Thank you Jack&Jill!
=========================
ComboFix 09-09-14.02 - USE 9/2009 Wed 12:53.1.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.950.852.1028.18.1023.818 [GMT 8:00]
執行位置: c:\documents and settings\USE\My Documents\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090915-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
注意 - 這台電腦沒有安裝恢復控制台 !!
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\USE\Application Data\.#
c:\documents and settings\USE\Application Data\.#\MBX@37C@3E4170.###
c:\documents and settings\USE\Application Data\.#\MBX@37C@3E41A0.###
c:\documents and settings\USE\Application Data\.#\MBX@37C@3E41D0.###
c:\documents and settings\USE\Application Data\.#\MBX@850@3E4170.###
c:\documents and settings\USE\Application Data\.#\MBX@850@3E41A0.###
c:\documents and settings\USE\Application Data\.#\MBX@850@3E41D0.###
c:\documents and settings\USE\Application Data\BITS
c:\documents and settings\USE\Application Data\BITS\BITS.ini
c:\documents and settings\USE\Application Data\BITS\DHTTable.dat
c:\documents and settings\USE\Application Data\BITS\ProxyList.ini
c:\documents and settings\USE\Application Data\BITS\UPnP.ini
c:\documents and settings\USE\Application Data\FlashGetBHO
c:\documents and settings\USE\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\USE\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\USE\Application Data\FlashGetBHO\GetUrl.htm
c:\documents and settings\USE\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\USE\Application Data\Microsoft\Internet Explorer\Quick Launch\System\RAM_XP.exe
c:\program files\NamiRobot\DUTOol.exe
c:\windows\Installer\101307.msi
c:\windows\Installer\287147a.msi
c:\windows\Installer\4cb7d.msi
c:\windows\Installer\9b67a6.msi
c:\windows\system32\ieuinit.inf
c:\windows\system32\secustat.dat
.
((((((((((((((((((((((((( 2009-08-16 至 2009-09-16 的新的檔案 )))))))))))))))))))))))))))))))
.
2009-09-15 08:01 . 2009-09-15 08:01 -------- d-----w- c:\windows\Ulead.dat
2009-09-15 08:01 . 2009-09-15 08:01 -------- d-----w- c:\windows\Noslip
2009-09-15 08:01 . 1998-10-29 08:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-09-15 07:59 . 1999-10-15 04:50 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-09-15 07:59 . 1999-01-28 07:44 49152 ----a-w- c:\windows\system32\INETWH32.dll
2009-09-15 07:59 . 2009-09-15 07:59 -------- d-----w- c:\program files\UleadGifAnimator5.6FullFX
2009-09-14 14:25 . 2009-09-14 14:25 -------- d-----w- c:\documents and settings\USE\Local Settings\Application Data\Apple Computer
2009-09-13 10:54 . 2009-09-13 10:54 -------- d-----w- c:\documents and settings\USE\Application Data\gtk-2.0
2009-09-13 10:52 . 2009-09-13 14:43 -------- d-----w- c:\documents and settings\USE\.tucan
2009-09-13 10:51 . 2009-09-13 17:26 -------- d-----w- c:\program files\Megaupload,Etc-ManagerTucan
2009-09-13 03:44 . 2009-09-13 03:44 -------- d-----r- c:\documents and settings\捷徑 - HomeVideosWithChildren
2009-09-13 03:43 . 2009-09-13 03:43 -------- d-----r- c:\documents and settings\捷徑 - MJ Rare Songs Part 3
2009-09-12 11:50 . 2009-09-14 08:29 288 ----a-w- C:\sccfg.sys
2009-09-12 09:42 . 2009-09-12 19:26 1477 ----a-w- c:\windows\system32\secushr.dat
2009-09-11 07:24 . 2009-09-11 07:24 -------- d-----w- c:\program files\ICE BookReaderProfessional8.92Uncracked
2009-09-10 12:14 . 2009-09-10 12:14 -------- d-----r- c:\documents and settings\捷徑 - ~eBook
2009-09-10 11:32 . 2009-09-10 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-10 11:31 . 2009-09-10 11:32 -------- d-----w- c:\program files\QuickTime Alternative
2009-09-10 06:58 . 2009-09-10 06:58 -------- d-----r- c:\documents and settings\捷徑 - 30thAnniversaryConcert2001
2009-09-10 05:53 . 2009-09-10 05:53 -------- d-----r- c:\documents and settings\捷徑 - ~Music - ToFindAlone&MoveToVoice&DeleteFmPlaylist
2009-09-10 05:39 . 2002-09-22 04:42 17408 ----a-w- c:\windows\Shortcut.exe
2009-09-10 05:39 . 2009-09-10 05:39 -------- d-----w- c:\program files\RAM Idle LE
2009-09-10 01:46 . 2009-09-10 01:46 -------- d-----w- c:\windows\Downloaded Installations
2009-09-10 01:15 . 2007-03-04 12:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
2009-09-10 01:15 . 2007-03-04 12:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
2009-09-10 01:11 . 2009-09-10 01:11 -------- d-----w- c:\program files\Replay Converter
2009-09-10 01:07 . 2009-09-10 01:11 737280 ----a-w- c:\windows\iun6002.exe
2009-09-10 01:05 . 2009-09-11 16:56 -------- d-----w- c:\program files\Replay AV 8
2009-09-10 00:36 . 2009-06-21 21:46 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 18:49 . 2009-09-08 18:49 -------- d-----r- c:\documents and settings\捷徑 - Interviews
2009-09-08 03:33 . 2009-09-08 03:33 -------- d-----w- c:\program files\AudioJoinerShuangs
2009-09-07 17:35 . 2009-09-09 02:52 -------- d-----w- c:\program files\yBook
2009-09-07 12:10 . 2009-09-07 12:10 -------- d-----w- c:\documents and settings\USE\Local Settings\Application Data\yBook
2009-09-07 12:09 . 1998-05-11 12:01 240944 ----a-w- c:\windows\system32\RICHED.DLL
2009-09-06 05:10 . 2009-09-06 05:10 -------- d-----r- c:\documents and settings\捷徑 - Sundries
2009-09-05 10:32 . 2009-09-05 10:32 -------- d-----w- c:\documents and settings\USE\Local Settings\Application Data\Thinstall
2009-09-05 10:32 . 2009-09-05 10:32 -------- d-----w- c:\documents and settings\USE\Application Data\Thinstall
2009-08-30 01:33 . 2009-08-30 01:33 -------- d-----w- c:\documents and settings\USE\Application Data\Megaupload
2009-08-28 17:10 . 2009-09-16 04:59 -------- d-----w- c:\program files\NamiRobot
2009-08-22 05:47 . 2009-08-22 15:58 0 ----a-w- c:\windows\system32\Infob.dat
2009-08-22 05:47 . 2009-08-22 15:58 0 ----a-w- c:\windows\system32\Infoa.dat
2009-08-22 05:41 . 2009-08-22 05:49 330 ----a-w- c:\windows\system32\treeinfo.dat
2009-08-22 04:34 . 2009-08-22 04:34 -------- d-----w- c:\documents and settings\USE\Application Data\GrabPro
2009-08-22 04:33 . 2009-08-22 18:01 -------- d-----w- c:\documents and settings\USE\Application Data\Orbit
2009-08-22 01:40 . 2009-08-22 01:40 -------- d-----w- c:\program files\WinPcap
2009-08-21 13:16 . 2009-08-21 13:16 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 13:16 . 2009-08-21 13:16 -------- d-----w- c:\program files\MSBuild
2009-08-21 13:15 . 2009-08-21 13:15 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 13:14 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 13:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 13:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 13:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 13:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 13:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 13:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 13:14 . 2009-08-21 13:15 -------- d-----w- C:\33fca40b1b2da3d328178e0c
2009-08-17 14:30 . 2009-08-17 14:30 -------- d-----w- c:\program files\Boilsoft Video Splitter
2009-08-17 14:01 . 2009-08-17 14:01 -------- d-----w- c:\program files\Video Cutter
2009-08-17 05:17 . 2009-08-17 05:17 -------- d-----w- c:\program files\YouTube Downloader
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 04:38 . 2009-04-17 04:37 -------- d-----w- c:\program files\BitComet
2009-09-15 08:09 . 2009-04-16 15:44 -------- d-----w- c:\program files\NJStar Communicator
2009-09-15 07:59 . 2009-03-25 00:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-15 06:19 . 2009-04-21 08:58 -------- d-----w- c:\documents and settings\USE\Application Data\XnView
2009-09-14 19:54 . 2009-05-19 05:14 -------- d-----w- c:\program files\a-squared Free
2009-09-14 09:52 . 2009-04-25 07:32 -------- d-----w- c:\program files\dBpowerAMP
2009-09-12 11:25 . 2009-04-18 01:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-12 08:59 . 2009-03-25 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-09-11 16:57 . 2009-04-21 02:06 35363 ----a-w- c:\windows\system32\windrvNT.sys
2009-09-10 12:16 . 2009-04-16 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ClickOff
2009-09-05 08:06 . 2009-04-30 11:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-05 08:06 . 2009-03-25 00:49 -------- d-----w- c:\program files\Java
2009-09-03 01:13 . 2009-08-02 01:08 -------- d-----w- c:\program files\PDFKILLER
2009-08-21 13:43 . 2009-04-14 10:00 59864 ----a-w- c:\documents and settings\USE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 13:27 . 2005-01-18 00:31 358494 ----a-w- c:\windows\system32\prfh0404.dat
2009-08-21 13:27 . 2005-01-18 00:31 132422 ----a-w- c:\windows\system32\prfc0404.dat
2009-08-21 08:38 . 2009-04-17 12:22 -------- d-----w- c:\documents and settings\USE\Application Data\Media Player Classic
2009-08-17 05:11 . 2009-08-17 01:54 -------- d-----w- c:\documents and settings\USE\Application Data\Xilisoft
2009-08-12 23:28 . 2009-08-12 23:28 -------- d-----w- c:\documents and settings\USE\Application Data\Xilisoft Corporation
2009-08-12 16:05 . 2009-08-12 16:05 1367 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
2009-08-12 16:05 . 2009-04-25 07:32 130048 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-08-09 17:09 . 2009-04-16 03:17 -------- d-----w- c:\program files\Shapez
2009-08-06 17:29 . 2009-08-06 17:29 -------- d-----w- c:\documents and settings\USE\Application Data\iSilo
2009-08-06 17:09 . 2009-08-06 17:09 -------- d-----w- c:\program files\iSilo
2009-08-05 12:20 . 2009-04-18 00:26 -------- d-----w- c:\program files\Amelies Cafe
2009-08-05 08:59 . 2005-01-18 00:30 201728 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:49 . 2009-08-05 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-08-02 01:17 . 2009-07-29 16:50 -------- d-----w- c:\program files\PDF 2 HTML 1
2009-07-31 07:09 . 2009-07-31 07:09 -------- d-----w- c:\documents and settings\USE\Application Data\TeamViewer
2009-07-29 16:50 . 2009-07-29 16:50 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2009-07-25 18:27 . 2009-04-17 04:36 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-25 18:24 . 2009-04-22 10:48 -------- d-----w- c:\program files\Flash Video Splitter
2009-07-25 10:51 . 2009-07-13 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprouts Adventure
2009-07-23 13:16 . 2009-05-12 10:08 -------- d-----w- c:\documents and settings\USE\Application Data\OpenOffice.org2
2009-07-17 19:02 . 2005-01-18 00:29 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:35 . 2009-04-17 03:24 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-13 02:08 . 2005-01-18 00:31 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:48 . 2005-01-18 00:31 652288 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:48 . 2005-01-18 00:30 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:25 . 2005-01-18 00:31 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-01-18 00:30 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-01-18 00:30 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2005-01-18 00:30 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2005-01-18 00:30 708096 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2005-01-18 00:30 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2005-01-18 00:30 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2002-07-26 09:02 . 2009-05-03 16:43 153088 ----a-w- c:\program files\UNWISE.EXE
2007-03-09 08:12 . 2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Free Internet Window Washer"="c:\program files\Free Internet Window Washer\Clearpch.exe" [2009-03-17 1541120]
"Sensiva"="c:\tools\Symbol Commander Pro\Sensiva.exe" [2002-04-05 2203648]
"Winsplit"="c:\tools\WinSplit Revolution\WinSplit.exe" [2008-06-04 3825152]
"Mmm"="c:\program files\MmmHACE\Mmm.exe" [2009-04-19 877568]
"DW6"="c:\progra~1\THEWEA~1\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"FontLoader"="c:\program files\ShellToolsMoonSoftware\FontLoaderSysTray.exe" [2007-12-27 120048]
"$Volumouse$"="c:\tools\VolumeMouse\volumouse.exe" [2008-11-10 31744]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744]
"Wallpaper Manager"="c:\program files\WallpaperChangerAdolix\AWC.exe" [2008-03-14 1946624]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-03-09 2564408]
"ccleaner"="c:\tools\ccCleaner223\CCleaner.exe" [2009-08-26 1681208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtnMovie"="1152 x 864 @ 1Hz 32bit colors" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392]
"CHotkey"="c:\apps\Chicony\chicony.bat" [2005-09-28 54]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-16 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-16 131072]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
"PostOOBE"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"Grid Service"="c:\program files\GridService\peer.exe" [2008-12-30 4993024]
"AutoShutdown"="c:\windows\zenotib\zenotib.exe" [2008-04-13 1376768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-05 149280]
"RAM Idle Professional"="c:\program files\RAM Idle LE\RAM_XP.exe" [2006-01-16 135168]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\Logi_MwX.Exe [2003-12-17 19968]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-05-28 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\USE\「開始」功能表\程式集\啟動\
#Megaupload下不了.url [2009-9-14 199]
a-squared Free.lnk - c:\program files\a-squared Free\a2free.exe [2009-5-19 3921008]
AutoHotkeyDateIndicator(ByTic).lnk - c:\tools\AutoHotkeyDateIndicator(ByTic).ahk [2009-4-16 897]
AvastScanner.lnk - c:\program files\Avast4\ashSimp2.exe [2009-4-20 126320]
Brightness&ColorSwapper-gapa.lnk - c:\tools\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe [2009-4-16 116224]
Bullzip Express Menu.lnk - c:\program files\ExpressMenuBullzip\exmenu.exe [2009-4-26 36864]
Clickoff.exe.lnk - c:\program files\ClickOff\Clickoff.exe [2007-7-31 78880]
ComboFix.url [2009-8-28 182]
Ditto.exe.lnk - c:\tools\Ditto\Ditto.exe [2009-4-17 684032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 06:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-04-17 04:06 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Tools\\itudou\\iTudou.exe"=
"c:\\Program Files\\My Mobile\\MyMobiler\\MyMobiler.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Tools\\NetTransport2.80.441\\NetTransport.exe"=
"c:\\Tools\\eMule0.49c\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Tools\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\GridService\\peer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Tools\\FlashGet 3.0 Portable\\Flashget3.exe"= c:\\Tools\\FlashGet 3.0 Portable\\FlashGet3.exe
"$INSTDIR\\FlvDetector.exe"= c:\\Tools\\FlashGet 3.0 Portable\\FlvDetector.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"27695:TCP"= 27695:TCP:BitComet 27695 TCP
"27695:UDP"= 27695:UDP:BitComet 27695 UDP
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/4/2009 10:42 114768]
S1 PPEN;PenPower Tablet Driver;c:\windows\system32\drivers\PPEN.SYS [26/4/2009 14:07 13440]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/4/2009 10:42 20560]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [7/8/2006 14:15 2825088]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [8/10/2004 16:58 751104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 4:22 34064]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28681820-917D-11d5-8177-005056FDDA4B}]
rundll32.exe c:\windows\system32\ShellExt\DafiTech\Cpy2Clip\cpy2clip.dll,CreateUserSettings
.
.
------- 而外的掃描 -------
.
uStart Page =
hxxp://www.microsoft.commStart Page =
hxxp://www.microsoft.comuInternet Settings,ProxyOverride = local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Dictionary -
http://files.db3nf.com/scripts/ie.htmIE: &Encyclopedia -
http://files.db3nf.com/scripts/ie-e.htmIE: &Search -
http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZCIE: &U使用米人下?并收藏 - c:\program files\NamiRobot\Data\du.html
IE: &U妏蚚馨譙儂狟婥甜彶紲 - c:\program files\NamiRobot\Data\du.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Use ViDown to download - c:\program files\ViDown\vd_link.htm
IE: 使用 Mega 管理器下??接... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: 使用快?3下? - c:\documents and settings\USE\Application Data\FlashGetBHO\GetUrl.htm
IE: 使用快?3下?全部?接 - c:\documents and settings\USE\Application Data\FlashGetBHO\GetAllUrl.htm
IE: 妏蚚辦陬3狟婥 - c:\documents and settings\USE\Application Data\FlashGetBHO\GetUrl.htm
IE: 妏蚚辦陬3狟婥窒蟈諉 - c:\documents and settings\USE\Application Data\FlashGetBHO\GetAllUrl.htm
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} -
hxxp://games.bigfishgames.com/en_burger ... yer_v4.cab.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PCMService - :c:\program files\CyberLink\PowerCinema\PCMService.exe
HKLM-Run-TkBellExe - realsched.exe
ShellExecuteHooks-{32CD708B-60A7-4C00-9377-D73EAA495F0F} - c:\windows\system32\RavExt.dll
AddRemove-BCM - c:\~sundries-nec\~ToPutIntoCd\C-Installers\BCM\Manager.exe
AddRemove-Coffee Rush_is1 - c:\documents and settings\Coffee Rush\ReflexiveArcade\unins000.exe
AddRemove-ICE Book Reader Professional_is1 - c:\program files\ICE Book Reader Professional\unins000.exe
AddRemove-Janes Hotel Family Hero_is1 - c:\program files\Janes Hotel Family Hero\ReflexiveArcade\unins000.exe
AddRemove-Nanny Mania 2_is1 - c:\program files\Nanny Mania 2\ReflexiveArcade\unins000.exe
AddRemove-PenPower PPENSB - c:\windows\ppuninst UNINST
AddRemove-Ulead WebRazor Pro 2.0 - c:\windows\Noslip\Uwrp20f\Setup.exe
AddRemove-{9B49BFC8-D0C0-42E9-8460-40733DCE3648}_is1 - c:\program files\Megaupload
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-16 12:59
Windows 5.1.2600 Service Pack 3 NTFS
掃描被隱藏的進程 ...
掃描被隱藏的啟動組 ...
掃描被隱藏的文件 ...
掃描完成
被隱藏的檔案: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1192798999-1536786436-3313207897-1006\Software\Microsoft\Internet Explorer\MenuExt\&*U*??Y?Q?鸃reZuv_2}]
@="c:\\Program Files\\NamiRobot\\Data\\du.html"
"contexts"="34"
[HKEY_USERS\S-1-5-21-1192798999-1536786436-3313207897-1006\Software\Microsoft\Internet Explorer\MenuExt\O(u螒f?*N}
@="c:\\Documents and Settings\\USE\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-1192798999-1536786436-3313207897-1006\Software\Microsoft\Internet Explorer\MenuExt\O(u螒f?*N}Q??卉]
@="c:\\Documents and Settings\\USE\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-1192798999-1536786436-3313207897-1006\Software\Microsoft\Internet Explorer\MenuExt\??l?*腤eZ]
@="c:\\Documents and Settings\\USE\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-1192798999-1536786436-3313207897-1006\Software\Microsoft\Internet Explorer\MenuExt\??l?*腤eZ蘙??]
@="c:\\Documents and Settings\\USE\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-1192798999-1536786436-3313207897-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35219C1F-B9FE-8680-CEE4-8C51B28ED9C3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"lahemmgeiiohagcdodhbcbji"=hex:62,62,61,67,64,70,61,68,6e,6d,6f,61,70,6b,6c,65,
69,66,62,6c,6c,63,6d,70,6d,68,67,6d,68,6f,6f,6a,62,6c,67,61,00,08
"lanfdeoehinfadahclheebde"=hex:62,62,70,66,6f,65,6a,70,68,62,6c,70,62,64,68,63,
64,6e,66,6a,6c,69,61,6d,6c,61,6d,69,64,6b,6d,68,6b,6b,6a,6b,00,fb
"haaechhdgfaclkhm"=hex:63,62,68,65,64,67,67,6a,64,63,68,62,68,62,66,67,61,65,
70,66,63,62,6b,6e,66,6c,61,6b,67,69,6e,68,6e,6f,6b,6a,68,6a,00,00
"haaechhdjehblmil"=hex:6f,61,70,65,61,6f,69,68,67,67,69,62,65,66,6d,6c,6c,6c,
62,61,65,64,66,63,65,70,6e,6d,61,70,00,68
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,09,d8,51,30,24,
98,07,9c,c8,28,51,af,b0,29,a3,98,1b,5a,55,b7,2c,fe,65,30,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,60,2c,7c,30,92,
29,26,7c,71,3b,04,66,8b,46,0d,96,2c,46,83,03,6a,cf,97,1f,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,26,70,16,19,bd,
fd,3b,a5,25,da,ec,7e,55,20,c9,26,af,00,5d,1d,59,65,64,70,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,77,22,cd,f6,ff,
a6,04,d5,3e,1e,9e,e0,57,5a,93,61,d2,3c,be,a3,d6,6e,8a,73,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,d0,87,3a,1f,b1,
64,b1,70,cd,44,cd,b9,a6,33,6c,cd,96,78,13,26,0a,c5,33,44,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,77,dd,d5,47,4b,
65,a9,66,b0,18,ed,a7,3f,8d,37,a4,6a,2b,ff,76,41,fc,ce,ce,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,c8,40,8c,99,04,
71,28,c9,31,77,e1,ba,b1,f8,68,02,7e,e8,49,bf,57,38,78,0b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,2e,3e,e4,a1,d5,
cf,b8,58,83,6c,56,8b,a0,85,96,ab,f5,f5,9f,b3,b7,ba,fb,55,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,4c,dd,32,f7,f9,
44,cd,8b,51,fa,6e,91,28,9e,14,cc,a3,28,39,2c,10,03,cf,1a,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,bd,52,f9,4d,4a,
9f,cc,ae,b1,cd,45,5a,a8,c4,f8,b9,5d,dd,cc,ea,a1,1a,a1,6d,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,ce,37,ac,5d,c9,
34,23,88,e3,0e,66,d5,eb,bc,2f,6b,d8,b5,95,c0,8d,2a,77,26,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,eb,09,8b,a3,01,
28,a2,2b,fa,ea,66,7f,d4,3b,6b,70,06,40,74,9e,b5,92,40,cd,6c,43,2d,1e,aa,22,\
.
--------------------- 運行進程下的動態鏈接庫 ---------------------
- - - - - - - > 'winlogon.exe'(204)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\windows\system32\PPIME_TW.IME
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
完成時間: 2009-09-16 13:02
ComboFix-quarantined-files.txt 2009-09-16 05:02
Pre-Run: 128,047,763,456 位元組可用
Post-Run: 128,038,809,600 位元組可用
388 --- E O F --- 2009-09-10 13:05