... Thanks for the effort !
Here is the scan result of the two file you told me to scan :
C:\WINDOWS\slrundll.exe :Antivirus Version Last Update-Result
AhnLab-V3 2008.7.4.1 2008.07.07 -
AntiVir 7.8.0.64 2008.07.07 -
Authentium 5.1.0.4 2008.07.06 -
Avast 4.8.1195.0 2008.07.07 -
AVG 7.5.0.516 2008.07.07 -
BitDefender 7.2 2008.07.07 -
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.07 -
DrWeb 4.44.0.09170 2008.07.07 -
eSafe 7.0.17.0 2008.07.07 -
eTrust-Vet 31.6.5934 2008.07.07 -
Ewido 4.0 2008.07.07 -
F-Prot 4.4.4.56 2008.07.06 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.07 -
GData 2.0.7306.1023 2008.07.07 -
Ikarus T3.1.1.26.0 2008.07.07 -
Kaspersky 7.0.0.125 2008.07.07 -
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.07 -
NOD32v2 3247 2008.07.07 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.06 -
Prevx1 V2 2008.07.07 -
Rising 20.51.60.00 2008.07.06 -
Sophos 4.31.0 2008.07.07 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.07 -
TheHacker 6.2.96.374 2008.07.07 -
TrendMicro 8.700.0.1004 2008.07.07 -
VBA32 3.12.6.8 2008.07.06 -
VirusBuster 4.5.11.0 2008.07.07 -
Webwasher-Gateway 6.6.2 2008.07.07 -
Additional information
File size: 32866 bytes
MD5...: 740fb2c61e9a92ca1201a86742be51f2
SHA1..: 7b53f44015e5370762fb90979334c175caf9f9a8
SHA256: 127aadedc91fb7c7ccee2e738980c7f6e51b0df35adf55fc3a28ac27d0747704
SHA512: 14cdcabbffaafb552ba73b94d5fa4bf86e4320c80200585aba2fa21723dd78c6
9124a2b50b0fdacf8149f8973a6e12a2da48f47f0d6a46627e0d2c899fca10ba
PEiD..: Armadillo v1.71
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40132c
timedatestamp.....: 0x4069704c (Tue Mar 30 13:04:12 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x345a 0x4000 5.80 58f5c9738ae7b9f83c246c411083d821
.rdata 0x5000 0x784 0x1000 3.30 b8613f550488e8cb371639a45dd52f3f
.data 0x6000 0x99c 0x1000 0.87 8986d0756ca0cfb6f7e3ced3d916be94
.rsrc 0x7000 0x318 0x1000 3.52 782b22da29c09f173b564a18436f5217
( 1 imports )
> KERNEL32.dll: GetStdHandle, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, FreeLibrary, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, IsBadWritePtr, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW
( 0 exports )
C:\WINDOWS\IFinst26.exe :Antivirus Version Last Update Result
AhnLab-V3 2008.7.4.1 2008.07.07 -
AntiVir 7.8.0.64 2008.07.07 -
Authentium 5.1.0.4 2008.07.06 -
Avast 4.8.1195.0 2008.07.07 -
AVG 7.5.0.516 2008.07.07 -
BitDefender 7.2 2008.07.07 -
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.07 -
DrWeb 4.44.0.09170 2008.07.07 -
eSafe 7.0.17.0 2008.07.07 Suspicious File
eTrust-Vet 31.6.5934 2008.07.07 -
Ewido 4.0 2008.07.07 -
F-Prot 4.4.4.56 2008.07.06 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.07 -
GData 2.0.7306.1023 2008.07.07 -
Ikarus T3.1.1.26.0 2008.07.07 -
Kaspersky 7.0.0.125 2008.07.07 -
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.07 -
NOD32v2 3247 2008.07.07 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.06 -
Prevx1 V2 2008.07.07 -
Rising 20.51.60.00 2008.07.06 -
Sophos 4.31.0 2008.07.07 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.07 -
TheHacker 6.2.96.374 2008.07.07 -
TrendMicro 8.700.0.1004 2008.07.07 -
VBA32 3.12.6.8 2008.07.06 -
VirusBuster 4.5.11.0 2008.07.07 -
Webwasher-Gateway 6.6.2 2008.07.07 -
Additional information
File size: 65024 bytes
MD5...: fdc9d4de50a845137580698494b19f13
SHA1..: 0982241e310fd7d79ce544d1c78ee4c6ce704091
SHA256: 45de2065972a812b7671676c0e53fdd5ddeae742d2d4fb27b19d0df8f3c0c1d8
SHA512: 06e8e897888122e375eceef6e12e3b292141a5d5677fe19d53eea8785be82645
a3a58a0df4c876b8b7e410b8f498ad146e91e20f80850737a7d1d7b1adce3d37
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4297b0
timedatestamp.....: 0x39fccbac (Mon Oct 30 01:15:24 2000)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x1a000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x1b000 0xf000 0xea00 7.92 98ce247aa2d782e5978b391a4be1792a
.rsrc 0x2a000 0x1000 0x1000 3.39 79f1a804b29384e18fb2b8c70a0e867d
( 8 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> ADVAPI32.dll: RegCloseKey
> GDI32.dll: BitBlt
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: ShellExecuteA
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueA
( 0 exports )
packers (Kaspersky): UPX
packers (F-Prot): UPX
RegQuery : Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis]
"DisplayName"="HijackThis 2.0.2"
"UninstallString"="\"C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\" /uninstall"
"DisplayIcon"="C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"
"DisplayVersion"="2.0.2"
"Publisher"="TrendMicro"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}]
"ModifyPath"="\"C:\\Program Files\\InstallShield Installation Information\\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\\setup.exe\" -runfromtemp -l0x0404"
"UninstallString"="\"C:\\Program Files\\InstallShield Installation Information\\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\\setup.exe\" -runfromtemp -l0x0404 -removeonly"
"DisplayName"="EmoDio"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\\Setup.ilg"
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0"
"HelpTelephone"=""
"InstallDate"="20080706"
"InstallLocation"="C:\\Program Files\\Samsung\\Emodio\\"
"InstallSource"="C:\\DOCUME~1\\iason8\\LOCALS~1\\Temp\\{AB1EFADB-5AF0-4C47-AB53-C68FCA0A9097}\\"
"Publisher"="SAMSUNG"
"Readme"=""
"URLInfoAbout"="***IS_STRING_NOT_DEFINED***"
"URLUpdateInfo"=""
"HelpLink"=hex(2):00,00
"EstimatedSize"=dword:00001e54
"Language"=dword:00000000
"Version"=dword:01000000
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"NoModify"=dword:00000001
"DisplayIcon"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,5c,00,7b,00,\
43,00,32,00,30,00,43,00,45,00,35,00,39,00,32,00,2d,00,42,00,30,00,46,00,38,\
00,2d,00,34,00,44,00,32,00,30,00,2d,00,42,00,46,00,33,00,31,00,2d,00,30,00,\
31,00,35,00,31,00,43,00,41,00,36,00,33,00,33,00,31,00,41,00,36,00,7d,00,5c,\
00,41,00,52,00,50,00,50,00,52,00,4f,00,44,00,55,00,43,00,54,00,49,00,43,00,\
4f,00,4e,00,2e,00,65,00,78,00,65,00,00,00
"RegOwner"="JJ"
"RegCompany"="ZAOFAMILY"
"NoRepair"=dword:00000001
"DefaultLanguage"="LangCHT"
"PatchVersion"="1.00"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lame MP3 Codec (for the ACM)]
"DisplayName"="Lame ACM MP3 Codec"
"UninstallString"="\"C:\\WINDOWS\\IFinst26.exe\" -UD:\\Program Files\\Lame MP3 Codec\\IFU11.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobius Rakion_is1]
"Inno Setup: Setup Version"="5.1.5"
"Inno Setup: App Path"="C:\\Program Files\\Softnyx\\Rakion"
"InstallLocation"="C:\\Program Files\\Softnyx\\Rakion\\"
"Inno Setup: Icon Group"="(Default)"
"Inno Setup: User"="iason8"
"DisplayName"="Mobius Rakion"
"UninstallString"="\"C:\\Program Files\\Softnyx\\Rakion\\unins000.exe\""
"QuietUninstallString"="\"C:\\Program Files\\Softnyx\\Rakion\\unins000.exe\" /SILENT"
"Publisher"="mobius.ph"
"URLInfoAbout"="http://www.mobius.ph"
"HelpLink"="http://rakion.mobiusgames.net"
"URLUpdateInfo"="http://rakion.mobiusgames.net"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.15)]
"Comments"="Mozilla Firefox"
"DisplayIcon"="C:\\Program Files\\Mozilla Firefox\\firefox.exe,0"
"DisplayName"="Mozilla Firefox (2.0.0.15)"
"DisplayVersion"="2.0.0.15 (zh-TW)"
"InstallLocation"="C:\\Program Files\\Mozilla Firefox"
"Publisher"="Mozilla"
"UninstallString"="C:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe"
"URLInfoAbout"="http://zh-TW.www.mozilla.com/zh-TW/"
"URLUpdateInfo"="http://zh-TW.www.mozilla.com/zh-TW/firefox/"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XviD_is1]
"Inno Setup: Setup Version"="4.2.7"
"Inno Setup: App Path"="D:\\Program Files\\XviD"
"InstallLocation"="D:\\Program Files\\XviD\\"
"Inno Setup: Icon Group"="XviD"
"Inno Setup: User"="iason8"
"Inno Setup: Selected Tasks"="DecodeAll"
"Inno Setup: Deselected Tasks"=""
"DisplayName"="XviD MPEG-4 Video Codec"
"UninstallString"="\"D:\\Program Files\\XviD\\unins000.exe\""
"QuietUninstallString"="\"D:\\Program Files\\XviD\\unins000.exe\" /SILENT"
"DisplayVersion"="XviD-1.0.3-20122004"
"Publisher"="XviD Team (Koepi)"
"URLInfoAbout"="http://www.xvid.org/"
"HelpLink"="http://forum.doom9.org/forumdisplay.php?s=&forumid=52"
"URLUpdateInfo"="http://www.koepi.org/"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68e0d9e4-1474-48c9-a191-a32cc6a40027}]
"uninstall"="C:\\Program Files\\MarkAny\\ContentSafer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="8.0.56336"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20080706"
"InstallLocation"=""
"InstallSource"="C:\\DOCUME~1\\iason8\\LOCALS~1\\Temp\\7zS8.tmp\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,37,00,32,00,39,00,39,00,30,00,35,00,32,00,\
62,00,2d,00,30,00,32,00,61,00,34,00,2d,00,34,00,36,00,32,00,37,00,2d,00,38,\
00,31,00,66,00,32,00,2d,00,31,00,38,00,31,00,38,00,64,00,61,00,35,00,64,00,\
35,00,35,00,30,00,64,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000014d2
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,37,00,32,00,39,00,39,00,30,00,35,00,32,\
00,62,00,2d,00,30,00,32,00,61,00,34,00,2d,00,34,00,36,00,32,00,37,00,2d,00,\
38,00,31,00,66,00,32,00,2d,00,31,00,38,00,31,00,38,00,64,00,61,00,35,00,64,\
00,35,00,35,00,30,00,64,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0800dc10
"Language"=dword:00000000
"DisplayName"="Microsoft Visual C++ 2005 Redistributable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}]
"DisplayName"="DivX Web Player"
"InstallLocation"="C:\\Program Files\\DivX\\DivX Web Player"
"DisplayIcon"="C:\\Program Files\\DivX\\DivX Web Player\\npdivx32.dll,0"
"Publisher"="DivX,Inc."
"UninstallString"="C:\\Program Files\\DivX\\DivXWebPlayerUninstall.exe /PLUGIN"
"DisplayVersion"="1.4.0"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Locale"="en"
"RebootFlag"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}]
"DisplayName"="MSXML 4.0 SP2 (KB936181)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}]
"DisplayName"="ContentSAFER for Wizmax"
"LogFile"=""
"UninstallString"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20080706"
"InstallLocation"="C:\\Program Files\\Samsung\\Emodio\\"
"InstallSource"="C:\\DOCUME~1\\iason8\\LOCALS~1\\Temp\\{AB1EFADB-5AF0-4C47-AB53-C68FCA0A9097}\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,43,00,32,00,30,00,43,00,45,00,35,00,39,00,\
32,00,2d,00,42,00,30,00,46,00,38,00,2d,00,34,00,44,00,32,00,30,00,2d,00,42,\
00,46,00,33,00,31,00,2d,00,30,00,31,00,35,00,31,00,43,00,41,00,36,00,33,00,\
33,00,31,00,41,00,36,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="SAMSUNG"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00001e54
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,43,00,32,00,30,00,43,00,45,00,35,00,39,\
00,32,00,2d,00,42,00,30,00,46,00,38,00,2d,00,34,00,44,00,32,00,30,00,2d,00,\
42,00,46,00,33,00,31,00,2d,00,30,00,31,00,35,00,31,00,43,00,41,00,36,00,33,\
00,33,00,31,00,41,00,36,00,7d,00,00,00
"URLInfoAbout"="***IS_STRING_NOT_DEFINED***"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:01000000
"Language"=dword:00000000
"DisplayName"="EmoDio"
ComboFix Log : ComboFix 08-07-05.1 - iason8 2008-07-07 22:21:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.950.1.1028.18.196 [GMT 8:00]
執行位置?: C:\Documents and Settings\iason8\桌面\ComboFix.exe
Command switches used :: C:\Documents and Settings\iason8\桌面\CFScript.txt
* 已建立新的還原點
.
(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Avg8
C:\Documents and Settings\iason8\Application Data\LimeWire
C:\Documents and Settings\iason8\Application Data\LimeWire\.AppSpecialShare\Supreme.Commander.Forged.Alliance.Full-Rip.Skullptura.torrent.bak
C:\Documents and Settings\iason8\Application Data\LimeWire\active.mojito
C:\Documents and Settings\iason8\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\downloads.dat
C:\Documents and Settings\iason8\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\iason8\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\filters.props
C:\Documents and Settings\iason8\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\iason8\Application Data\LimeWire\installation.props
C:\Documents and Settings\iason8\Application Data\LimeWire\library.dat
C:\Documents and Settings\iason8\Application Data\LimeWire\limewire.props
C:\Documents and Settings\iason8\Application Data\LimeWire\mojito.props
C:\Documents and Settings\iason8\Application Data\LimeWire\promotion\promodb.backup
C:\Documents and Settings\iason8\Application Data\LimeWire\promotion\promodb.data
C:\Documents and Settings\iason8\Application Data\LimeWire\promotion\promodb.properties
C:\Documents and Settings\iason8\Application Data\LimeWire\promotion\promodb.script
C:\Documents and Settings\iason8\Application Data\LimeWire\questions.props
C:\Documents and Settings\iason8\Application Data\LimeWire\responses.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\iason8\Application Data\LimeWire\spam.dat
C:\Documents and Settings\iason8\Application Data\LimeWire\tables.props
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\
01_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\
02_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\
03_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\
04_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\
05_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\ttrees.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\ttroot.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\version.xml
C:\Documents and Settings\iason8\Application Data\LimeWire\versions.props
C:\Documents and Settings\iason8\Application Data\LimeWire\xml\data\audio.sxml2
C:\Documents and Settings\iason8\Application Data\LimeWire\xml\data\image.sxml2
C:\Documents and Settings\iason8\Application Data\LimeWire\xml\data\video.sxml2
C:\Documents and Settings\iason8\Application Data\rhctm5j0eede
.
(((((((((((((((((((((((((((( 2008-06-07 - 2008-07-07 之間建立的檔案 )))))))))))))))))))))))))))))))))
.
2008-07-07 16:12 . 2008-07-07 16:17 <DIR> d-------- C:\Program Files\Cheat Engine
2008-07-07 02:36 . 2008-07-07 02:36 <DIR> d-------- C:\Program Files\Softnyx
2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\iason8\Application Data\DataCast
2008-07-06 22:14 . 2008-07-06 22:14 <DIR> d-------- C:\Program Files\Samsung
2008-07-06 19:52 . 2008-07-06 19:52 <DIR> d-------- C:\Program Files\DivX
2008-07-06 16:32 . 2008-07-06 16:32 268 --ah----- C:\sqmdata12.sqm
2008-07-06 16:32 . 2008-07-06 16:32 244 --ah----- C:\sqmnoopt12.sqm
2008-07-06 15:12 . 2008-07-06 15:12 268 --ah----- C:\sqmdata11.sqm
2008-07-06 15:12 . 2008-07-06 15:12 244 --ah----- C:\sqmnoopt11.sqm
2008-07-05 23:45 . 2008-07-05 23:45 244 --ah----- C:\sqmnoopt10.sqm
2008-07-05 23:45 . 2008-07-05 23:45 232 --ah----- C:\sqmdata10.sqm
2008-07-05 15:15 . 2008-07-05 15:15 244 --ah----- C:\sqmnoopt09.sqm
2008-07-05 15:15 . 2008-07-05 15:15 232 --ah----- C:\sqmdata09.sqm
2008-07-05 15:07 . 2008-07-05 15:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 14:47 . 2008-07-05 14:47 244 --ah----- C:\sqmnoopt08.sqm
2008-07-05 14:47 . 2008-07-05 14:47 232 --ah----- C:\sqmdata08.sqm
2008-07-05 14:12 . 2008-07-05 14:12 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-05 14:06 . 2008-07-05 14:06 268 --ah----- C:\sqmdata07.sqm
2008-07-05 14:06 . 2008-07-05 14:06 244 --ah----- C:\sqmnoopt07.sqm
2008-07-04 20:31 . 2008-07-04 20:31 268 --ah----- C:\sqmdata06.sqm
2008-07-04 20:31 . 2008-07-04 20:31 244 --ah----- C:\sqmnoopt06.sqm
2008-07-03 21:28 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-07-03 21:28 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-07-03 21:28 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-07-03 21:27 . 2008-07-03 21:27 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-07-03 21:26 . 2008-07-03 21:26 <DIR> d-------- C:\Program Files\MarkAny
2008-07-01 16:55 . 2008-07-01 16:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-01 16:55 . 2008-07-01 16:55 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-30 23:17 . 2008-07-03 21:14 <DIR> d-------- C:\Program Files\Panda Security
2008-06-29 16:07 . 2008-06-29 16:07 <DIR> dr-h----- C:\Documents and Settings\iason8\Application Data\SecuROM
2008-06-29 16:07 . 2008-06-29 16:07 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-29 12:05 . 2008-06-29 12:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-29 12:05 . 2008-06-29 12:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 02:11 . 2008-06-25 02:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-25 02:10 . 2008-06-25 02:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-06-25 01:59 . 2008-06-25 02:00 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-06-25 01:59 . 2008-06-25 02:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-25 01:57 . 2008-06-25 01:57 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-06-25 01:51 . 2008-06-25 01:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-25 01:51 . 2008-06-25 01:51 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-25 01:51 . 2008-06-25 01:51 <DIR> d-------- C:\Program Files\MSBuild
2008-06-25 01:50 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-25 01:40 . 2008-06-25 01:40 <DIR> d-------- C:\Documents and Settings\All Users\「開始」
2008-06-21 17:44 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-21 17:42 . 2002-12-12 00:14 1,294,336 --a--c--- C:\WINDOWS\system32\dllcache\dsound3d.dll
2008-06-16 20:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-06-16 20:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-06-16 20:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-06-16 00:59 . 2008-06-16 00:59 38 --a------ C:\WINDOWS\cdplayer.ini
2008-06-12 22:52 . 2008-06-17 04:16 <DIR> d-------- C:\Documents and Settings\JASON
2008-06-11 15:31 . 2008-06-15 01:32 269,568 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 15:31 . 2008-05-08 22:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 08:04 . 2008-06-11 08:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 08:04 . 2008-06-11 08:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-06-08 21:46 . 2008-07-06 19:52 1,294 --a------ C:\WINDOWS\mozver.dat
2008-06-08 00:08 . 2008-06-08 00:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-07 13:10 . 2008-06-07 13:10 <DIR> d-------- C:\Documents and Settings\iason8\「開始」
.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 18:12 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-15 07:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 17:32 269,568 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:52 --------- d-----w C:\Program Files\IBM RecordNow!
2008-06-12 14:52 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-30 11:35 0 ----a-w C:\IACTemp.dat
2008-05-30 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\IACiFlow
2008-05-30 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\IAC
2008-05-30 11:19 --------- d-----w C:\Program Files\QuickTime
2008-05-30 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-17 13:05 --------- d-----w C:\Program Files\Java
2008-05-17 12:55 --------- d-----w C:\Program Files\Sun
2008-05-17 12:52 --------- d-----w C:\Program Files\Common Files\Java
2008-05-17 12:49 --------- d-----w C:\Documents and Settings\iason8\Application Data\IBM
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 07:08 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-14 16:31 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 16:31 271,360 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 16:30 978,432 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 16:30 769,024 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
2008-04-14 16:30 744,448 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2008-04-14 16:30 66,560 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 16:30 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 16:30 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 16:30 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 16:30 18,432 ------w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\hscupd.exe
2008-04-14 16:30 163,840 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-04-14 16:30 132,096 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 16:30 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 16:29 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 16:29 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 16:29 38,400 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
2008-04-14 16:29 366,080 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msinfo.dll
2008-04-14 16:29 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 16:29 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 16:29 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 16:29 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 16:29 102,912 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchshell.dll
2008-04-14 16:29 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-02-10 21:33 1,026 --sha-r C:\Program Files\Common Files\fqb.dat
2004-10-26 21:27 773 ----a-w C:\Program Files\pconfig.dcf
2004-10-11 13:59 8,417 ----a-w C:\Program Files\readme.txt
2004-09-01 17:05 41,018 ----a-w C:\Program Files\dlaunin.exe
2004-06-14 17:03 241 ----a-w C:\Program Files\setupopt.ini
2004-06-08 17:01 8 ----a-w C:\Program Files\is5unin.isu
2004-05-10 17:01 7,355 ----a-w C:\Program Files\tech_tip.htm
2004-05-10 17:01 44,717 ----a-w C:\Program Files\vxdla.chm
.
((((((((((((((((((((((((((((( snapshot@2008-07-07_ 1.02.32.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 16:58:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 13:44:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 13:44:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_d8.dat
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:30 15360]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 17:10 442368]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-15 18:42 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:31 208952]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-09 02:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-09 02:17 512000]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 17:10 442368]
"ISS_Certtool"="C:\Program Files\IBM\Security\certtool.exe" [2004-11-10 17:06 86016]
"IBM_PWMGR"="C:\Program Files\IBM\Password Manager\pwmgr.exe" [2004-11-10 17:09 327680]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 17:10 212992]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-11-17 15:48 94208]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2004-12-21 16:00 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-11 21:00 344064]
"QCWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-11-09 03:53 81920]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 19:17 66400]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 19:17 98656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-27 22:00 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-30 19:19 98304]
"TpShocks"="TpShocks.exe" [2004-10-27 15:58 106496 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2004-11-12 01:07 40960 C:\WINDOWS\system32\TP4EX.exe]
"TrackPointSrv"="tp4serv.exe" [2004-10-28 18:50 94208 C:\WINDOWS\system32\tp4serv.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 00:30 15360]
C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18 565309]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-10 14:35:39 24576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_abwl]
2006-08-24 17:53 23552 C:\WINDOWS\system32\fsp_abwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-11-09 03:53 262144 C:\WINDOWS\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 11:11 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"11737:TCP"= 11737:TCP:BitCometLite 11737 TCP
"11737:UDP"= 11737:UDP:BitCometLite 11737 UDP
R0 GENERICSMB;IBM - Generic SMB Device Controller;C:\WINDOWS\system32\DRIVERS\smbgen.sys [2008-02-10 14:00]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-05-14 14:08]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2004-12-02 16:14]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-11-09 03:53]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 07:20]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-11-09 03:53]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 12:59]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2004-12-21 16:00]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 07:16]
R2 smi2;smi2;C:\WINDOWS\system32\drivers\smi2.sys [2008-02-10 13:59]
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-06-22 10:12]
R3 SMBusDH;IBM - SMB Hub Controller;C:\WINDOWS\system32\DRIVERS\smbusdh.sys [2008-02-10 14:00]
R3 SMBusHC;SMBus Host Controller;C:\WINDOWS\system32\DRIVERS\smbushc.sys [2008-02-10 14:00]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2004-12-02 15:54]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Softnyx\Rakion\Bin\GameGuard\dump_wmimmc.sys []
S3 MXIC9010;MXIC Generic USB Device Driver;C:\WINDOWS\system32\drivers\mxic9010.sys [2005-10-02 13:57]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-11-09 03:53]
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
S3 XDva052;XDva052;C:\WINDOWS\system32\XDva052.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
*Newly Created Service* - CATCHME
.
排程工作資料夾的內容
"2008-07-06 10:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-07-07 13:44:18 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2008-06-10 07:50:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-01 07:50:34 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-07 22:24:47
Windows 5.1.2600 Service Pack 3 NTFS
掃描隱藏的程序...
掃描隱藏的進程...
掃描隱藏的檔案...
掃描完成
隱藏檔案?: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
完成時間?: 2008-07-07 22:28:25
ComboFix-quarantined-files.txt 2008-07-07 14:28:20
ComboFix2.txt 2008-07-06 17:02:54
10 個目錄 19,901,947,904 位元組可用
13 個目錄 19,922,771,968 位元組可用
304 --- E O F --- 2008-07-07 14:19:08
Hijackthis Log : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 10:40:36, on 2008/7/7
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Security\certtool.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ISS_Certtool] C:\Program Files\IBM\Security\certtool.exe
O4 - HKLM\..\Run: [IBM_PWMGR] C:\Program Files\IBM\Password Manager\pwmgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 Mega 管理器下載連接... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - ESC Trusted Zone:
http://*.update.microsoft.comO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebook.com/controls/Fac ... oader5.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 2627861491O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) -
http://upload.facebook.com/controls/Fac ... der4_5.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b56986.cabO20 - Winlogon Notify: fsp_abwl - C:\WINDOWS\SYSTEM32\fsp_abwl.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
--
End of file - 10332 bytes
By the way, recently I got a problem, after manually removed part of AntiVirXP08 files, not sure if I deleted away some important windows file...
When I click Windows Update, it keep on downloading and installing the same file over and over again. Even after several restart its still the same problem.
Is there something wrong ?...
Also is there any recommended free anti virus programme(not trail) ? Cause recently I found my Avast having some problem, so now only protected by windows fire wall..
Thanks Again,
Jason
PS from tomorrow onwards till Friday night, I might not be able to attend the next reply you post for some days as I will be busy over school stuff.
Thanks.