Gå til innhold

[Løst]Sjekke ComboFix log

Atiks

Av Atiks
i IKT-drift og sikkerhet

Anbefalte innlegg

Atiks

Atiks

Skrevet
Skrevet (endret)

Hei

 

Jeg har en ComboFix log som jeg lure på om noen kunne se på? Og hvordan vet jeg om jeg har virus på pcen?

 

ComboFix log:

 

ComboFix 09-07-02.02 - Administrator -07-03 星期五 11:34.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.936.86.2052.18.511.282 [GMT 8:00]

执行位置: c:\documents and settings\Administrator\My Documents\ComboFix\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

/wow section - STAGE 完成项目——3

此时不应有 .empty"。

 

/wow section 未完成

 

((((((((((((((((((((((((( 2009-06-03 至 2009-07-03 的新的档案 )))))))))))))))))))))))))))))))

.

 

2009-07-03 02:54 . 2009-07-03 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-03 02:15 . 2009-07-03 02:15 -------- d-----w- c:\program files\Trend Micro

2009-07-03 01:30 . 2001-08-31 08:03 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-07-03 01:30 . 2008-01-25 02:03 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-07-03 01:30 . 2008-01-25 02:03 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2009-07-03 01:30 . 2008-01-25 11:49 158720 ----a-w- c:\windows\system32\ptpusd.dll

2009-07-02 23:36 . 2009-07-02 23:36 -------- d-----w- c:\windows\peernet

2009-07-02 23:36 . 2009-07-02 23:36 -------- d-----w- c:\windows\pchealth

2009-07-02 23:36 . 2009-07-02 23:36 -------- d-----w- c:\windows\ime

2009-07-02 23:36 . 2009-07-02 23:36 -------- d-----w- c:\windows\msagent

2009-07-02 23:36 . 2009-07-02 23:36 -------- d-----w- c:\program files\microsoft frontpage

2009-07-02 13:15 . 2009-07-02 13:15 20940 ---ha-w- c:\windows\system32\mlfcache.dat

2009-07-02 11:29 . 2009-07-02 11:29 -------- d-----w- c:\windows\Sun

2009-07-02 09:42 . 2009-07-02 09:42 -------- d-----w- c:\program files\ATI Technologies

2009-07-02 09:42 . 2009-07-02 09:42 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-02 09:42 . 2009-07-02 09:42 -------- d-----w- c:\program files\Common Files\InstallShield

2009-07-02 09:36 . 2009-07-02 09:39 1037 ----a-w- c:\windows\system32\cid_store.dat

2009-07-02 09:36 . 2009-07-02 09:36 -------- d-sh--w- c:\documents and settings\All Users\Application Data\thunder_vod_cache

2009-07-02 09:36 . 2009-07-02 09:36 20 ----a-w- c:\windows\system32\pub_store.dat

2009-07-02 09:36 . 2009-07-02 09:36 -------- d-----w- c:\program files\Common Files\Thunder Network

2009-07-02 09:36 . 2009-07-02 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Thunder Network

2009-07-02 09:35 . 2009-05-04 05:09 89600 ----a-w- c:\windows\system32\atl71.dll

2009-07-02 09:27 . 2009-07-02 09:27 -------- d-----w- c:\program files\Unlocker

2009-07-02 07:01 . 2009-07-02 07:01 -------- d-----w- c:\windows\system32\wbem\snmp

2009-07-02 07:01 . 2009-07-02 07:01 -------- d-----w- c:\windows\system32\xircom

2009-07-02 07:01 . 2009-07-02 07:01 -------- d-----w- c:\windows\system32\oobe

2009-07-02 06:04 . 2009-06-29 07:13 19080 ----a-w- c:\windows\system32\drivers\efimon.sys

2009-07-02 05:47 . 2009-07-02 05:47 -------- d-----w- c:\windows\system32\aliedit

2009-07-02 05:47 . 2009-07-02 05:47 -------- d-----w- c:\program files\AliWangWang

2009-07-02 05:45 . 2009-07-02 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Tencent

2009-07-02 05:45 . 2009-07-02 05:45 -------- d-----w- c:\program files\Common Files\Tencent

2009-07-02 05:45 . 2009-07-02 05:45 -------- d-----w- c:\program files\Tencent

2009-07-02 00:43 . 2009-07-02 00:43 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2009-07-02 00:37 . 2009-07-02 00:37 -------- d-----w- c:\program files\Common Files\Adobe

2009-07-02 00:28 . 2006-06-29 05:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-07-02 00:15 . 2009-07-02 00:15 -------- d-----w- c:\windows\system32\XPSViewer

2009-07-02 00:15 . 2009-07-02 00:15 -------- d-----w- c:\program files\MSBuild

2009-07-02 00:15 . 2009-07-02 00:15 -------- d-----w- c:\program files\Reference Assemblies

2009-07-02 00:15 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-07-02 00:15 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-07-02 00:15 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-07-02 00:15 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-07-02 00:15 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-07-02 00:15 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-07-02 00:15 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-07-02 00:07 . 2008-01-25 12:08 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-07-02 00:06 . 2009-07-02 00:06 -------- d-----w- c:\windows\system32\LogFiles

2009-07-02 00:06 . 2009-07-02 00:06 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-07-02 00:03 . 2009-07-02 00:03 -------- d-----w- c:\windows\system32\URTTemp

2009-07-02 00:02 . 2009-07-02 00:02 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-07-01 23:59 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys

2009-07-01 23:59 . 2008-05-01 14:34 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2009-07-01 23:59 . 2008-06-14 17:32 269824 ------w- c:\windows\system32\drivers\bthport.sys

2009-07-01 23:59 . 2008-06-14 17:32 269824 ------w- c:\windows\system32\dllcache\bthport.sys

2009-07-01 23:59 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2009-07-01 23:58 . 2008-10-03 10:03 246814 ------w- c:\windows\system32\dllcache\strmdll.dll

2009-07-01 23:58 . 2008-10-15 16:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2009-07-01 23:58 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll

2009-07-01 23:57 . 2008-04-21 21:14 207360 ------w- c:\windows\system32\dllcache\wordpad.exe

2009-07-01 23:54 . 2007-07-27 01:41 26488 ----a-w- c:\windows\system32\spupdsvc.exe

2009-07-01 23:54 . 2009-07-01 23:54 -------- d--h--w- c:\windows\$hf_mig$

2009-07-01 23:51 . 2008-10-16 06:09 43544 ----a-w- c:\windows\system32\wups2.dll

2009-07-01 23:51 . 2009-07-01 23:51 -------- d-s---w- c:\documents and settings\Administrator\UserData

2009-07-01 23:45 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll

2009-07-01 23:45 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll

2009-07-01 23:45 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll

2009-07-01 12:48 . 2009-07-01 12:48 -------- d-----w- c:\program files\SogouInput

2009-07-01 12:18 . 2009-07-01 12:18 -------- d-----w- c:\program files\OpenOffice.org 3

2009-07-01 12:18 . 2009-07-02 09:41 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-01 12:17 . 2009-07-01 12:17 -------- d-----w- c:\program files\Java

2009-07-01 12:02 . 2009-07-01 12:02 -------- d-----w- c:\program files\CCleaner

2009-07-01 11:58 . 2009-07-01 11:58 0 ----a-w- c:\windows\nsreg.dat

2009-07-01 11:42 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-01 11:42 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-01 11:42 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-07-01 11:42 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-07-01 11:42 . 2009-07-01 11:42 -------- d-----w- c:\program files\Avira

2009-07-01 11:42 . 2009-07-01 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-07-01 11:36 . 2008-01-25 12:08 322730 --sha-r- C:\bootfont.bin

2009-07-01 11:35 . 2007-10-26 03:20 4124352 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS

2009-07-01 11:31 . 2008-01-25 11:49 7168 ----a-w- c:\windows\system32\hccoin.dll

2009-07-01 11:31 . 2008-01-25 02:06 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys

2009-07-01 11:31 . 2008-01-25 02:06 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys

2009-07-01 11:31 . 2001-08-17 05:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2009-07-01 11:31 . 2008-01-24 23:52 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys

 

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-02 00:32 . 1979-12-31 16:00 90556 ----a-w- c:\windows\system32\prfc0804.dat

2009-07-02 00:32 . 1979-12-31 16:00 255964 ----a-w- c:\windows\system32\prfh0804.dat

2009-05-07 15:32 . 1979-12-31 16:00 340480 ----a-w- c:\windows\system32\localspl.dll

2009-04-19 19:47 . 1979-12-31 16:00 1846784 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:52 . 1979-12-31 16:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-05-04 05:14 . 2009-07-02 09:36 36864 ----a-w- c:\program files\mozilla firefox\components\NsThunderLoader.dll

2009-05-04 05:14 . 2009-07-02 09:36 53248 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll

.

 

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-01-25 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-01-25 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-01-25 96256]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^「开始」菜单^程序^启动^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\Administrator\「开始」菜单\程序\启动\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Tencent\\QQ\\Bin\\QQ.exe"=

 

R0 AFAMgt;AFAMgt;c:\windows\system32\drivers\afamgt.sys [1980-1-1 91707]

R1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\efimon.sys [2009-7-2 14:04 19080]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-7-1 19:42 108289]

S0 2310_00;2310_00;c:\windows\system32\drivers\2310_00.sys [1980-1-1 100224]

S0 cda1000;cda1000;c:\windows\system32\drivers\cda1000.sys [1980-1-1 280608]

S0 HookPort;HookPort;c:\windows\system32\Drivers\Hookport.sys --> c:\windows\system32\Drivers\Hookport.sys [?]

S0 hptmv6;hptmv6;c:\windows\system32\drivers\hptmv6.sys [1980-1-1 93696]

S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [1980-1-1 9809]

S0 rr172x;rr172x;c:\windows\system32\drivers\rr172x.sys [1980-1-1 83200]

S0 rr174x;rr174x;c:\windows\system32\drivers\rr174x.sys [1980-1-1 99968]

S0 rr232x;rr232x;c:\windows\system32\drivers\rr232x.sys [1980-1-1 101120]

S0 rr2340;rr2340;c:\windows\system32\drivers\rr2340.sys [1980-1-1 101888]

S1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys --> c:\windows\system32\drivers\360SelfProtection.sys [?]

S1 SafeBoxKrnl;SafeBoxKrnl;\??\c:\windows\system32\drivers\SafeBoxKrnl.sys --> c:\windows\system32\drivers\SafeBoxKrnl.sys [?]

S4 3wareDrv;3wareDrv;c:\windows\system32\drivers\3wareDrv.sys [1980-1-1 82184]

S4 3waregsm;3waregsm;c:\windows\system32\drivers\3waregsm.sys [1980-1-1 48832]

S4 3wareSrv;3ware Controller Service;c:\windows\system32\3waresrv.exe [1980-1-1 45056]

S4 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [1980-1-1 258939]

S4 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [1980-1-1 4928]

S4 aac;Adaptec RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [1980-1-1 50408]

S4 aacsas;Adaptec SAS/SATA-II RAID Miniport Driver;c:\windows\system32\drivers\aacsas.sys [1980-1-1 81035]

S4 aar1210;aar1210;c:\windows\system32\drivers\aar1210.sys [1980-1-1 186880]

S4 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [1980-1-1 360960]

S4 aec6210;ACARD AEC6210UF UltraDMA33 Controller;c:\windows\system32\drivers\aec6210.sys [1980-1-1 27648]

S4 aec6260;ACARD AEC6260 UltraDMA-66 Controller;c:\windows\system32\drivers\aec6260.sys [1980-1-1 23726]

S4 aec6280;aec6280;c:\windows\system32\drivers\aec6280.sys [1980-1-1 22528]

S4 aec6290;aec6290;c:\windows\system32\drivers\aec6280.sys [1980-1-1 22528]

S4 aec67160;aec67160;c:\windows\system32\drivers\aec67160.sys [1980-1-1 18432]

S4 AEC671X;AEC671X;c:\windows\system32\drivers\AEC671X.sys [1980-1-1 15086]

S4 AEC6880;AEC6880;c:\windows\system32\drivers\AEC6880.sys [1980-1-1 31566]

S4 aec6897;aec6897;c:\windows\system32\drivers\aec6897.sys [1980-1-1 50688]

S4 aec68x5;aec68x5;c:\windows\system32\drivers\AEC68x5.sys [1980-1-1 34238]

S4 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [1980-1-1 119808]

S4 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [1980-1-1 29696]

S4 amdeide;AMD EIDE 驱动程衼E;c:\windows\system32\drivers\AmdEide.sys [1980-1-1 41216]

S4 arcm_x86;arcm_x86;c:\windows\system32\drivers\arcm_x86.sys [1980-1-1 25888]

S4 ASH1205;SiI-3112 SATALink Controller;c:\windows\system32\drivers\ASH1205.sys [1980-1-1 47320]

S4 ata1200a;ata1200a;c:\windows\system32\drivers\ata1200a.sys [1980-1-1 44998]

S4 atiide;atiide;c:\windows\system32\drivers\atiide.sys [1980-1-1 6016]

S4 Cpq32fs2;Cpq32fs2;c:\windows\system32\drivers\cpq32fs2.sys [1980-1-1 64496]

S4 cpqcissm;cpqcissm;c:\windows\system32\drivers\cpqcissm.sys [1980-1-1 25912]

S4 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [1980-1-1 7680]

S4 FastSx;FastSx;c:\windows\system32\drivers\FastSx.sys [1980-1-1 326400]

S4 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [1980-1-1 81816]

S4 fttxr52P;fttxr52P;c:\windows\system32\drivers\fttxr52P.sys [1980-1-1 160256]

S4 HpCISSm2;HpCISSm2;c:\windows\system32\drivers\HpCISSm2.sys [1980-1-1 23040]

S4 Hpt366;Hpt366;c:\windows\system32\drivers\Hpt366.sys [1980-1-1 22880]

S4 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [1980-1-1 108150]

S4 hptmv;hptmv;c:\windows\system32\drivers\hptmv.sys [1980-1-1 168064]

S4 iaStor55;Intel RAID Controller;c:\windows\system32\drivers\iaStor55.sys [1980-1-1 874240]

S4 iaStor70;Intel RAID Controller;c:\windows\system32\drivers\iaStor70.sys [1980-1-1 277784]

S4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [1980-1-1 26112]

S4 m5228;m5228;c:\windows\system32\drivers\m5228.sys [1980-1-1 45069]

S4 m5281;m5281;c:\windows\system32\drivers\m5281.sys [1980-1-1 51072]

S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [1980-1-1 103680]

S4 m5288;m5288;c:\windows\system32\drivers\m5288.sys [1980-1-1 210304]

S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [1980-1-1 52480]

S4 MegaIDE;MegaIDE;c:\windows\system32\drivers\MegaIDE.sys [1980-1-1 163277]

S4 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [1980-1-1 34432]

S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [1980-1-1 91520]

S4 mvSata;mvSata;c:\windows\system32\drivers\mvsata.sys [1980-1-1 43520]

S4 nfrd960;IBM ServeRAID 4M/4L/4Mx/4Lx/5i/6M/6i/7k Device Driver;c:\windows\system32\drivers\nfrd960.sys [1980-1-1 74747]

S4 Pnp649r;CMD IDE Raid Controller;c:\windows\system32\drivers\pnp649r.sys [1980-1-1 66889]

S4 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [1980-1-1 66736]

S4 ql2200;ql2200;c:\windows\system32\drivers\ql2200.sys [1980-1-1 379958]

S4 ql2300;QLogic Fibre Channel SCSI Miniport Driver (w32 IP);c:\windows\system32\drivers\ql2300.sys [1980-1-1 1029632]

S4 raidsrc;raidsrc;c:\windows\system32\drivers\raidsrc.sys [1980-1-1 45392]

S4 S150sx8;S150sx8;c:\windows\system32\drivers\S150sx8.sys [1980-1-1 36864]

S4 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [1980-1-1 110128]

S4 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [1980-1-1 61952]

S4 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\SI3124.sys [1980-1-1 76208]

S4 SI3124r;SiI-3124 SATARaid Controller;c:\windows\system32\drivers\SI3124r.sys [1980-1-1 100881]

S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3124r5.sys [1980-1-1 207152]

S4 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [1980-1-1 68864]

S4 sisraidx;sisraidx;c:\windows\system32\drivers\sisraidx.sys [1980-1-1 47616]

S4 sptrak;sptrak;c:\windows\system32\drivers\sptrak.sys [1980-1-1 41216]

S4 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [1980-1-1 125952]

S4 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [1980-1-1 29184]

S4 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [1980-1-1 16896]

S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [1980-1-1 52224]

S4 VMscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1980-1-1 17968]

S4 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [1980-1-1 17920]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9e518c-da6c-11dc-bdee-806d6172696f}]

\Shell\AutoRun\command - E:\autorun.exe

.

‘计划任务’ 文件夹 里的内容

 

2009-07-02 c:\windows\Tasks\SogouImeMgr.job

- c:\progra~1\SOGOUI~1\422~1.273\PinyinRepair.exe [2009-06-19 12:03]

.

.

------- 而外的扫描 -------

.

uStart Page = hxxp://www.2345.com/

IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {DC81BF30-0EFF-4E07-8422-47EBF3F1CDA4} = 61.153.81.74 61.153.81.75

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cb9rich1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.2345.com

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

---- 火狐配置文件 ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

.

------- 文件类型 -------

.

chm.file="hh.exe" %1

txtfile=c:\windows\notepad.exe %1

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-03 11:34

Windows 5.1.2600 Service Pack 3, v.5755 FAT NTAPI

 

扫描被隐藏的进程 。。。

 

扫描被隐藏的启动组 。。。

 

扫描被隐藏的文件 。。。

 

扫描完成

被隐藏的档案: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CLSID]

@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

 

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CurVer]

@="BDATuner.组件.1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MenuExt\鹠燫0RQ*Q*h埮`]

"contexts"=dword:00000002

@="c:\\Program Files\\Tencent\\QQ\\Bin\\AddEmotion.htm"

.

--------------------- 运行进程下的动态链接库 ---------------------

 

- - - - - - - > 'winlogon.exe'(576)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(4056)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

完成时间: 2009-07-03 11:35

ComboFix-quarantined-files.txt 2009-07-03 03:35

 

Pre-Run: 4 个目录 73,906,225,152 可用字节

Post-Run: 4 个目录 73,889,611,776 可用字节

 

328

 

 

Endret av xtryk
Lenke til kommentar

Videoannonse

Videoannonse
Annonse

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...