PTT數位生活區 / AntiVirus (防毒)

[問題] COMBOFIX檔

看板AntiVirus (防毒)作者 (小歪)時間17年前 (2008/11/16 21:36), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
電腦常常記憶體會被吃掉 跑了五六個小時之後就跟我說記憶體不足... 都已經把系統回復關了 結果還是沒效... 請好心的大大幫我看一下T^T,看看有沒有解決的方式... 以下為掃描結果 ComboFix 08-11-14.01 - user 2008-11-16 21:13:48.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.950.1.1028.18.1452 [GMT 8:00] 執行位置: c:\documents and settings\user\桌面\ComboFix.exe * 成功創造新還原點 * Resident AV is active . /wow section - STAGE 完成項目——10 程序無法存取檔案,因為檔案正由另一個程序使用。 /wow section 未完成 ((((((((((((((((((((((((( 2008-10-16 至 2008-11-16 的新的檔案 ))))))))))))))))))))))))))))))) . 2008-11-14 20:33 . 2008-10-24 19:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-14 20:32 . 2008-09-05 01:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-10-26 11:09 . 2008-02-01 16:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys 2008-10-26 11:09 . 2008-02-01 16:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys 2008-10-25 13:13 . 2008-10-16 00:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-17 15:33 . 2008-09-08 18:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-17 15:31 . 2008-08-14 21:20 2,189,056 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-17 15:31 . 2008-08-14 21:20 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-17 15:31 . 2008-08-14 21:20 2,065,920 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-17 15:31 . 2008-08-14 21:20 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-17 15:31 . 2008-09-15 23:24 1,846,016 -----c--- c:\windows\system32\dllcache\win32k.sys . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-16 13:19 30,356,512 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-11-16 13:19 1,054,496 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-11-16 04:55 --------- d-----w c:\program files\GoldWave 2008-11-16 03:55 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-11-14 16:05 408,752 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-11-14 16:05 102,440 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-11-07 15:43 --------- d-----w c:\program files\Nokia 2008-11-07 15:43 --------- d-----w c:\program files\Common Files\PCSuite 2008-11-07 15:43 --------- d-----w c:\program files\Common Files\Nokia 2008-11-07 15:29 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-10-26 13:26 --------- d-----w c:\documents and settings\user\Application Data\PC Suite 2008-10-25 14:58 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 06:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 06:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-09-30 15:59 352,256 ----a-w c:\windows\system32\ijl15.dll 2008-09-30 15:59 319,488 ----a-w c:\windows\system32\pvmjpg21.dll 2008-09-30 15:59 221,184 ----a-w c:\windows\system32\pv3decoder.dll 2008-09-30 08:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-17 16:48 --------- d-----w c:\program files\Windows Live Safety Center 2008-09-15 15:24 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:13 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll 2008-05-23 15:14 277,536 ----a-w c:\documents and settings\user\生活組.zip 2008-03-11 16:10 28,752 ----a-w c:\documents and settings\user\Application Data\GDIPFONTCACHEV1.DAT 2003-07-17 02:26 448,640 -c--a-w c:\windows\inf\EL2K_N64.sys 2003-07-17 02:22 147,328 -c--a-w c:\windows\inf\EL2K_XP.sys 2003-06-03 07:47 147,328 -c--a-w c:\windows\inf\EL2K_2K.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840] "Center Agent"="c:\program files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 864768] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528] "SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 585728] "PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656] "EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376] "CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "QuickTime Task"="d:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-05-27 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users\「開始」功能表\程式集\啟動\ Remote Control.lnk - c:\program files\KWorld Multimedia\TV713X Utilities\HMCP3XCtl.exe [2007-06-25 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceStartMenuLogoff"= 0 (0x0) "NoAddPrinter"= 1 (0x1) "NoDeletePrinter"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceStartMenuLogoff"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.pmp4"= pv3decoder.dll "vidc.MJPG"= pvmjpg21.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AdobeR.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ah.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\appmgmt.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bittorrent.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\command.com] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\copetttt.com] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\copy.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\desktop.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\desktop2.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Driveinfo.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\erdeIect.com] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\folder.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fun.xls.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ghost.pif] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\host.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iexplorers.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\info.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\info2.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msn.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntde1ect.com] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntdeIect.com] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntdelect.com] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\oauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OSO.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.pif] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonE.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rose.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\skrmejg.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sos.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sxs.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp1.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp2.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\toy.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uchelp.exe] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Windows.scr] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\yauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zauto.txt] "Debugger"=c:\windows\AntiUSBVirus.bat [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAST Defrag] --a------ 2005-08-24 12:12 97792 d:\progra~1\FDF\FAST2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-06-02 11:13 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-06-17 16:00 1249280 d:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-10-02 07:00 1124352 d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 d:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\Foxy\\Foxy.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\NextLink\\GOGOBOX\\GFSCAgent.exe"= "c:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\GG E-Sports Platform\\GGclient.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"= "c:\\Program Files\\Foxy\\Foxy.exe"= "c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"= "d:\\Program Files\\Open PCMan Combo\\PCMan.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11209:TCP"= 11209:TCP:Foxy (59.124.88.33:11209) 11209 TCP "11209:UDP"= 11209:UDP:Foxy (59.124.88.33:11209) 11209 UDP R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-06-25 670592] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344] S2 0107481196781418mcinstcleanup;McAfee Application Installer Cleanup (0107481196781418); [] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-10-26 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-10-26 8320] . ‘計劃任務’ 文件夾 裡的內容 2008-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-11-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - HKLM-Run-ClubBox - (no file) HKU-Default-Run-Nokia.PCSync - d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe . ------- 而外的掃描 ------- . FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9ut2kiud.default\ FF -: plugin - c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll FF -: plugin - d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll FF -: plugin - d:\program files\DivX\DivX Web Player\npdivx32.dll FF -: plugin - d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-16 21:19:45 Windows 5.1.2600 Service Pack 3 NTFS 掃描被隱藏的進程。。。 ... 掃描被隱藏的啟動組。。。 HKCU\Software\Microsoft\Windows\CurrentVersion\Run EPSON Stylus C45 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"?????????????????9???????????Y?V???????????????p?????????????<???????p?????????????????h??X?w???p??????j?wp?????8????|????T? 掃描被隱藏的文件。。。 掃描完成 被隱藏的檔案: 0 ************************************************************************** . 完成時間: 2008-11-16 21:28:36 ComboFix-quarantined-files.txt 2008-11-16 13:27:37 ComboFix2.txt 2008-03-01 09:47:58 Pre-Run: 7,361,179,648 位元組可用 Post-Run: 7,399,141,376 位元組可用 WindowsXP-KB310994-SP2-Home-BootDisk-CHT.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect C:\1KEYGHO.BIN="一鍵 GHOST 8.3.060428" 322 --- E O F --- 2008-11-16 03:58:32 -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 59.124.88.33
更多 vul3j9 的文章
文章代碼(AID): #19827Tgp (AntiVirus)
AntiVirus 近期熱門文章
更多 近期熱門文章 >>
PTT數位生活區 即時熱門文章
更多 即時熱門文章 >>
更多 vul3j9 的文章
文章代碼(AID): #19827Tgp (AntiVirus)