Gå til innhold

[Løst]Kan noen sjekke Combofix fil?

Atiks

Av Atiks
i IKT-drift og sikkerhet

Anbefalte innlegg

Atiks

Atiks

Skrevet
Skrevet (endret)

Hei

 

Jeg lurte på om noen kan sjekke Combofix filen? Og jeg lurte på hvorfor innholder combofix virus?

 

Combofix logg:

ComboFix 09-07-12.03 - Administrator -07-13 星期一 16:25.1.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.936.86.2052.18.511.273 [GMT 8:00]

执行位置: c:\documents and settings\Administrator\My Documents\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

/wow section - STAGE 完成项目——3

命令语法不正确。

 

/wow section 未完成

 

((((((((((((((((((((((((( 2009-06-13 至 2009-07-13 的新的档案 )))))))))))))))))))))))))))))))

.

 

2009-07-13 07:27 . 2009-07-13 07:27 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-13 07:13 . 2006-06-29 05:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-07-13 07:13 . 2009-07-13 07:13 -------- d-----w- c:\windows\LastGood

2009-07-13 07:13 . 2009-07-13 07:13 -------- d-----w- c:\windows\System

2009-07-13 07:04 . 2009-07-13 07:04 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2009-07-13 07:03 . 2009-07-13 07:03 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-07-13 06:23 . 2009-07-13 06:23 -------- d-----w- c:\windows\system32\XPSViewer

2009-07-13 06:22 . 2009-07-13 06:22 -------- d-----w- c:\program files\MSBuild

2009-07-13 06:20 . 2009-07-13 06:20 -------- d-----w- c:\program files\Reference Assemblies

2009-07-13 06:19 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-07-13 06:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-07-13 06:19 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-07-13 06:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-07-13 06:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-07-13 06:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-07-13 06:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-07-13 06:14 . 2009-07-13 06:14 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat

2009-07-13 06:14 . 2009-07-13 06:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

2009-07-13 06:08 . 2006-08-01 07:02 49152 ----a-w- c:\windows\system32\ChCfg.exe

2009-07-13 06:08 . 2006-12-29 06:48 4026112 ----a-r- c:\windows\system32\drivers\alcxwdm.sys

2009-07-13 06:08 . 2009-07-13 06:08 -------- d-----w- c:\program files\Realtek AC97

2009-07-13 06:08 . 2006-12-08 07:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe

2009-07-13 06:08 . 2006-11-16 21:42 577536 ----a-w- c:\windows\soundman.exe

2009-07-13 06:08 . 2006-10-17 18:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll

2009-07-13 06:08 . 2009-07-13 06:08 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-13 06:08 . 2006-07-31 03:27 217088 ----a-w- c:\windows\Alcrmv.exe

2009-07-13 06:08 . 2006-07-31 03:19 315392 ----a-w- c:\windows\alcupd.exe

2009-07-13 06:08 . 2009-07-13 06:08 -------- d-----w- c:\program files\Common Files\InstallShield

2009-07-13 05:35 . 2009-07-13 05:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-07-12 12:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-07-12 12:43 . 2009-07-12 12:43 -------- d-----w- c:\windows\ie8updates

2009-07-12 12:43 . 2009-04-30 21:13 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-07-12 12:43 . 2009-04-30 21:13 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll

2009-07-12 12:43 . 2009-04-30 21:13 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll

2009-07-12 12:43 . 2009-04-30 21:13 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-12 12:42 . 2009-07-12 12:42 -------- d--h--w- c:\windows\ie8

2009-07-12 12:34 . 2009-07-12 12:34 -------- d-----w- c:\program files\Windows Media Connect 2

2009-07-12 12:33 . 2009-07-12 12:33 -------- d-----w- c:\windows\system32\LogFiles

2009-07-12 12:33 . 2009-07-12 12:33 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-07-12 12:31 . 2009-07-12 12:31 -------- d-----w- c:\windows\TWAIN_32

2009-07-12 12:30 . 2009-07-12 12:30 -------- d-----w- c:\windows\system32\URTTemp

2009-07-12 12:22 . 2008-06-14 17:32 269824 ------w- c:\windows\system32\drivers\bthport.sys

2009-07-12 12:22 . 2008-06-14 17:32 269824 ------w- c:\windows\system32\dllcache\bthport.sys

2009-07-12 12:20 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2009-07-12 12:20 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2009-07-12 12:20 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys

2009-07-12 12:20 . 2008-05-01 14:34 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2009-07-12 12:20 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll

2009-07-12 12:18 . 2008-10-03 10:03 246814 ------w- c:\windows\system32\dllcache\strmdll.dll

2009-07-12 12:18 . 2008-10-15 16:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2009-07-12 12:18 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll

2009-07-12 12:18 . 2008-04-21 21:14 207360 ------w- c:\windows\system32\dllcache\wordpad.exe

2009-07-12 12:14 . 2009-07-12 12:14 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-07-12 12:13 . 2009-01-07 10:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2009-07-12 12:13 . 2009-07-12 12:13 -------- d--h--w- c:\windows\$hf_mig$

2009-07-12 12:11 . 2008-10-16 06:09 43544 ----a-w- c:\windows\system32\wups2.dll

2009-07-12 12:11 . 2009-07-12 12:11 -------- d-----w- c:\windows\HELP

2009-07-12 12:09 . 2009-07-12 12:09 -------- d-sh--w- c:\documents and settings\Administrator\UserData

2009-07-12 11:45 . 2008-12-03 17:25 120832 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bpyef4m2.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll

2009-07-12 11:39 . 2009-07-12 11:40 66 ---ha-w- C:\aaw7boot.cmd

2009-07-12 11:35 . 2009-07-12 11:35 -------- d-----w- c:\windows\system32\DRVSTORE

2009-07-12 11:34 . 2009-07-12 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-07-12 11:12 . 2009-07-12 11:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-07-12 10:56 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-12 10:56 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-12 10:56 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-07-12 10:56 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-07-12 10:56 . 2009-07-12 10:56 -------- d-----w- c:\program files\Avira

2009-07-12 10:56 . 2009-07-12 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-07-12 10:52 . 2009-07-12 10:53 -------- d-----w- c:\program files\CCleaner

2009-07-12 10:45 . 2009-07-12 10:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-07-12 10:45 . 2009-07-12 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-12 10:42 . 2008-01-25 12:08 322730 --sha-r- C:\bootfont.bin

2009-07-12 10:41 . 2008-01-25 02:05 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-07-12 10:40 . 2008-01-25 11:49 7168 ----a-w- c:\windows\system32\hccoin.dll

2009-07-12 10:40 . 2001-08-17 05:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2009-07-12 10:40 . 2008-01-25 02:06 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys

2009-07-12 10:40 . 2008-01-25 02:06 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys

2009-07-12 10:40 . 2008-01-24 23:52 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys

 

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-13 07:19 . 1979-12-31 16:00 93754 ----a-w- c:\windows\system32\prfc0804.dat

2009-07-13 07:19 . 1979-12-31 16:00 263744 ----a-w- c:\windows\system32\prfh0804.dat

2009-07-13 07:06 . 1979-12-31 16:00 15888 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-13 05:02 . 1979-12-31 16:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:32 . 1979-12-31 16:00 340480 ----a-w- c:\windows\system32\localspl.dll

2009-04-19 19:47 . 1979-12-31 16:00 1846784 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:52 . 1979-12-31 16:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

.

 

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-01-25 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-16 577536]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-01-25 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-07 128512]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

 

R0 AFAMgt;AFAMgt;c:\windows\system32\drivers\afamgt.sys [1980-1-1 91707]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-7-12 18:56 108289]

S0 2310_00;2310_00;c:\windows\system32\drivers\2310_00.sys [1980-1-1 100224]

S0 cda1000;cda1000;c:\windows\system32\drivers\cda1000.sys [1980-1-1 280608]

S0 hptmv6;hptmv6;c:\windows\system32\drivers\hptmv6.sys [1980-1-1 93696]

S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [1980-1-1 9809]

S0 rr172x;rr172x;c:\windows\system32\drivers\rr172x.sys [1980-1-1 83200]

S0 rr174x;rr174x;c:\windows\system32\drivers\rr174x.sys [1980-1-1 99968]

S0 rr232x;rr232x;c:\windows\system32\drivers\rr232x.sys [1980-1-1 101120]

S0 rr2340;rr2340;c:\windows\system32\drivers\rr2340.sys [1980-1-1 101888]

S4 3wareDrv;3wareDrv;c:\windows\system32\drivers\3wareDrv.sys [1980-1-1 82184]

S4 3waregsm;3waregsm;c:\windows\system32\drivers\3waregsm.sys [1980-1-1 48832]

S4 3wareSrv;3ware Controller Service;c:\windows\system32\3waresrv.exe [1980-1-1 45056]

S4 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [1980-1-1 258939]

S4 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [1980-1-1 4928]

S4 aac;Adaptec RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [1980-1-1 50408]

S4 aacsas;Adaptec SAS/SATA-II RAID Miniport Driver;c:\windows\system32\drivers\aacsas.sys [1980-1-1 81035]

S4 aar1210;aar1210;c:\windows\system32\drivers\aar1210.sys [1980-1-1 186880]

S4 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [1980-1-1 360960]

S4 aec6210;ACARD AEC6210UF UltraDMA33 Controller;c:\windows\system32\drivers\aec6210.sys [1980-1-1 27648]

S4 aec6260;ACARD AEC6260 UltraDMA-66 Controller;c:\windows\system32\drivers\aec6260.sys [1980-1-1 23726]

S4 aec6280;aec6280;c:\windows\system32\drivers\aec6280.sys [1980-1-1 22528]

S4 aec6290;aec6290;c:\windows\system32\drivers\aec6280.sys [1980-1-1 22528]

S4 aec67160;aec67160;c:\windows\system32\drivers\aec67160.sys [1980-1-1 18432]

S4 AEC671X;AEC671X;c:\windows\system32\drivers\AEC671X.sys [1980-1-1 15086]

S4 AEC6880;AEC6880;c:\windows\system32\drivers\AEC6880.sys [1980-1-1 31566]

S4 aec6897;aec6897;c:\windows\system32\drivers\aec6897.sys [1980-1-1 50688]

S4 aec68x5;aec68x5;c:\windows\system32\drivers\AEC68x5.sys [1980-1-1 34238]

S4 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [1980-1-1 119808]

S4 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [1980-1-1 29696]

S4 amdeide;AMD EIDE 驱动程衼E;c:\windows\system32\drivers\AmdEide.sys [1980-1-1 41216]

S4 arcm_x86;arcm_x86;c:\windows\system32\drivers\arcm_x86.sys [1980-1-1 25888]

S4 ASH1205;SiI-3112 SATALink Controller;c:\windows\system32\drivers\ASH1205.sys [1980-1-1 47320]

S4 ata1200a;ata1200a;c:\windows\system32\drivers\ata1200a.sys [1980-1-1 44998]

S4 atiide;atiide;c:\windows\system32\drivers\atiide.sys [1980-1-1 6016]

S4 Cpq32fs2;Cpq32fs2;c:\windows\system32\drivers\cpq32fs2.sys [1980-1-1 64496]

S4 cpqcissm;cpqcissm;c:\windows\system32\drivers\cpqcissm.sys [1980-1-1 25912]

S4 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [1980-1-1 7680]

S4 FastSx;FastSx;c:\windows\system32\drivers\FastSx.sys [1980-1-1 326400]

S4 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [1980-1-1 81816]

S4 fttxr52P;fttxr52P;c:\windows\system32\drivers\fttxr52P.sys [1980-1-1 160256]

S4 HpCISSm2;HpCISSm2;c:\windows\system32\drivers\HpCISSm2.sys [1980-1-1 23040]

S4 Hpt366;Hpt366;c:\windows\system32\drivers\Hpt366.sys [1980-1-1 22880]

S4 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [1980-1-1 108150]

S4 hptmv;hptmv;c:\windows\system32\drivers\hptmv.sys [1980-1-1 168064]

S4 iaStor55;Intel RAID Controller;c:\windows\system32\drivers\iaStor55.sys [1980-1-1 874240]

S4 iaStor70;Intel RAID Controller;c:\windows\system32\drivers\iaStor70.sys [1980-1-1 277784]

S4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [1980-1-1 26112]

S4 m5228;m5228;c:\windows\system32\drivers\m5228.sys [1980-1-1 45069]

S4 m5281;m5281;c:\windows\system32\drivers\m5281.sys [1980-1-1 51072]

S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [1980-1-1 103680]

S4 m5288;m5288;c:\windows\system32\drivers\m5288.sys [1980-1-1 210304]

S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [1980-1-1 52480]

S4 MegaIDE;MegaIDE;c:\windows\system32\drivers\MegaIDE.sys [1980-1-1 163277]

S4 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [1980-1-1 34432]

S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [1980-1-1 91520]

S4 mvSata;mvSata;c:\windows\system32\drivers\mvsata.sys [1980-1-1 43520]

S4 nfrd960;IBM ServeRAID 4M/4L/4Mx/4Lx/5i/6M/6i/7k Device Driver;c:\windows\system32\drivers\nfrd960.sys [1980-1-1 74747]

S4 Pnp649r;CMD IDE Raid Controller;c:\windows\system32\drivers\pnp649r.sys [1980-1-1 66889]

S4 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [1980-1-1 66736]

S4 ql2200;ql2200;c:\windows\system32\drivers\ql2200.sys [1980-1-1 379958]

S4 ql2300;QLogic Fibre Channel SCSI Miniport Driver (w32 IP);c:\windows\system32\drivers\ql2300.sys [1980-1-1 1029632]

S4 raidsrc;raidsrc;c:\windows\system32\drivers\raidsrc.sys [1980-1-1 45392]

S4 S150sx8;S150sx8;c:\windows\system32\drivers\S150sx8.sys [1980-1-1 36864]

S4 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [1980-1-1 110128]

S4 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [1980-1-1 61952]

S4 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\SI3124.sys [1980-1-1 76208]

S4 SI3124r;SiI-3124 SATARaid Controller;c:\windows\system32\drivers\SI3124r.sys [1980-1-1 100881]

S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3124r5.sys [1980-1-1 207152]

S4 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [1980-1-1 68864]

S4 sisraidx;sisraidx;c:\windows\system32\drivers\sisraidx.sys [1980-1-1 47616]

S4 sptrak;sptrak;c:\windows\system32\drivers\sptrak.sys [1980-1-1 41216]

S4 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [1980-1-1 125952]

S4 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [1980-1-1 29184]

S4 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [1980-1-1 16896]

S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [1980-1-1 52224]

S4 VMscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1980-1-1 17968]

S4 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [1980-1-1 17920]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a71950f-6ed0-11de-9dfe-806d6172696f}]

\shell\play\Command - "c:\program files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9e518c-da6c-11dc-bdee-806d6172696f}]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

‘计划任务’ 文件夹 里的内容

 

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{54F2D1D6-C766-485F-86FC-71EEFCCE8CC3}.job

- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]

.

.

------- 而外的扫描 -------

.

uStart Page = hxxp://www.2345.com/

IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {9812ED10-E2F4-4510-800F-F5C30094BBDE} = 61.153.81.74 61.153.81.75

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bpyef4m2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.2345.com

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- 火狐配置文件 ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-13 16:25

Windows 5.1.2600 Service Pack 3, v.5755 FAT NTAPI

 

扫描被隐藏的进程 。。。

 

扫描被隐藏的启动组 。。。

 

扫描被隐藏的文件 。。。

 

扫描完成

被隐藏的档案: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1343024091-1085031214-515967899-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,e0,d9,e1,1a,99,ff,4d,97,cd,88,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,e0,d9,e1,1a,99,ff,4d,97,cd,88,\

 

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CLSID]

@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

 

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CurVer]

@="BDATuner.组件.1"

.

--------------------- 运行进程下的动态链接库 ---------------------

 

- - - - - - - > 'winlogon.exe'(580)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(1696)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

完成时间: 2009-07-13 16:26

ComboFix-quarantined-files.txt 2009-07-13 08:26

 

Pre-Run: 4 个目录 75,390,418,944 可用字节

Post-Run: 4 个目录 75,354,472,448 可用字节

 

WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

322 --- E O F --- 2009-07-12 12:47

 

 

Endret av xtryk
Lenke til kommentar

Videoannonse

Videoannonse
Annonse

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...