ComboFix 09-07-22.05 - Doris 2/2009 Wed 23:41.4.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.2047.1676 [GMT -7:00]
執行位置: c:\documents and settings\Doris\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090722-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
注意 - 這台電腦沒有安裝恢復控制台 !!
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYMAVC32
-------\Service_symavc32
-------\Service_WinDriver
((((((((((((((((((((((((( 2009-06-23 至 2009-07-23 的新的檔案 )))))))))))))))))))))))))))))))
.
2009-07-15 22:31 . 2009-02-18 23:43 188416 ----a-w- c:\documents and settings\pris`pris\Application Data\Mozilla\Firefox\Profiles\2qyuxlbc.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
2009-07-15 22:31 . 2009-02-18 18:59 98304 ----a-w- c:\documents and settings\pris`pris\Application Data\Mozilla\Firefox\Profiles\2qyuxlbc.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
2009-07-15 22:31 . 2009-02-12 20:02 28672 ----a-w- c:\documents and settings\pris`pris\Application Data\Mozilla\Firefox\Profiles\2qyuxlbc.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDES.dll
2009-07-15 22:31 . 2009-02-12 19:52 90112 ----a-w- c:\documents and settings\pris`pris\Application Data\Mozilla\Firefox\Profiles\2qyuxlbc.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDESEx.dll
2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-28 08:23 . 2009-06-28 08:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-28 08:23 . 2009-07-19 07:52 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-06-28 08:17 . 2009-07-19 08:56 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-06-28 08:16 . 2009-06-28 08:16 -------- d-----w- c:\program files\Common Files\Skype
2009-06-28 08:16 . 2009-06-28 08:16 -------- d-----r- c:\program files\Skype
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 05:54 . 2009-01-15 16:38 -------- d-----w- c:\documents and settings\Doris\Application Data\881903
2009-07-23 03:37 . 2006-07-23 23:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 03:02 . 2009-05-11 00:46 117760 ----a-w- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-23 02:18 . 2009-01-07 00:45 -------- d-----w- c:\documents and settings\Kevin\Application Data\881903
2009-07-22 19:28 . 2009-07-22 18:27 0 ----a-w- c:\documents and settings\Kevin\ntuser.tmp
2009-07-22 16:52 . 2009-01-09 21:34 155648 ----a-w- c:\documents and settings\User\Application Data\881903\update\hkUpdate.exe
2009-07-22 16:52 . 2008-04-21 01:33 1145896 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\data\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
2009-07-22 16:52 . 2008-04-21 01:33 13288968 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\data\RealPlayer11GOLD.exe
2009-07-22 16:52 . 2008-04-21 01:33 6871480 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\data\firefoxgoogletoolbarsetup.exe
2009-07-22 16:52 . 2008-04-21 01:32 54816 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\schedule.exe
2009-07-22 16:52 . 2008-04-21 01:32 353840 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\setup.exe
2009-07-22 16:52 . 2007-11-17 21:19 1214488 ----a-w- c:\documents and settings\pris`pris\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-22 16:52 . 2009-01-09 21:34 163840 ----a-w- c:\documents and settings\pris`pris\Application Data\881903\update\hkUpdate.exe
2009-07-22 16:51 . 2008-12-15 19:30 1484296 ---ha-w- c:\documents and settings\Kevin\Application Data\netmarble\NMWizard24.exe
2009-07-22 16:51 . 2008-06-27 14:59 4874240 ----a-w- c:\documents and settings\Kevin\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\102\install\Legions.exe
2009-07-22 16:51 . 2007-09-04 21:46 921600 ----a-w- c:\documents and settings\Kevin\Application Data\ijjigame\ijjistarter2.exe
2009-07-22 16:51 . 2008-03-21 15:24 2629632 ----a-w- c:\documents and settings\Kevin\Application Data\GarageGames\IAPlayer\products\7000\install\Zap.exe
2009-07-22 16:51 . 2008-05-21 03:22 3477504 ----a-w- c:\documents and settings\Kevin\Application Data\GarageGames\IAPlayer\products\103\install\bb\Rokkitball.exe
2009-07-22 16:51 . 2008-03-21 14:49 4227072 ----a-w- c:\documents and settings\Kevin\Application Data\GarageGames\IAPlayer\products\101\install\tt\ThinkTanks.exe
2009-07-22 16:51 . 2009-01-09 21:34 155648 ----a-w- c:\documents and settings\Kevin\Application Data\881903\update\hkUpdate.exe
2009-07-22 14:56 . 2007-02-05 06:24 21277080 ----a-w- c:\documents and settings\Doris\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
2009-07-22 14:56 . 2009-01-09 21:34 155648 ----a-w- c:\documents and settings\Doris\Application Data\881903\update\hkUpdate.exe
2009-07-22 14:56 . 2009-02-18 22:13 14579000 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2009-07-22 14:56 . 2008-10-06 06:45 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\Installer\CommonCustomActions\vcredistExec.exe
2009-07-22 14:56 . 2008-06-28 23:44 159744 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-07-22 14:56 . 2007-07-04 00:15 72704 ----atw- c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
2009-07-22 14:55 . 2008-10-06 06:57 23702368 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NokiaSoftwareUpdaterSetup_zh_hk.exe
2009-07-22 14:55 . 2008-10-06 06:45 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\Installer\CommonCustomActions\Sleep.exe
2009-07-22 14:55 . 2008-10-06 06:45 23690528 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NokiaSoftwareUpdaterSetup_1.4.56EN_US.exe
2009-07-22 14:55 . 2008-12-02 07:47 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\Installer\CommonCustomActions\vcredistExec.exe
2009-07-22 14:55 . 2008-12-02 07:47 24679912 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\NokiaSoftwareUpdaterSetup_1.4.64EN_US.exe
2009-07-22 14:55 . 2008-12-02 07:47 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\Installer\CommonCustomActions\Sleep.exe
2009-07-22 14:55 . 2008-06-20 23:26 2246144 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2009-07-22 02:14 . 2009-02-17 01:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-20 08:39 . 2007-09-04 20:59 -------- d-s---w- c:\program files\Xfire
2009-07-20 07:21 . 2008-07-23 23:33 -------- d-----w- c:\documents and settings\Kevin\Application Data\uTorrent
2009-07-20 05:20 . 2007-11-25 16:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-20 05:15 . 2007-09-04 20:59 -------- d-----w- c:\documents and settings\Kevin\Application Data\Xfire
2009-07-15 22:31 . 2008-06-24 22:06 -------- d-----w- c:\documents and settings\pris`pris\Application Data\881903
2009-07-15 22:29 . 2006-09-12 02:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 09:42 . 2009-05-04 01:13 -------- d-----w- c:\program files\PPStream
2009-07-12 09:36 . 2007-05-05 23:45 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2009-07-12 07:08 . 2009-05-04 01:13 -------- d-----w- c:\documents and settings\User\Application Data\PPStream
2009-06-28 08:16 . 2008-03-17 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-23 02:43 . 2006-08-02 05:53 96576 ----a-w- c:\documents and settings\pris`pris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 04:17 . 2007-12-08 22:06 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-19 04:17 . 2007-12-08 22:06 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-19 04:00 . 2009-06-19 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-06-19 04:00 . 2006-07-25 05:57 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-19 04:00 . 2006-07-25 05:57 -------- d-----w- c:\program files\Logitech
2009-06-19 03:07 . 2009-06-19 03:07 -------- d-----w- c:\program files\QuickTime
2009-06-19 03:07 . 2006-08-05 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-19 03:05 . 2009-06-19 03:05 -------- d-----w- c:\program files\Apple Software Update
2009-06-19 03:05 . 2009-06-19 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-18 23:25 . 2009-03-12 19:31 117760 ----a-w- c:\documents and settings\Doris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 06:53 . 2006-07-23 23:16 96576 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-12 01:58 . 2006-07-31 00:53 96576 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 21:09 . 2006-07-31 15:50 96576 ----a-w- c:\documents and settings\Doris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 23:47 . 2007-02-12 17:22 -------- d-----w- c:\program files\Java
2009-06-10 23:47 . 2009-06-10 23:47 152576 ----a-w- c:\documents and settings\Doris\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 21:48 . 2009-06-10 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-10 21:41 . 2009-06-10 21:41 -------- d-----w- c:\program files\Bonjour
2009-06-10 21:41 . 2006-07-29 00:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 19:33 . 2009-03-30 01:34 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-24 15:28 . 2009-05-24 14:36 -------- d-----w- c:\documents and settings\Kevin\Application Data\Download Manager
2009-05-24 04:31 . 2009-05-03 18:43 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-21 18:33 . 2008-12-01 23:57 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 02:58 . 2009-05-11 02:56 27997 ----a-w- c:\windows\scunin.dat
2009-05-11 02:58 . 2009-05-11 02:56 967 ----a-w- c:\windows\ScUnin.pif
2009-05-11 02:58 . 2009-05-11 02:56 94208 ----a-w- c:\windows\ScUnin.exe
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2004-10-01 22:00 . 2006-07-25 01:47 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2003-12-18 19:33 . 2007-06-17 15:18 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 15:46 . 2007-06-17 15:18 10960 ----a-w- c:\program files\EULA.txt
2001-06-20 23:19 . 2001-06-19 23:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
2009-07-22 18:33 . 2008-12-23 18:44 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-04 180269]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-06-19 262144]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 36864]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"PPHIDPAD"="c:\winpenjr\Win32\pphidpad.exe" [2001-10-02 45056]
"sclauncher"="d:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-10-12 94208]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-04-26 14370816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\Kevin\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-7-7 3190096]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-31 03:12 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^PPS.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\PPS.lnk
backup=c:\windows\pss\PPS.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"d:\\THQ\\Dawn Of War\\W40kWA.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v60664C46\\Native\\STUBEXE\\@APPDIR@\\Kuma.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v60664C46\\Native\\STUBEXE\\@APPDIR@\\KumaWar\\KumaWar.exe"=
"d:\\THQ\\Dawn Of War\\W40k.exe"=
"d:\\Spring\\spring.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Spring\\TASClient.exe"=
"c:\\Program Files\\881903\\IETOOLBAR\\AudioUpdMgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bootfighter Windom XP sp-2.NET\\Server.exe"=
"d:\\uTorrent.exe"=
"d:\\THQ\\Dawn of War - Dark Crusade\\DoWModDCpro.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"=
"d:\\Program Files\\CrosuS\\CrosuSApp.exe"=
"d:\\paltalk.exe"=
"d:\\Spring\\SpringDownloader.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\source sdk base\\hl2.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\counter-strike source\\hl2.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\eternal-silence\\hl2.exe"=
"d:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"c:\\Picture This Home\\Kitchen\\Kitchen.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Valve\\Steam\\Steam.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27702:TCP"= 27702:TCP:BitComet 27702 TCP
"27702:UDP"= 27702:UDP:BitComet 27702 UDP
"22438:TCP"= 22438:TCP:BitComet 22438 TCP
"22438:UDP"= 22438:UDP:BitComet 22438 UDP
"13799:TCP"= 13799:TCP:BitComet 13799 TCP
"13799:UDP"= 13799:UDP:BitComet 13799 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
"7603:TCP"= 7603:TCP:BitComet 7603 TCP
"7603:UDP"= 7603:UDP:BitComet 7603 UDP
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/29/2008 2:21 PM 114768]
S1 ppmoucls;ppmoucls;c:\windows\system32\drivers\PPMOUCLS.SYS [8/17/2006 5:05 PM 20704]
S1 pptchpad;PenPower Touchpad;c:\windows\system32\drivers\PPTCHPD5.SYS [11/23/2008 4:56 PM 17216]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/29/2008 2:21 PM 20560]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [7/24/2006 8:33 PM 15104]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/12/2009 6:39 PM 55152]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Kevin\LOCALS~1\Temp\asbp2poa.sys --> c:\docume~1\Kevin\LOCALS~1\Temp\asbp2poa.sys [?]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [5/5/2007 4:45 PM 17408]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
.
‘計劃任務’ 文件夾 裡的內容
2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-07-22 c:\windows\Tasks\User_Feed_Synchronization-{E1F47B19-0106-4F57-884C-0D1A1B6D3E54}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{1b31f7dc-cbf8-443c-8201-58c5f9dec9b7} - (no file)
BHO-{1fa2a215-1942-4502-b17f-4b160a3dff58} - (no file)
HKCU-Run-creative blue - c:\docume~1\Doris\APPLIC~1\IDOLNE~1\htm blah.exe
HKLM-Run-CPM87925875 - c:\windows\system32\dijanumo.dll
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
Notify-xxyxXRkh - xxyxXRkh.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
------- 而外的掃描 -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmsta ... rter25.cab
DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} - hxxp://hpyung.myphotoalbum.com/EasyUploadTool.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/kdfense8237.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Doris\Application Data\Mozilla\Firefox\Profiles\l56nal2h.default\
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\Download Manager\npfpdlm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 23:49
Windows 5.1.2600 Service Pack 3 NTFS
掃描被隱藏的進程 ...
掃描被隱藏的啟動組 ...
掃描被隱藏的文件 ...
掃描完成
被隱藏的檔案: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\DefaultIcon]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe,14"
[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\shell\open\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe \"%1\""
[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\shell\print\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe /p \"%1\""
[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\shell\printto\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""
.
--------------------- 運行進程下的動態鏈接庫 ---------------------
- - - - - - - > 'winlogon.exe'(236)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\sirenacm.dll
- - - - - - - > 'explorer.exe'(1544)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\program files\TortoiseSVN\bin\TortoiseStub.dll
d:\program files\TortoiseSVN\bin\TortoiseSVN.dll
d:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
完成時間: 2009-07-23 23:55
ComboFix-quarantined-files.txt 2009-07-23 06:55
Pre-Run: 46,284,488,704 bytes free
Post-Run: 46,265,217,024 bytes free
363 --- E O F --- 2009-07-21 22:55
