ComboFix 10-04-13.04 - penny /04/14 星期三 22:46:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1028.18.766.525 [GMT 8:00]
執行位置: F:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Adobe\acrotray .exe
c:\recycler\S-1-5-21-1085031214-1645522239-725345543-1003
.
((((((((((((((((((((((((( 2010-03-14 至 2010-04-14 的新的檔案 )))))))))))))))))))))))))))))))
.
2010-04-14 20:15 . 2010-04-14 20:21 -------- d-----w- c:\windows\L2Schemas
2010-04-14 20:15 . 2010-04-14 20:21 -------- d-----w- c:\windows\system32\zh-CHT
2010-04-14 14:33 . 2008-04-13 16:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-14 13:58 . 2010-04-14 13:58 -------- d-----w- C:\SWsetup
2010-04-14 13:35 . 2009-03-30 01:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-14 13:35 . 2009-02-13 03:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-14 13:35 . 2009-02-13 03:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-14 12:48 . 2010-04-14 12:48 -------- d-----w- c:\documents and settings\penny.PENNY-30DCE5322
2010-04-14 12:45 . 2010-04-14 12:45 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2010-04-14 12:45 . 2010-04-14 12:45 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2010-04-14 12:42 . 2008-04-15 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-04-14 12:41 . 2008-04-15 12:00 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2010-04-14 12:40 . 2008-04-15 12:00 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2010-04-14 12:36 . 2008-04-15 12:00 563712 -c--a-w- c:\windows\system32\dllcache\msobmain.dll
2010-04-14 12:35 . 2008-04-15 12:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2010-04-14 12:35 . 2008-04-15 12:00 5632 ----a-w- c:\windows\system32\write.exe
2010-04-14 12:30 . 2001-08-17 05:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-04-14 12:30 . 2008-04-13 16:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2010-04-14 12:30 . 2008-04-13 16:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2010-04-14 12:30 . 2008-04-13 16:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2010-04-14 12:30 . 2008-04-14 14:00 147968 ----a-w- c:\windows\system32\irftp.exe
2010-04-14 12:30 . 2008-04-14 14:00 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-14 12:30 . 2008-04-14 13:59 24064 ----a-w- c:\windows\system32\irmon.dll
2010-04-14 12:30 . 2008-04-14 13:18 55168 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-04-14 12:30 . 2008-04-14 13:18 270464 ----a-w- c:\windows\system32\drivers\bthport.sys
2010-04-14 12:30 . 2008-04-13 16:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2010-04-14 12:29 . 2001-08-17 05:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-04-14 12:29 . 2008-04-14 13:24 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-04-14 12:29 . 2008-04-14 14:00 65536 ----a-w- c:\windows\system32\usbui.dll
2010-04-14 12:28 . 2008-04-13 16:06 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-04-14 12:28 . 2008-04-14 13:17 16128 ----a-w- c:\windows\system32\drivers\battc.sys
2010-04-14 12:28 . 2008-04-13 16:06 13952 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-04-14 12:25 . 2008-04-15 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbd101a.dll
2010-04-14 12:24 . 2008-04-15 12:00 274489 -c--a-w- c:\windows\system32\dllcache\imjputyc.dll
2010-04-14 12:23 . 2010-04-14 12:40 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2010-04-14 12:23 . 2010-04-14 12:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2010-04-13 17:20 . 2010-04-13 17:20 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-04-13 17:15 . 2010-04-13 17:26 -------- d-----w- c:\documents and settings\penny\Local Settings\Application Data\Adobe
2010-04-13 15:01 . 2010-04-13 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-13 15:01 . 2010-04-13 15:01 -------- d-----w- c:\documents and settings\penny\Application Data\Office Genuine Advantage
2010-04-12 16:31 . 2010-04-12 16:31 -------- d-sh--r- c:\windows\system32\wyssagy .exe
2010-04-12 16:31 . 2010-04-12 16:31 -------- d-sh--r- c:\windows\system32\wyssagy .exe
2010-04-12 16:30 . 2010-04-12 16:30 -------- d-sh--r- c:\windows\system32\houquynoo .exe
2010-04-12 14:25 . 2010-04-14 20:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-12 14:23 . 2010-04-12 14:23 -------- d-----w- c:\program files\MSXML 4.0
2010-04-12 14:22 . 2010-04-12 14:22 -------- d-----w- c:\documents and settings\penny\Application Data\ML
2010-04-12 14:22 . 2010-04-12 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-04-12 14:22 . 2010-04-12 14:23 -------- d-----w- c:\windows\system32\DRVSTORE
2010-04-12 14:22 . 2010-04-12 14:22 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-04-12 14:22 . 2010-04-12 14:22 -------- d-----w- c:\program files\DIFX
2010-04-12 14:21 . 2010-04-12 14:21 -------- d-----w- c:\program files\MarkAny
2010-04-12 14:19 . 2010-04-12 14:23 -------- d-----w- c:\documents and settings\penny\Local Settings\Application Data\Downloaded Installations
2010-04-12 13:45 . 2010-04-13 10:31 -------- d-----w- c:\program files\Windows Defender
2010-04-12 12:23 . 2010-04-12 16:42 -------- d-----w- C:\ef_backup
2010-04-10 16:24 . 2010-04-10 16:24 69632 ----a-w- c:\documents and settings\penny\Application Data\Samsung\New PC Studio\DriverChecker.exe
2010-04-10 07:54 . 2010-04-12 14:03 -------- d-----w- c:\program files\NextLink
2010-04-10 07:17 . 2010-04-10 07:17 -------- d-----w- c:\program files\FreeTime
2010-04-09 16:44 . 2010-04-09 16:44 -------- d-----w- c:\documents and settings\penny\Application Data\PC Suite
2010-04-09 16:38 . 2010-04-09 16:38 -------- d-----w- c:\documents and settings\penny\Application Data\Samsung
2010-04-09 16:36 . 2010-04-12 14:22 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-09 16:35 . 2010-04-12 14:22 -------- d-----w- c:\program files\Samsung
2010-04-09 16:17 . 2010-04-13 17:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 13:00 . 2010-04-07 13:00 -------- d-----w- c:\program files\s01401_p
2010-04-01 15:42 . 2010-04-10 16:13 439816 ----a-w- c:\documents and settings\penny\Application Data\Real\Update\setup3.10\setup.exe
2010-03-30 11:35 . 2010-03-30 11:35 -------- d-----w- c:\documents and settings\All Users\「開始」功
2010-03-30 11:35 . 2010-04-14 20:14 -------- d-----w- c:\windows\Moon Forget Screen Saver
2010-03-30 11:35 . 2010-04-14 20:15 -------- d-----w- c:\windows\Uninstall
2010-03-23 16:29 . 2010-03-23 17:40 -------- d-----w- c:\documents and settings\penny\Local Settings\Application Data\Temp
2010-03-23 15:34 . 2010-03-23 15:34 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-23 15:33 . 2010-03-23 15:33 -------- d-----w- c:\program files\Real
2010-03-23 15:33 . 2010-03-23 15:35 -------- d-----w- c:\program files\Common Files\Real
2010-03-23 15:29 . 2010-03-23 15:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-23 15:25 . 2010-03-23 15:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-03-23 15:24 . 2010-04-12 14:24 -------- d-----w- c:\documents and settings\penny\Local Settings\Application Data\Google
2010-03-23 15:21 . 2010-03-23 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-23 15:21 . 2010-04-12 12:04 -------- d-----w- c:\program files\Google
2010-03-23 15:05 . 2010-04-12 16:11 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-23 14:55 . 2010-03-23 14:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-03-22 17:29 . 2010-03-22 17:29 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-03-22 17:13 . 2010-03-22 17:13 -------- d-----w- c:\windows\ServicePackFiles
2010-03-22 12:28 . 2010-04-13 15:53 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-22 12:08 . 2010-03-23 18:31 -------- d-----w- c:\program files\Microsoft Works
2010-03-22 12:08 . 2010-03-22 12:08 -------- d-----w- c:\program files\MSBuild
2010-03-22 12:02 . 2010-04-14 13:26 -------- d--h--w- c:\windows\ShellNew
2010-03-22 12:01 . 2010-03-22 12:01 -------- d-----w- c:\documents and settings\penny\Local Settings\Application Data\Microsoft Help
2010-03-22 12:00 . 2010-03-25 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-22 12:00 . 2010-03-22 12:00 -------- d-----r- C:\MSOCache
2010-03-22 04:22 . 2010-04-12 14:23 -------- d-----w- c:\documents and settings\penny\.rainlendar2
2010-03-21 13:38 . 2010-03-21 13:38 4370528 ----a-w- c:\documents and settings\penny\Application Data\PPLive\PPTV\Update\PPTV_Update.exe
2010-03-21 12:44 . 2010-03-21 12:44 -------- d-----w- c:\documents and settings\penny\Local Settings\Application Data\VirtualStore
2010-03-21 12:44 . 2010-03-21 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Jlcm
2010-03-21 12:44 . 2010-03-21 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PPLive
2010-03-21 12:44 . 2010-03-21 12:44 -------- d-----w- c:\documents and settings\penny\Application Data\PPLive
2010-03-21 12:43 . 2010-03-21 12:44 -------- d-----w- c:\program files\PPLive
2010-03-21 12:43 . 2010-04-12 16:50 -------- d-----w- c:\program files\Common Files\PPLiveNetwork
2010-03-21 12:37 . 2010-04-14 12:34 -------- d-----w- c:\windows\system32\zh-tw
2010-03-21 12:03 . 2010-03-21 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-03-21 12:03 . 2010-03-21 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-21 12:03 . 2010-03-23 14:54 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-21 11:53 . 2010-03-23 14:46 -------- d-----w- c:\documents and settings\penny\Local Settings\Application Data\Yahoo
2010-03-21 11:52 . 2010-04-13 14:46 -------- d-----w- c:\documents and settings\penny\Tracing
2010-03-21 11:50 . 2010-03-21 11:50 -------- d-----w- c:\program files\Microsoft
2010-03-21 11:50 . 2010-03-21 11:50 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-21 11:49 . 2010-03-21 11:51 -------- d-----w- c:\program files\Windows Live
2010-03-21 11:48 . 2010-03-22 11:53 -------- d-----w- c:\documents and settings\penny\Application Data\PCMan Combo
2010-03-21 11:43 . 2010-03-21 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-21 11:43 . 2010-03-23 14:46 -------- d-----w- c:\documents and settings\penny\Application Data\Yahoo!
2010-03-21 11:43 . 2010-02-16 18:51 603448 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-03-21 11:43 . 2010-03-21 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-21 11:41 . 2010-03-21 11:41 -------- d-----w- c:\documents and settings\penny\Local Settings\Application Data\Mozilla
2010-03-21 11:38 . 2010-03-21 11:43 -------- d-----w- c:\program files\Yahoo!
2010-03-21 11:37 . 2010-03-21 11:37 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-21 11:36 . 2010-04-14 10:17 -------- d-----w- c:\documents and settings\penny\Application Data\PPStream
2010-03-21 11:36 . 2010-04-14 10:15 -------- d-----w- c:\program files\PPStream
2010-03-21 11:18 . 2010-04-12 12:53 -------- d--h--w- c:\windows\$hf_mig$
2010-03-21 11:16 . 2010-03-21 11:16 -------- d-----w- c:\program files\PCMan Combo
2010-03-21 11:14 . 2010-04-13 17:44 76632 ----a-w- c:\documents and settings\penny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-21 11:05 . 2009-11-25 03:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-21 11:05 . 2010-03-21 11:05 -------- d-----w- c:\program files\Avira
2010-03-21 11:05 . 2010-03-21 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 14:15 . 2008-04-15 12:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-04-14 14:13 . 2010-04-14 13:56 1606 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-04-14 14:13 . 2008-04-15 12:00 44340 ----a-w- c:\windows\system32\prfc0404.dat
2010-04-14 14:13 . 2008-04-15 12:00 132292 ----a-w- c:\windows\system32\prfh0404.dat
2010-04-14 12:39 . 2010-04-14 12:39 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-14 12:36 . 2010-04-14 12:36 21456 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-12 14:23 . 2010-03-20 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-20 17:27 . 2010-03-20 17:27 -------- d-----w- c:\program files\Synaptics
2010-03-20 17:26 . 2010-03-20 17:26 -------- d-----w- c:\program files\CyberLink
2010-03-20 17:25 . 2010-03-20 17:25 -------- d-----w- c:\program files\CONEXANT
2010-03-20 17:24 . 2010-03-20 17:24 -------- d-----w- c:\program files\Keyboard Manager
2010-03-20 17:24 . 2010-03-20 17:07 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-20 17:23 . 2010-03-20 17:23 -------- d-----w- c:\program files\BroadCom GB LAN
2010-03-20 17:23 . 2010-03-20 17:23 -------- d-----w- c:\program files\Gigabyte
2010-03-20 17:18 . 2010-03-20 17:18 -------- d-----w- c:\program files\WIDCOMM
2010-03-20 17:17 . 2010-03-20 17:17 -------- d-----w- c:\program files\ATI Technologies
2010-03-20 17:11 . 2010-03-20 17:05 -------- d-----w- c:\program files\Intel
2010-03-20 16:48 . 2010-03-20 16:48 -------- d-----w- c:\program files\microsoft frontpage
.
[code]<pre>
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Keyboard Manager\Manager Utility\keyboardmanager .exe
c:\program files\PPStream\ppsap .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>[/code]
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\penny\「開始」功能表\程式集\啟動\
PPS.lnk - c:\program files\PPStream\PPStream.exe [2010-2-2 2665352]
c:\documents and settings\All Users\「開始」功能表\程式集\啟動\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-4-12 553021]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010/3/21 下午 07:05 108289]
.
.
------- 而外的掃描 -------
.
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 22:50
Windows 5.1.2600 Service Pack 3 NTFS
掃描被隱藏的進程 ...
掃描被隱藏的啟動組 ...
掃描被隱藏的文件 ...
掃描完成
被隱藏的檔案: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"
.
完成時間: 2010-04-14 22:52:24
ComboFix-quarantined-files.txt 2010-04-14 14:52
ComboFix2.txt 2010-04-09 15:51
Pre-Run: 8,889,806,848 位元組可用
Post-Run: 9,146,482,688 位元組可用
- - End Of File - - E7C729A4FD7C5DFE9B6A3DDF2D0BE608
|
