root\HaoZipVirtualCDBus是什么意思呀_百度知道ComboFix_入迷不可_新浪博客
Combofix是一个批处理程序,由sUBs所撰写。执行后,它会扫描你的系统,当发现系统中存在已知的恶意程序时,Combofix会自动尝试清除系统中被植入或感染的文件。除了可以删除大量的恶意软件外,Combofix也会显示系统扫描报告,可以帮助有经验的人员分析、取得样本,并删除无法删除的恶意文件。
ZDNet CIO与应用频道
评语:ComboFix是一款当其他工具都不管用的时候你可以使用的工具。它的主要目标是清理有恶意软件的系统--所有恶意软件。这并不是Malwarebytes或者其他任何反病毒工具;这是工具之王。因为它是一款强大的恶意软件清除工具,你必须谨慎使用ComboFix。不要只是双击图标就任它自己运行了。首先,在运行ComboFix之前你必须关闭防病毒软件。同时运行ComboFix和防病毒软件会导致重大问题。(我测试过这种说法,导致系统无法启动。)在清除恶意软件方面它是一款无情的应用,所以要非常小心。ComboFix是免费的,可用于Windows系统(但不支持Windows
ComboFix 16-03-14.01 - Administrator -03-15 星期二 18:50:22.3.2 -
Microsoft Windows XP Professional
5.1..86.9.1238 [GMT 8:00]
执行位置: c:\documents and
settings\Administrator\桌面\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated*
{F0-48A3-B128-1A293FD8233D}
((((((((((((((((((((((((((((((((((((((( 被删除的档案
)))))))))))))))))))))))))))))))))))))))))))))))))
c:\windows\system32\srsvc.dll . . . 受感染!!
(((((((((((((((((((((((((
的新的档案
)))))))))))))))))))))))))))))))
10:20 -------- d-----w-
c:\documents and settings\Administrator\Application Data\Enigma
Software Group
10:20 -------- d-----w-
c:\windows\LastGood
10:19 -------- d-----w-
10:15 19984 ----a-w-
c:\windows\system32\drivers\EsgScanner.sys
10:13 -------- d-----w- c:\program
files\Enigma Software Group
05:12 -------- d-----w-
c:\documents and settings\All Users\Application
Data\LocalStorage
05:09 -------- d-----w-
c:\documents and settings\All Users\Application Data\QiYi
05:08 -------- d-----w-
c:\documents and settings\Administrator\Application Data\Qiyi
19:31 -------- d-----w-
c:\documents and settings\Administrator\Application Data\IQIYI
02:34 -------- d-----w-
c:\documents and settings\NetworkService\Local Settings\Application
17:54 334280 ----a-w-
c:\windows\system32\aswBoot.exe
17:54 52184 ----a-w-
c:\windows\avastSS.scr
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案
))))))))))))))))))))))))))))))))))))))))))))))))))))
10:16 797376 ----a-w-
c:\windows\system32\FlashPlayerApp.exe
10:16 142528 ----a-w-
c:\windows\system32\FlashPlayerCPLApp.cpl
13:15 3735 ----a-w-
c:\windows\备份的启动项目.reg
14:26 447848 ----a-w-
c:\windows\system32\drivers\aswsp.sys
14:26 221240 ----a-w-
c:\windows\system32\drivers\aswvmm.sys
14:26 67088 ----a-w-
c:\windows\system32\drivers\aswTdi.sys
14:26 171608 ----a-w-
c:\windows\system32\drivers\aswStmXP.sys
14:26 91168 ----a-w-
c:\windows\system32\drivers\aswMonFlt.sys
14:26 64272 ----a-w-
c:\windows\system32\drivers\aswRdr.sys
14:26 58776 ----a-w-
c:\windows\system32\drivers\aswRvrt.sys
14:26 32792 ----a-w-
c:\windows\system32\drivers\aswHwid.sys
14:26 812720 ----a-w-
c:\windows\system32\drivers\aswSnx.sys
16:49 8192 ----a-w-
c:\windows\system32\srvany.exe
16:49 77824 ----a-w-
c:\windows\KMService.exe
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
. DFC40D5CB15E6DC918342E . 361600 . .
[5.1.] . . c:\windows\system32\drivers\tcpip.sys
. 440EDA2420CFA1B3B2ABD . 493056 . .
[5.1.] . . c:\windows\system32\winlogon.exe
. 4A4F1CB3E8E0F1869D24 . 1573376 . .
[5.1.] . . c:\windows\system32\sfcfiles.dll
((((((((((((((((((((((((((((((((((((( 重要登入点
))))))))))))))))))))))))))))))))))))))))))))))))))
*注意* 空白与合法缺省登录将不会被显示
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper
Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}]
14:42 593464 ----a-w- c:\documents and
settings\Administrator\Application
Data\Tencent\QQ\QQAntiPhishing\AccountProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper
Objects\{DE05CF4A-7B0A--}]
10:04 1702344 ----a-w- d:\program files\Thunder
Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.RBCShellExternal]
@="{30C5E658-70B6--D362A5BE2049}"
[HKEY_CLASSES_ROOT\CLSID\{30C5E658-70B6--D362A5BE2049}]
03:06 195600 ----a-w- c:\documents and settings\All
Users\Application Data\Video
Legend\RBC\Addins\RBCShellExternal.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{-C522-11CF-CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{-C522-11CF-CC02F24}]
17:54 770088 ----a-w- c:\program files\AVAST
Software\Avast\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QyClient"="d:\program files\IQIYI Video\PStyle\QyClient.exe"
"QyKernel"="d:\program files\IQIYI Video\PStyle\QyKernel.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe"
"SpyHunter Security Suite"="c:\program files\Enigma Software
Group\SpyHunter\SpyHunter4.exe" [ 7252864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [ 128512]
c:\documents and settings\Administrator\「开始」菜单\程序\启动\
Avast Free Antivirus.lnk - c:\program files\AVAST
Software\Avast\AvastUI.exe [ 7139768]
c:\documents and settings\Administrator\「开始」菜单\程序\启动\
Avast Free Antivirus.lnk - c:\program files\AVAST
Software\Avast\AvastUI.exe [ 7139768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard
layouts\e0210804]
Ime File REG_SZ GOOGLEPINYIN2.IME
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Application
Data\\Tencent\\QQ\\STemp\\SetupEx0\\QQSetupEx.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\auclt.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\maLauncher.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\maUpdat.exe"=
"c:\\program files\\common
files\\tencent\\qqdownload\\131\\tencentdl.exe"=
"c:\\program files\\common
files\\tencent\\qqdownload\\131\\bugreport_xf.exe"=
"c:\\Program
Files\\Tencent\\QQMusic\\QzoneMusic\\QzoneMusic.exe"=
"c:\\Program Files\\Tencent\\QQGameMicro\\QQGameMicro.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common
Files\\Tencent\\QQMiniDL\\60\\QQMiniDL.exe"=
"c:\\Program Files\\Common
Files\\Tencent\\QQMiniDL\\60\\QQMiniDLUI.exe"=
"c:\\Program Files\\Common
Files\\Tencent\\QQMiniDL\\60\\QQGameUpUI.exe"=
"c:\\Documents and Settings\\All Users\\Application
Data\\QQPet\\QQPetAgent\\QQPetAgent.exe"=
"d:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft
Office\\Office14\\ONENOTE.EXE"=
"d:\\Program Files\\Microsoft
Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Thunder
Network\\TP\\Ver1\\1.1.2.259_1111\\ThunderPlatform.exe"=
"c:\\Program Files\\Common Files\\Thunder
Network\\TP\\Ver1\\1.1.2.259_1111\\XLBugReport.exe"=
"d:\\Program Files\\Thunder
Network\\Thunder\\Program\\Thunder.exe"=
"d:\\Program Files\\IQIYI Video\\PStyle\\QyKernel.exe"=
"d:\\Program Files\\IQIYI Video\\PStyle\\QyPlayer.exe"=
"d:\\Program Files\\IQIYI Video\\PStyle\\QyFragment.exe"=
"d:\\Program Files\\IQIYI Video\\PStyle\\QyClient.exe"=
"c:\\Documents and Settings\\Administrator\\Local
Settings\\Application
Data\\Google\\Chrome\\Application\\chrome.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13474:TCP"= 13474:TCP:BitComet 13474 TCP
"13474:UDP"= 13474:UDP:BitComet 13474 UDP
"33674:UDP"= 33674:UDP:ThunderLAN(UDP)
"33673:TCP"= 33673:TCP:ThunderLAN(TCP)
R0 ahci8086;ahci8086;c:\windows\system32\drivers\ahci8086.sys
[ 12:46 123392]
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys
[ 12:46 228688]
R0 aswRavast! Rc:\windows\system32\drivers\aswRvrt.sys
[ 22:26 58776]
R0 aswVavast! VM
Mc:\windows\system32\drivers\aswvmm.sys [ 22:26
R0 AAVG Logging
Dc:\windows\system32\drivers\avglogx.sys [ 14:23
R0 Avgrkx86;AVG Anti-Rootkit
Dc:\windows\system32\drivers\avgrkx86.sys [ 15:25
R0 iaStor47;iaStor47;c:\windows\system32\drivers\iaStor47.sys
[ 12:46 477696]
R0 iaStor78;iaStor78;c:\windows\system32\drivers\iaStor78.sys
[ 12:46 308248]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys
[ 12:46 63616]
R0 mv61mv61c:\windows\system32\drivers\mv61xx.sys
[ 12:46 159536]
R0 mv64mv64c:\windows\system32\drivers\mv64xx.sys
[ 12:46 285736]
R0 mv91mv91c:\windows\system32\drivers\mv91xx.sys
[ 12:46 275760]
R0 mvSmvSc:\windows\system32\drivers\mvsata.sys
[ 12:46 43520]
R0c:\windows\system32\drivers\rcxpahci.sys
[ 12:46 493744]
R0VIA ATA/ATAPI Host
Cc:\windows\system32\drivers\viapdsk.sys [ 12:46
R0 ViBViBc:\windows\system32\drivers\ViBus.sys [
12:46 16896]
R0 ViPVIA SATA IDE Device
Dc:\windows\system32\drivers\ViPrt.sys [ 12:46
R1 aswSaswSc:\windows\system32\drivers\aswSnx.sys
[ 22:26 812720]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [
22:26 447848]
R1 BAPIDRV;BAPIDRV;c:\windows\system32\drivers\BAPIDRV.SYS
R1 QQFrmMQQFrmMc:\windows\system32\drivers\QQFrmMgr.sys
R2 aswHavast!
HardwareID;c:\windows\system32\drivers\aswHwid.sys [ 22:26
R2 aswMonFaswMonFc:\windows\system32\drivers\aswMonFlt.sys
[ 22:26 91168]
R2 ImeDictUpdateSMicrosoft IME Dictionary
Uc:\program files\Common Files\Microsoft
Shared\IME14\SHARED\IMEDICTUPDATE.EXE [ 59760]
PECKbdPPECKbdPc:\windows\system32\drivers\PECKP.SYS
R2 QiyiSIQIYI Video Platform Sd:\program
files\IQIYI Video\PStyle\QiyiService.exe [ 13:08
R2 QQPQQPc:\windows\system32\drivers\QQProtect.sys
XLServicePXLServicePc:\windows\system32\svchost -k
XLServicePlatform --& c:\windows\system32\svchost -k
XLServicePlatform [?]
R3 aswStmXP;Avast StreamFilter
Dc:\windows\system32\drivers\aswStmXP.sys [ 22:26
R3c:\program files\Enigma Software
Group\SpyHunter\esgiguard.sys [ 18:15 15920]
R3 QDAntiDQDAntiDc:\program files\Common
Files\Tencent\QQProtect\Bin\QDAntiDrv.sys [ 17:16
TenpayKTenpayKc:\windows\system32\drivers\TenpayKeyboard.sys
[ 9:47 40112]
R3 VIACRX86;VIACRX86;c:\windows\system32\drivers\viacr.sys
S1 Avgldx86;AVG AVI Loader
Dc:\windows\system32\drivers\avgldx86.sys [ 15:34
S1 QMUtencent QMU\??\c:\program
files\Tencent\QQPCMgr\11.1.\QMUdisk.sys --&
c:\program files\Tencent\QQPCMgr\11.1.\QMUdisk.sys [?]
S1\??\c:\program
files\Tencent\QQPCMgr\11.1.\softaal.sys --&
c:\program files\Tencent\QQPCMgr\11.1.\softaal.sys [?]
BDSafeBBDSafeBc:\windows\system32\drivers\BDSafeBrowser.sys
S2 KMSKMSc:\windows\system32\srvany.exe [
0:49 8192]
S2 QPCQPCore Sc:\program files\Common
Files\Tencent\QQProtect\Bin\QQProtect.exe [ 17:19
S2 SpyHunter 4 SSpyHunter 4 Sc:\program
files\Enigma Software Group\SpyHunter\SH4Service.exe [
18:14 784256]
S3 AAc:\windows\system32\drivers\Ambfilt.sys
[ 1691480]
S3 AntiRk;AntiRk;c:\windows\system32\drivers\AntiRk.sys
[ 0:28 35768]
EsgSEsgSc:\windows\system32\drivers\EsgScanner.sys
[ 18:15 19984]
S3 HaozipVirtualCDBHaoZip Virtual Bus
Dc:\windows\system32\drivers\HaoZipVirtualCDBus.sys [
21:21 115288]
S3 TSSK;TSSK;c:\windows\system32\TSSK.sys [ 0:23
S4c:\windows\system32\drivers\iteraid.sys
[ 12:46 26112]
S4 m;c:\windows\system32\drivers\m5228.sys [
12:46 45069]
S4 m;c:\windows\system32\drivers\m5281.sys [
12:46 51072]
S4 m;c:\windows\system32\drivers\m5287.sys [
12:46 103680]
S4 m;c:\windows\system32\drivers\m5288.sys [
12:46 210304]
S4 m;c:\windows\system32\drivers\m5289.sys [
12:46 52480]
S4 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys
[ 12:46 68864]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ESGIGUARD
*NewlyCreated* - ESGSCANNER
*NewlyCreated* - SPYHUNTER_4_SERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ XLServicePlatform
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
‘计划任务’ 文件夹 里的内容
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe
c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
------- 而外的扫描 -------
uStart Page = hxxp:///?tn=_hao_pg
mStart Page =
/?fr=hp-avast&type=avastbcl
mSearch Bar =
/?fr=hp-avast&type=avastbcl
uInternet Settings,ProxyOverride = *.local
IE: &使用&迅雷下载 - d:\program
files\Thunder Network\Thunder\BHO\geturl.htm
IE: &使用&迅雷下载全部链接 - d:\program
files\Thunder Network\Thunder\BHO\GetAllUrl.htm
IE: &使用&迅雷离线下载 - d:\program
files\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: Add to Google Photos Screensa&ver -
c:\windows\system32\GPhotos.scr/200
IE: 使用QQ下载助手下载 - c:\program files\Common
Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm
IE: 发送至 OneNote(&N) -
d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: 导出到 Microsoft Excel(&X) -
d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: 导出到 Microsoft Office Excel(&X) -
c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: 朗读选定内容 - c:\windows\system32\ir_Select2.htm
IE: {{a-11d1-b792-} - c:\documents and
settings\All Users\Application Data\Thunder
Network\XMP5\V5.1.29.4510\Program\XmpIEToolMenu.htm
IE: {{a-11d1-b792-} - c:\documents and
settings\All Users\Application Data\Thunder
Network\XMP5\V5.1.29.4510\Program\XmpIEToolBar.htm
IE: {{A-11D1-B792-} -
c:\windows\system32\ir_Select2.htm
Trusted Zone:
Trusted Zone: \easyabc
Trusted Zone: \www
Trusted Zone: \www
Trusted Zone:
Trusted Zone: \ad
Trusted Zone: \click
Trusted Zone: \www
TCP: DhcpNameServer = 61.128.114.167 61.128.114.134
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector
by Gmer, http://www.gmer.net
Rootkit scan
Windows 5.1.2600 Service Pack 3 NTFS
扫描被隐藏的进程 。。。
扫描被隐藏的启动组 。。。
扫描被隐藏的文件 。。。
被隐藏的档案: 0
**************************************************************************
--------------------- LOCKED REGISTRY KEYS
---------------------
[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\
g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\
g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\
g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
[HKEY_USERS\S-1-5-21--\Software\Local
AppWizard-Generated Applications\P*D*F*桘媓V\BookmarkFont]
"FaceName"="Arial"
"PitchAndFamily"="32"
"Quality"="0"
"ClipPrecision "="0"
"OutPrecision"="0"
"CharSet"="1"
"StrikeOut"="0"
"Underline"="0"
"Italic"="0"
"Weight"="400"
"Orientation"="0"
"Escapement"="0"
"Width"="0"
"Height"="15"
[HKEY_USERS\S-1-5-21--\Software\Local
AppWizard-Generated Applications\P*D*F*桘媓V\ChildFrame]
"MenuUseXPStyle"="1"
"MenuUseSysBG"="0"
"PrintUseGraphics"="0"
"UseFixedSnapShotDpi"="72"
"FixedSnapShotDpi"="0"
"CustomColor"="0"
"TwoColor"="0"
"ReplaceColor"="0"
"DocBackColor"="64.000000"
"DocForeColor"="1.000000"
"UseCustomFacing"="8"
"UseCustomMargin"="0"
"UseClearType"="0"
"MaxScale"="1"
"DefaultScale"="0"
"DefaultMargin"=""
"DispGrid"="0"
"PreferItem"="0"
"HasReserved"="0"
"HasFacing"="0"
"FacingCount"="2"
"RotatePos"="0"
"ZoomMode"="4"
"ShowMode"="1"
"ChildShowCmd"="3"
"SplitterRate"="0.300000"
"BookmarkBackGround"=""
"BookmarkForeGround"="0"
"ShowBookmark"="1"
[HKEY_USERS\S-1-5-21--\Software\Local
AppWizard-Generated Applications\P*D*F*桘媓V\MainFrame]
"ShowReaderAd"="1"
"ShowEditorAd"="1"
"AdvertiseIndex"="2"
"FindDirection"="1"
"FindWholeWord"="0"
"FindMatchCase"="0"
"CheckSnapShot"="1"
"CheckRegister"="1"
"ShowFullScreen"="0"
"MainShowCmd"="3"
"ShowMenu"="1"
"ShowStatusBar"="1"
"ShowTollBar_Tool"="1"
"ShowTollBar_View"="1"
"ShowTollBar_Normal"="1"
"ShowTollBar_Rebar"="1"
[HKEY_USERS\S-1-5-21--\Software\Microsoft\Internet
Explorer\MenuExt\&*O(u&*艔鳀 N}廬
@="d:\\Program Files\\Thunder
Network\\Thunder\\BHO\\geturl.htm"
"Name"="xl_geturl"
"Contexts"=dword:
[HKEY_USERS\S-1-5-21--\Software\Microsoft\Internet
Explorer\MenuExt\&*O(u&*艔鳀
N}廻Q钀]
@="d:\\Program Files\\Thunder
Network\\Thunder\\BHO\\GetAllUrl.htm"
"Name"="xl_getallurl"
"Contexts"=dword:
[HKEY_USERS\S-1-5-21--\Software\Microsoft\Internet
Explorer\MenuExt\&*O(u&*艔鳀粂縹
@="d:\\Program Files\\Thunder
Network\\Thunder\\BHO\\OfflineDownload.htm"
"Name"="xl_offlinedownload"
"Contexts"=dword:
"迅雷极速版"="d:\\Program Files\\Thunder
Network\\Thunder\\Program\\Thunder.exe"
[HKEY_USERS\S-1-5-21--\Software\Microsoft\Internet
Explorer\MenuExt\O(uQ*Q* N}彥RKb N}廬
@="c:\\Program Files\\Common
Files\\Tencent\\QQMiniDL\\60\\Browser\\xfgeturl.htm"
"Contexts"=dword:
[HKEY_USERS\S-1-5-21--\Software\Microsoft\Internet
Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,4f,ae,ff,40,fc,93,4e,a6,ca,b6,\
"2D53CFFC5C1A3DD2E97BBD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,b5,e1,35,da,1a,1e,43,a9,41,6d,\
[HKEY_USERS\S-1-5-21--\Software\Microsoft\Office\11.0\Common\Open
Find\Microsoft Office Word\Settings\Sb*_]
"PositionInfo-Monitor1"=hex:f7,01,00,00,0e,01,00,00,00,00,00,00,00,00,00,00
[HKEY_USERS\S-1-5-21--\Software\Microsoft\Office\11.0\Common\Open
Find\Microsoft Office Word\Settings\Sb*_\File Name MRU]
"Value"=multi:"\00\00"
"Maximum Entries"=dword:0000000a
[HKEY_USERS\S-1-5-21--\Software\Microsoft\Office\11.0\Common\Open
Find\Microsoft Office Word\Settings\Sb*_\View]
"Data"=hex:04,16,00,47,28,14,14,14,0d,01,02,01,00,18,41,00,0d,00,fa,08,00,00,
90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,\
[HKEY_LOCAL_MACHINE\software\Classes\ACDSee.ais\shell\Sb*_]
@="用 ACDSee 打开"
[HKEY_LOCAL_MACHINE\software\Classes\ACDSee.ais\shell\Sb*_\command]
@="\"c:\\Program Files\\ACDSee5\\ACDSee5.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\software\Classes\ACDSee.AutoPlayHandler\shell\Sb*_]
@="用 ACDSee 打开"
[HKEY_LOCAL_MACHINE\software\Classes\ACDSee.AutoPlayHandler\shell\Sb*_\command]
@="\"c:\\Program Files\\ACDSee5\\ACDSee5.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\software\Classes\ACDSee.ddf\shell\Sb*_]
@="用 ACDSee 打开"
[HKEY_LOCAL_MACHINE\software\Classes\ACDSee.ddf\shell\Sb*_\command]
@="\"c:\\Program Files\\ACDSee5\\ACDSee5.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CLSID]
@="{809B-49E6-B6EC-3F0F862215AA}"
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CurVer]
@="BDATuner.组件.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-BC9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-ABD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-ABD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-ABD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-BC9}"
"Version"="1.0"
--------------------- 运行进程下的动态链接库 ---------------------
- - - - - - - & 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\GOOGLEPINYIN2.IME
c:\windows\system32\WININET.dll
- - - - - - - & 'explorer.exe'(6388)
c:\windows\system32\WININET.dll
c:\windows\system32\GOOGLEPINYIN2.IME
c:\documents and settings\All Users\Application Data\Video
Legend\RBC\Addins\RBCShellExternal.dll
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
d:\progra~1\MICROS~1\Office14\2052\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
ComboFix-quarantined-files.txt
ComboFix2.txt
Pre-Run: 5 个目录 66,424,381,440 可用字节
Post-Run: 6 个目录 66,466,988,032 可用字节
- - End Of File - - 4C66FA1FBFD2AD2D9DA86
博客等级:
博客积分:0
博客访问:2,375,709
关注人气:0
荣誉徽章:
