ComboFix 12-01-12.04 - DChen 4/2012 Sat  17:10:41.3.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.936.86.1033.18.3032.2382 [GMT -8:00]
执行位置: c:\documents and settings\DChen.HUD-DONGC\Desktop\ComboFix.exe
.
  Error: Cfiles.dat
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
(((((((((((((((((((((((((  2011-12-15 至 2012-01-15 的新的档案  )))))))))))))))))))))))))))))))
.
.
2012-01-15 00:41 . 2012-01-15 00:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Tools
2012-01-10 01:53 . 2012-01-10 01:53	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-01-09 22:35 . 2012-01-09 22:35	--------	d-----w-	C:\290404c1163c5ca21899
2012-01-09 21:39 . 2012-01-09 21:57	--------	d-----w-	c:\program files\TrustPort
2012-01-09 21:39 . 2012-01-09 21:56	--------	d-----w-	c:\program files\Common Files\TrustPort
2012-01-09 20:14 . 2012-01-09 20:14	--------	d-----w-	C:\a2c3114621af83cc891d5a
2012-01-09 01:24 . 2012-01-09 01:24	--------	d-----w-	c:\documents and settings\DChen.HUD-DONGC\Application Data\AVG10
2012-01-09 01:23 . 2012-01-09 01:23	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2012-01-09 01:23 . 2012-01-09 01:23	--------	d-----w-	c:\documents and settings\All Users\Application Data\Common Files
2012-01-09 01:22 . 2012-01-09 20:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG10
2012-01-09 01:22 . 2012-01-09 20:49	--------	d-----w-	c:\windows\system32\drivers\AVG
2012-01-09 01:21 . 2012-01-09 01:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2012-01-08 23:02 . 2012-01-08 23:02	664	----a-w-	c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-01-08 22:48 . 2012-01-08 22:48	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-01-02 20:44 . 2012-01-08 22:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\WRData
2012-01-02 19:06 . 2012-01-02 19:06	--------	d-----w-	c:\documents and settings\DChen.HUD-DONGC\Application Data\Malwarebytes
2012-01-02 19:06 . 2012-01-02 19:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-02 19:06 . 2012-01-15 00:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2008-07-21 22:50	1859584	------w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-07-21 22:49	60416	------w-	c:\windows\system32\packager.exe
2011-11-04 19:20 . 2008-07-21 22:50	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-07-21 22:49	43520	------w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-07-21 22:49	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-07-21 22:49	385024	------w-	c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-07-21 22:49	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-07-21 22:49	33280	------w-	c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 00:54	2148864	------w-	c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01	2027008	------w-	c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-07-21 22:49	186880	------w-	c:\windows\system32\encdec.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-01-13_02.03.42   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-09 12:35 . 2008-04-18 21:43	10752              c:\windows\system32\TDDL.dll
- 2009-09-09 12:35 . 2008-04-18 05:43	10752              c:\windows\system32\TDDL.dll
+ 2012-01-13 06:00 . 2008-03-26 21:21	13824              c:\windows\system32\ReinstallBackups\0001\DriverFiles\tpm.sys
+ 2012-01-13 06:00 . 2008-04-18 21:43	10752              c:\windows\system32\ReinstallBackups\0001\DriverFiles\TDDL.dll
+ 2012-01-13 05:43 . 2009-02-12 20:39	48640              c:\windows\system32\Lang\iTPM\CHS\ITPMCHS.dll
- 2009-09-09 12:35 . 2008-03-26 05:21	13824              c:\windows\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\tpm.sys
+ 2009-09-09 12:35 . 2008-03-26 21:21	13824              c:\windows\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\tpm.sys
+ 2009-09-09 12:35 . 2008-04-18 21:43	10752              c:\windows\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\TDDL.dll
- 2009-09-09 12:35 . 2008-04-18 05:43	10752              c:\windows\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\TDDL.dll
+ 2009-09-09 12:35 . 2008-03-26 21:21	13824              c:\windows\system32\drivers\tpm.sys
- 2009-09-09 12:35 . 2008-03-26 05:21	13824              c:\windows\system32\drivers\tpm.sys
+ 2011-11-18 12:35 . 2011-11-18 12:35	60416              c:\windows\system32\dllcache\packager.exe
+ 2009-09-09 12:35 . 2009-02-12 20:48	993816              c:\windows\system32\ITPMudlg.exe
- 2009-09-09 12:35 . 2008-05-06 04:51	993816              c:\windows\system32\ITPMudlg.exe
+ 2009-09-09 12:35 . 2008-07-23 21:54	319456              c:\windows\system32\difxapi.dll
- 2009-09-09 12:35 . 2006-11-10 00:25	319456              c:\windows\system32\difxapi.dll
+ 2012-01-08 22:44 . 2012-01-15 00:42	39390732              c:\windows\system32\Restore\rstrlog.dat
+ 2009-09-17 17:03 . 2012-01-13 11:00	52128560              c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94C3E4BB-A261-4A83-B437-EA6F7A28CA68}]
2011-05-11 12:36	186256	------w-	c:\program files\Kuaiwan\QvodGameExtend.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [2009-10-02 82432]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-13 39408]
"Kuaiwan"="c:\program files\Kuaiwan\Kuaiwan.exe" [2011-06-03 1234832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-15 61728]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-01-26 92960]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2009-03-13 16384]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-02-18 389120]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-02-18 208896]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-17 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-04-17 172032]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MWREGICBC.exe"="c:\program files\ICBCEbankTools\MingWah\MWREGICBC.exe" [2011-10-10 50632]
"D4Svr_ICBC.exe"="D4Svr_ICBC.exe" [2011-01-13 66864]
"eKeyClient_csp.exe"="c:\program files\Mingwah_v2\eKeyClient_csp.exe" [2010-10-12 526336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-04-07 85528]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-9 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37	34344	------w-	c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0tpnative
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-725345543-854245398-2145752213-29152\Scripts\Logon\0\0]
"Script"=hud_jre.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-725345543-854245398-2145752213-3161\Scripts\Logon\0\0]
"Script"=hud_jre.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\Kuaiwan\\Kuaiwan.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 4:57 PM 20520]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 26624]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [9/9/2009 4:36 AM 23080]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 12:15 AM 13480]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 4:50 PM 46144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 9:16 AM 130384]
S2 CMB8100;CMB8100;\??\c:\windows\system32\Drivers\CertClient.dat --> c:\windows\system32\Drivers\CertClient.dat [?]
S2 CMBProtector;CMBProtector;\??\c:\windows\system32\Drivers\CMBProtector.dat --> c:\windows\system32\Drivers\CMBProtector.dat [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/13/2011 10:08 AM 136176]
S2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [4/21/2011 3:46 PM 428960]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [4/16/2009 8:05 PM 45424]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/11/2012 11:46 AM 652872]
S2 OnKey Service _ICBC;OnKey Service _ICBC;c:\windows\system32\D4Ser_ICBC.exe [1/12/2011 6:36 PM 58672]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/9/2009 4:47 AM 53248]
S2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [4/16/2009 8:05 PM 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 2:34 PM 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 4:50 PM 360448]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/12/2012 9:43 PM 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [9/9/2009 4:26 AM 72192]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys --> c:\windows\system32\Drivers\ATSwpWDF.sys [?]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [9/9/2009 4:25 AM 243856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/13/2011 10:08 AM 136176]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 2:54 PM 37312]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/21/2008 2:50 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 9:16 AM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
 ‘计划任务’ 文件夹 里的内容
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-13 18:08]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-13 18:08]
.
2012-01-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-09 16:53]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZLxdm256YYUS&ptb=yffytTlKc120Lbqgcc163g
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: com.cn\*.icbc
Trusted Zone: icbc.com.cn
Trusted Zone: icbc.com.cn\*
Trusted Zone: vectron.com\appsascp
Trusted Zone: vectron.com\appsdev01
Trusted Zone: vectron.com\appsdev01ascp
Trusted Zone: vectron.com\appsprod
Trusted Zone: vectron.com\appstest
Trusted Zone: vectron.com\appstestascp
Trusted Zone: vectron.com\cosxaorjg
Trusted Zone: vectron.com\cosxapa10
Trusted Zone: vectron.com\mdsxaorkm
Trusted Zone: vectron.com\mdsxapa20
Trusted Zone: vectron.com\preprod
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: {6B68CDBA-8AFE-4CAC-80FB-727B9F946957} - hxxp://helpstar.vectron.com/hsActiveX/HPluginI.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} - hxxp://szdl.cmbchina.com/download/PB/pb50.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 17:42
Windows 5.1.2600 Service Pack 3 NTFS
.
扫描被隐藏的进程 。。。  
.
扫描被隐藏的启动组 。。。 
.
扫描被隐藏的文件 。。。  
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CMB8100]
"ImagePath"="\??\c:\windows\system32\Drivers\CertClient.dat"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CMBProtector]
"ImagePath"="\??\c:\windows\system32\Drivers\CMBProtector.dat"
.
完成时间: 2012-01-14  17:57:20
ComboFix-quarantined-files.txt  2012-01-15 01:56
ComboFix2.txt  2012-01-13 02:20
.
Pre-Run: 93,292,916,736 bytes free
Post-Run: 93,277,732,864 bytes free
.
- - End Of File - - 410C45F21BBBB31DAD4055220800927C