 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Pro

2011-08-02 07:11 . 2011-08-02 07:11 497080 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\mframe.dll

2011-08-02 07:11 . 2011-08-02 07:11 251400 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll

2011-08-02 07:11 . 2011-08-02 07:11 234944 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\ppp.dll

2011-08-02 07:11 . 2011-08-02 07:11 709992 ----a-w- c:\windows\SysWow64\kindling.dll

2011-07-25 15:27 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll

2011-07-23 18:42 . 2011-08-06 03:58 -------- d-----w- C:\GVODMedia

2011-07-23 18:41 . 2011-08-08 14:03 -------- d-----w- c:\program files (x86)\GVOD

2011-07-23 18:41 . 2011-07-25 01:59 -------- d-----w- c:\programdata\GVODPlayer

.

(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-22 01:05 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-08-22 01:05 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys

2011-08-21 04:24 . 2011-06-05 01:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-12 04:10 . 2011-08-19 05:56 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04D59CD-0DB4-4619-ADCE-6809104FFDDC}\mpengine.dll

2011-08-06 04:59 . 2011-02-21 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-07-16 04:26 . 2011-08-10 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-08 01:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-07-08 01:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-07-06 11:52 . 2011-07-15 02:34 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy3576.tmp

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\system32\nsy3577.tmp

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy1E4D.tmp

2011-06-18 15:30 . 2011-06-18 15:30 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-11 03:07 . 2011-07-13 04:46 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-06-08 10:21 . 2011-07-20 11:23 157728 ----a-w- c:\windows\system32\ikutm.dll

2011-06-06 18:19 . 2011-06-06 18:19 224016 ----a-w- c:\windows\system32\TABCTL32.OCX

2011-06-06 07:22 . 2011-06-06 07:22 1741886 ----a-w- c:\windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe

2011-06-06 07:12 . 2011-06-06 07:12 1520566 ----a-w- c:\windows\Chicken Invaders 4 Uninstaller.exe

2011-05-24 11:42 . 2011-06-29 10:03 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 11:14 . 2011-02-21 02:09 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:40 . 2011-06-29 10:03 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 10:03 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 10:03 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 10:03 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

.

((((((((((((((((((((((((((((( SnapShot@2011-08-21_10.55.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-21 01:53 . 2011-08-22 01:06 65930 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-08-21 10:57 34362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-22 01:06 34362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-21 01:32 . 2011-08-22 01:06 14336 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1060712862-2128723342-4021548419-1000_UserData.bin

+ 2011-02-22 05:18 . 2011-08-22 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-22 05:18 . 2011-08-22 01:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-22 05:18 . 2011-08-21 10:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-22 05:18 . 2011-08-22 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-21 03:02 . 2011-08-22 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-21 03:02 . 2011-08-22 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-22 01:18 . 2011-08-22 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-21 10:54 . 2011-08-21 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-21 10:54 . 2011-08-21 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-22 01:18 . 2011-08-22 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-08-21 10:53 673788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-08-22 01:17 673788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-22 13:37 . 2011-08-21 16:47 4930120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-02-22 13:37 . 2011-08-07 09:35 4930120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*注意* 空白與合法缺省登錄將不會被顯示

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}]

c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B0E2F470-0B07-48f0-B3B1-5749505FAE9B}]

c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-08-05 442232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]

"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]

"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

Ime File REG_SZ SOGOUPY.IME

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-22 30528]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360]

S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104]

S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112]

S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

DoctorService REG_MULTI_SZ XLDoctor Service

.

‘計劃任務’ 文件夾裡的內容

.

2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]

.

2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]

.

------- 而外的掃描 -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.155.com/?id=104295

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: facebook.com

Trusted Zone: pps.tv

Trusted Zone: ppstream.com

Trusted Zone: webscache.com

TCP: DhcpNameServer = 219.139.81.6 168.95.1.1

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*]

"hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a,

6f,62,00,84

"gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d,

6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\

"iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69,

63,70,00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ 其他運行進程 ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe

.

**************************************************************************

.

完成時間: 2011-08-22 09:24:59 - 電腦已重新啟動

ComboFix-quarantined-files.txt 2011-08-22 01:24

ComboFix2.txt 2011-08-21 11:01

.

Pre-Run: 118,865,944,576 bytes free

Post-Run: 118,772,756,480 bytes free

.

- - End Of File - - 5BCF388512EE2A652F50E50F300AB25E

August 21, 2011

No. I din do the system restore.

Sorry for the inconvenience..

August 21, 2011

I am very sorry Elise! I think it is not caused by Combofix. I'm very sorry!

August 21, 2011

Thank you elize.

Can you kindly tell me what to do next in order to remove the malware?

August 21, 2011

Hi.

After run COMBOFIX, I noticed that my Photoshop needs serial number to run it. I think I maybe going to restore my computer to previous point because I need a lot of Adobe softwares.

Can we have different solution to fix my computer problem (remove malwares)?

I forgot my serial number already.

I still have my AUTOCAD exactly....

August 21, 2011

Here is the C:\Combofix.txt

Is it the same as i posted above?

ComboFix 11-08-21.01 - User 8/2011 Sun 18:46:03.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4386 [GMT 8:00]

執行位置: c:\users\User\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* 成功創造新還原點

.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\favoritevideo\InvisibleFolder

c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf

c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf

c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf

c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf

c:\favoritevideo\InvisibleFolder\20110128170117_wopaiwang110128zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110128172504_panpan110201jiaobiao.swf

c:\favoritevideo\InvisibleFolder\20110323093215_pptv110323zanting15s.jpg

c:\favoritevideo\InvisibleFolder\20110628183241_ipad110628zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110628183325_ipad110628zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110701201118_haiyanggongyuan110704cha15s.swf

c:\favoritevideo\InvisibleFolder\20110701201256_haiyanggongyuan110704zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110701201555_haiyanggongyuan110704jiao15s.swf

c:\favoritevideo\InvisibleFolder\20110705150125_pinganchexian110705zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110708110551_alibaba110711zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110714133021_pinganchexian110714zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110715105349_shenghuojia110715zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110715105538_shenghuojia110715zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110718115546_xinhuanzhugege110718zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110721145327_hushubao110701zanting15s.jpg

c:\favoritevideo\InvisibleFolder\20110721145938_hushubao110701cha15s.swf

c:\favoritevideo\InvisibleFolder\20110722215436_dongpeng110723jiaobiao.swf

c:\favoritevideo\InvisibleFolder\20110726144544_modengxinrenlei110726zanting.jpg

c:\favoritevideo\InvisibleFolder\20110726144832_modengxinrenlei110726zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110726145145_modengxinrenlei110726cha15s.jpg

c:\favoritevideo\InvisibleFolder\20110726145412_xinhuanzhugege110726cha15s.jpg

c:\favoritevideo\InvisibleFolder\20110729164352_maibaobao110801cha15s.swf

c:\favoritevideo\InvisibleFolder\20110801123635_guangqichuanqi110801zhu15s3.swf

c:\favoritevideo\InvisibleFolder\20110801123818_guangqichuanqi110801zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110801124028_guangqichuanqi11081cha15s.swf

c:\favoritevideo\InvisibleFolder\20110801185425_newbalance110801zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110803172239_xinshuihu110803zhu15s.jpg

c:\favoritevideo\InvisibleFolder\20110803172440_xinshuihu110803zanting15s.jpg

c:\favoritevideo\InvisibleFolder\20110803172633_xinshuihu110803cha15s.jpg

c:\favoritevideo\InvisibleFolder\20110804143802_shasha110804zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110804143934_shasha110804cha15s.swf

c:\favoritevideo\InvisibleFolder\20110804144043_shasha110804zanting.swf

c:\favoritevideo\InvisibleFolder\20110805164138_shandongliantong110805zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110809092713_tianzi110809zanting.jpg

c:\favoritevideo\InvisibleFolder\20110809192159_1haodian110810cha15s.swf

c:\favoritevideo\InvisibleFolder\20110809192620_1haodian110810zanting.swf

c:\favoritevideo\InvisibleFolder\20110809194200_guangqi110810cha15s.swf

c:\favoritevideo\InvisibleFolder\20110809194320_guangqi110810zanting.swf

c:\favoritevideo\InvisibleFolder\20110809194437_guangqi110810zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110810155839_renbaochexian110810houtie.swf

c:\favoritevideo\InvisibleFolder\20110810160157_renbaochexian110810cha15s.swf

c:\favoritevideo\InvisibleFolder\20110810160522_renbaochexian110810zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110810165108_maibaobao110811zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110810165314_maibaobao110811zanting.swf

c:\favoritevideo\InvisibleFolder\20110811104453_taobao110813qipao.swf

c:\favoritevideo\InvisibleFolder\20110811104812_taobao110813zanting.swf

c:\favoritevideo\InvisibleFolder\20110811105056_taobao110813cha15s.swf

c:\favoritevideo\InvisibleFolder\20110811115654_hrs110811cha15s.swf

c:\favoritevideo\InvisibleFolder\20110811182334_ludingji110812zanting.swf

c:\favoritevideo\InvisibleFolder\20110812094740_tianzi110812zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812114240_kelingklei110815zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812114622_kelingklei110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110812114859_yiqizaixian110812zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812120801_yougou110812zanting.swf

c:\favoritevideo\InvisibleFolder\20110812120948_yougou110812cha15s.swf

c:\favoritevideo\InvisibleFolder\20110812131909_taobao110815qipao.swf

c:\favoritevideo\InvisibleFolder\20110812132155_taobao110815zanting.swf

c:\favoritevideo\InvisibleFolder\20110812132502_taobao110815cha15s.swf

c:\favoritevideo\InvisibleFolder\20110812161119_qijishijie110814zanting.jpg

c:\favoritevideo\InvisibleFolder\20110812161335_qijishijie110814qipao.swf

c:\favoritevideo\InvisibleFolder\20110812163227_ludingji110813zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812164719_zhengtu2110814qipao.swf

c:\favoritevideo\InvisibleFolder\20110812165402_zhengtu2110814zanting.swf

c:\favoritevideo\InvisibleFolder\20110812175654_paipaiwang110815zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812175859_paipaiwang110815zanting.swf

c:\favoritevideo\InvisibleFolder\20110812181724_tankeshijie110813zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812195519_yitiantulong110814zanting.swf

c:\favoritevideo\InvisibleFolder\20110812195646_yitiantulong110813zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110813224859_baojun110815cha15s.swf

c:\favoritevideo\InvisibleFolder\20110814093631_shenmozhetian110814zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110814093818_shenmozhetian110814zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110814094956_shenmozhetian110814cha15s.swf

c:\favoritevideo\InvisibleFolder\20110815092802_yougouwang110815zanting.swf

c:\favoritevideo\InvisibleFolder\20110815093313_yougouwang110815cha15s.swf

c:\favoritevideo\InvisibleFolder\20110815135603_aiyaya110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815135947_zhongsheng110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140135_bishengyuan110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140531_panpan110815jiaobiao1.swf

c:\favoritevideo\InvisibleFolder\20110815140632_kefaang110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140813_hanmei110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140855_panpan110815jiaobiao2.swf

c:\favoritevideo\InvisibleFolder\20110815141015_panpan110815jiaobiao3.swf

c:\favoritevideo\InvisibleFolder\20110815141052_ruizhou110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815141129_panpan110815jiaobiao4.swf

c:\favoritevideo\InvisibleFolder\20110815141241_panpan110815jiaobiao5.swf

c:\favoritevideo\InvisibleFolder\20110815141244_didou110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815141400_panpan110815jiaobiao6.swf

c:\favoritevideo\InvisibleFolder\20110815141528_panpan110815jiaobiao7.swf

c:\favoritevideo\InvisibleFolder\20110815141643_panpan110815jiaobiao8.swf

c:\favoritevideo\InvisibleFolder\20110815141649_bishengyuan110815jiaobao.swf

c:\favoritevideo\InvisibleFolder\20110815193655_aodili110815zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110815223356_baojun110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110816092049_qixiong110816zanting.swf

c:\favoritevideo\InvisibleFolder\20110816105102_qixiong110818zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110816130435_panpan110816jiaobiao1.swf

c:\favoritevideo\InvisibleFolder\20110816130634_panpan110816jiaobiao2.swf

c:\favoritevideo\InvisibleFolder\20110816134856_xuanwu110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110816135034_xuanwu110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110816160943_lvsezhengtu110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110816163807_taobao110818zanting.swf

c:\favoritevideo\InvisibleFolder\20110816164011_taobao110818qipao.swf

c:\favoritevideo\InvisibleFolder\20110816164144_taobao110818cha15s.swf

c:\favoritevideo\InvisibleFolder\20110816171330_yingxiongwudi110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110816173522_maibaobao110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110816181632_baojun110816zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110816182446_yitiantulong110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110816182600_yitiantulong110817zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110817093542_furenguo110817zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110817093713_furenguo110817zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110817100238_furenguo110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817115739_lvsezhengtu110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110817131256_yingxiongwudi110817zantingnew.swf

c:\favoritevideo\InvisibleFolder\20110817161308_1haodian110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110817162100_1haodian110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817162445_chuanqi110817zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110817162636_chuanqi110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817162811_1haodian110817zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110817163213_yingxiongwuni110818cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817163335_chuanqi110817zhu15sa.swf

c:\favoritevideo\InvisibleFolder\20110817181142_yitiantulong110818zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818152939_lvsezhengtu110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110818162336_shenmodalu110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818164320_yitiantulong110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818164444_yitiantulong110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110818171218_lanmiu110818zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818171520_lanmiu110818chabo.swf

c:\favoritevideo\InvisibleFolder\20110818171801_lanmiu110818zanting.swf

c:\favoritevideo\InvisibleFolder\20110818175600_qixiong110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818181154_renbaochexian110818houtie.swf

c:\favoritevideo\InvisibleFolder\20110818181759_renbaochexian110818zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110818182016_renbaochexian110818cha15s.swf

c:\favoritevideo\InvisibleFolder\20110819103927_lvsezhengtu110820zanting.swf

c:\favoritevideo\InvisibleFolder\20110819104727_lvsezhengtu110821zanting.swf

c:\favoritevideo\InvisibleFolder\20110819113251_bingchuanyuanzheng110820zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819150436_ludingji110820zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819175742_qixiong110820zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819181933_hanghaizhiwang110819huanchong15s.swf

c:\favoritevideo\InvisibleFolder\20110819182537_huanghangzhiwang110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110819182835_hanghaizhiwang110819chabo.swf

c:\favoritevideo\InvisibleFolder\20110819185932_lanmiu110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819190159_lanmiu110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110819190411_lanmiu110819chabo.swf

c:\favoritevideo\InvisibleFolder\oplayer.ocx

c:\favoritevideo\InvisibleFolder\peer.dll

c:\favoritevideo\InvisibleFolder\pplss2.swf

c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll

c:\windows\SysWow64\User

c:\windows\SysWow64\User\User.dat

c:\windows\SysWow64\User\User.sav

c:\windows\SysWow64\User\users\controller_settings.bin

c:\windows\SysWow64\User\users\graphics_settings.bin

c:\windows\SysWow64\User\vuid

c:\windows\SysWow64\User\wins\and_it_continues

c:\windows\SysWow64\User\wins\father_forgive_me

c:\windows\SysWow64\User\wins\getting_started

c:\windows\SysWow64\User\wins\making_a_name

c:\windows\SysWow64\User\wins\revenge_is_sweet

c:\windows\SysWow64\User\wins\scars_from_the_past

c:\windows\SysWow64\User\wins\the_meating

c:\windows\SysWow64\User\wins\the_wrong_guy

.

((((((((((((((((((((((((( 2011-07-21 至 2011-08-21 的新的檔案 )))))))))))))))))))))))))))))))

.

2011-08-21 10:53 . 2011-08-21 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira

2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira

2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee

2011-08-13 16:32 . 2011-08-21 10:53 -------- d-----w- C:\FavoriteVideo