ComboFix 08-09-28.01 - Chui 2008-09-30 0:27:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.1.1028.18.132 [GMT 8:00]
°õ¦æ¦ì¸m: C:\Documents and Settings\Chui\®à±\ComboFix.exe
* ¤w«Ø¥ß·sªºÁÙìÂI
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( ¨ä¥L¾D§R°£ªºÀÉ®× ))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Chui\My Documents\My Music\[12-21] ªF¨È¸s¬P - Songs Of Painting ·sºq+ºë¿ï ÂøÀA¤jºÐ(AVCD)\_desktop.ini
C:\Documents and Settings\Chui\My Documents\My Music\bbµ¼Ö\_desktop.ini
C:\Documents and Settings\Chui\My Documents\My Music\mp3µ¼Ö\_desktop.ini
C:\Documents and Settings\Chui\My Documents\My Music\mp3µ¼Ö\INF\_desktop.ini
C:\Documents and Settings\Chui\My Documents\My Music\mp3µ¼Ö\ȺÐÇ - ¿Ì¹ÇÃúÐÄ[192KVBR][234MB]\_desktop.ini
C:\Documents and Settings\Chui\My Documents\My Music\¸s¬P-¦~²×2005·¥¿ï ³Ì¬õ«ax»R¦±·¥¥þ°O¿ý\_desktop.ini
C:\Documents and Settings\Chui\My Documents\My Music\ÁºÑãôá - ²ØÐÄ[192K][70MB]\_desktop.ini
C:\Documents and Settings\Chui\My Documents\¤uµ{\_desktop.ini
C:\Documents and Settings\Chui\My Documents\¥Í¬Û¤ù\_desktop.ini
C:\Documents and Settings\Chui\My Documents\¥Í¬Û¤ù\·s¸ê®Æ§¨\_desktop.ini
C:\WINDOWS\mrgtask.ini
C:\WINDOWS\system32\369774CA.cfg
C:\WINDOWS\system32\495271CA.cfg
C:\WINDOWS\system32\4BF9CBA3.cfg
C:\WINDOWS\system32\5184B75C.cfg
C:\WINDOWS\system32\53360697.cfg
C:\WINDOWS\system32\6AECFF9B.cfg
C:\WINDOWS\system32\8566F82E.cfg
C:\WINDOWS\system32\9CA963CA.cfg
C:\WINDOWS\system32\aecff9.sys
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\C5350C93.cfg
C:\WINDOWS\system32\catsrvwl.nls
C:\WINDOWS\system32\cliconfgzx.nls
C:\WINDOWS\system32\cmbdafk.exe
C:\WINDOWS\system32\drivers\HBKernel32.sys
C:\WINDOWS\system32\drivers\msiffei.sys
C:\WINDOWS\system32\EBE50EA1.cfg
C:\WINDOWS\system32\etshabty.exe
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\jashbbty.sys
C:\WINDOWS\system32\kbdswjr.nls
C:\WINDOWS\system32\kub12.dll
C:\WINDOWS\system32\kub12.exe
C:\WINDOWS\system32\mfdesy.dll.LoG
C:\WINDOWS\system32\mstimewd.nls
C:\WINDOWS\system32\mtewdh.dll.LoG
C:\WINDOWS\system32\scrruncqsj.nls
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\tdffdl.dll.LoG
C:\WINDOWS\system32\thermaltinck.exe
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\Winxp.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AECFF9
-------\Legacy_HBKERNEL32
-------\Service_aecff9
-------\Service_d7ba6e
-------\Service_HBKernel32
-------\Service_Hdv32
-------\Service_msIffei
(((((((((((((((((((((((((((( 2008-08-28 - 2008-09-29 ¤§¶¡«Ø¥ßªºÀÉ®× )))))))))))))))))))))))))))))))))
.
2008-09-30 00:25 . 2008-09-30 00:25
d-------- C:\_OTMoveIt
2008-09-27 23:44 . 2008-09-27 23:44 d-------- C:\Program Files\Trend Micro
2008-09-27 23:30 . 2008-09-27 23:31 d-------- C:\Program Files\Maxthon2
2008-09-27 23:30 . 2008-09-30 00:11 d-------- C:\Documents and Settings\Chui\Application Data\MxBoost
2008-09-21 20:16 . 2008-09-21 20:16 428 --a------ C:\WINDOWS\system32\rqyvzaai.nls
2008-09-21 20:16 . 2008-09-21 20:16 288 --a------ C:\WINDOWS\system32\omhwjxrn.nls
2008-09-21 20:16 . 2008-09-21 20:16 288 --a------ C:\WINDOWS\system32\lkcxolcn.nls
2008-09-21 20:16 . 2008-09-21 20:16 148 --a------ C:\WINDOWS\system32\xcunltce.nls
2008-09-21 20:16 . 2008-09-21 20:16 148 --a------ C:\WINDOWS\system32\wtsapi32yt2.nls
2008-09-21 20:16 . 2008-09-21 20:16 148 --a------ C:\WINDOWS\system32\eiugimic.nls
2008-09-21 20:15 . 2008-09-21 20:15 428 --a------ C:\WINDOWS\system32\ulptxuad.nls
2008-09-21 20:15 . 2008-09-21 20:15 428 --a------ C:\WINDOWS\system32\nysjmbxi.nls
2008-09-20 16:42 . 2008-09-20 16:42 288 --a------ C:\WINDOWS\system32\alvpldvo.nls
2008-09-20 16:41 . 2008-09-20 16:41 428 --a------ C:\WINDOWS\system32\zthaword.nls
2008-09-20 16:41 . 2008-09-20 16:41 428 --a------ C:\WINDOWS\system32\gysmfskj.nls
2008-09-20 16:41 . 2008-09-20 16:41 428 --a------ C:\WINDOWS\system32\dkmujnte.nls
2008-09-20 16:41 . 2008-09-20 16:41 288 --a------ C:\WINDOWS\system32\drqbmldm.nls
2008-09-20 16:41 . 2008-09-20 16:41 148 --a------ C:\WINDOWS\system32\jxjfmoez.nls
2008-09-20 14:27 . 2008-09-20 14:27 288 --a------ C:\WINDOWS\system32\jpfyahee.nls
2008-09-20 12:00 . 2008-09-20 12:00 288 --a------ C:\WINDOWS\system32\klgjqolh.nls
2008-09-20 11:17 . 2008-09-20 11:17 428 --a------ C:\WINDOWS\system32\sitrosxu.nls
2008-09-20 08:16 . 2008-09-20 08:16 428 --a------ C:\WINDOWS\system32\xgnymdoc.nls
2008-09-20 08:16 . 2008-09-20 08:16 428 --a------ C:\WINDOWS\system32\nyapkhce.nls
2008-09-20 00:56 . 2008-09-20 00:56 288 --a------ C:\WINDOWS\system32\agvlckdj.nls
2008-09-20 00:55 . 2008-09-20 00:55 428 --a------ C:\WINDOWS\system32\munzzyam.nls
2008-09-20 00:55 . 2008-09-20 00:55 428 --a------ C:\WINDOWS\system32\izwsjvrj.nls
2008-09-20 00:55 . 2008-09-20 00:55 428 --a------ C:\WINDOWS\system32\cxpbdexx.nls
.
(((((((((((((((((((((((((((((((((((( ªñ¤TӤ뤺§ó°ÊªºÀÉ®× )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 14:16 --------- d-----w C:\Documents and Settings\Chui\Application Data\AVG7
2008-09-19 13:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 08:37 --------- d-----w C:\Documents and Settings\Chui\Application Data\MSNShell
2008-09-13 02:03 --------- d-----w C:\Program Files\GrandChase
2008-08-23 02:46 --------- d-----w C:\Program Files\gamania
2008-08-21 06:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonTW
2008-08-16 16:46 --------- d-----w C:\Program Files\PPStream
2008-08-16 16:46 --------- d-----w C:\Program Files\MSN Messenger
2008-08-06 04:06 --------- d-----w C:\Documents and Settings\Chui\Application Data\ppstream
2008-07-31 18:28 --------- d-----w C:\Program Files\Stamina
2008-07-31 17:52 --------- d-----w C:\Documents and Settings\Chui\Application Data\U3
2006-10-20 11:42 102,400 ----a-w C:\Documents and Settings\Chui\com_securenetasia_p11wrapper2.dll
2004-10-01 07:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-08-08 01:13 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
.
(((((((((((((((((((((((((((((((((((((((((( «nµn¿ýÀÉ )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*ª`·N* ªÅ¥Õ©Î¦Xªkªºµn¿ýȱN¤£·|Åã¥Ü
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ezHelper"="C:\Program Files\ezHelper\ezHelper.exe" [2007-08-02 458760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-04-28 589824]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-20 180269]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-25 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-28 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 282624]
"VTTimer"="VTTimer.exe" [2005-03-09 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-13 C:\WINDOWS\system32\VTTrayp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-25 219136]
C:\Documents and Settings\All Users\¡u¶}©l¡v¥\¯àªí\µ{¦¡¶°\±Ò°Ê\
WL Utility.lnk - C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe [2007-06-30 512000]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\GrandChase\\Main.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Chinesegamer\\WLOnline\\Update.exe"=
"C:\\Documents and Settings\\Chui\\®à±\\¤¬ËΧڥý\\msnmsgr.exe"=
"C:\\ezPeerPlus\\ezPeerPlus.exe"=
"C:\\Program Files\\MSNShell\\Bin\\engie.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=
"C:\\Documents and Settings\\Chui\\®à±\\¤¬ËΧڥý\\aoc¥@¬ö«Ò°êII-©ºªAªÌ¤J«I 2\\aoc\\AgeIICON\\age2_x1.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Chinesegamer\\WLOnline\\Main.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17472:TCP"= 17472:TCP:BitComet 17472 TCP
"17472:UDP"= 17472:UDP:BitComet 17472 UDP
"20368:TCP"= 20368:TCP:BitComet 20368 TCP
"20368:UDP"= 20368:UDP:BitComet 20368 UDP
"5692:TCP"= 5692:TCP:Foxy (192.168.0.121:5692) 5692 TCP
"5692:UDP"= 5692:UDP:Foxy (192.168.0.121:5692) 5692 UDP
R0 dvkxr;dvkxr;C:\WINDOWS\system32\drivers\dvkxr.sys [2004-08-04 28704]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\WINDOWS\system32\DRIVERS\athrusb.sys [2006-11-30 446976]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-08-01 60928]
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-08-01 8336]
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-08-01 96672]
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2005-07-15 88080]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys [2005-07-15 85952]
S3 ZD1211BU(WIFI LINK);WIFI LINK IEEE 802.11 b+g Wireless LAN Driver (USB)(WIFI LINK);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da385626-3b65-11dd-bab4-0015f2c49336}]
\Shell\Auto\command - autorunx.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorunx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbbd944c-27c9-11dc-b791-0015f2c49336}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{39852EFE-325B-45EF-9A60-3DBECD2DDDD5} - (no file)
ShellExecuteHooks-{eaa21495-29ae-4e50-8ad9-a4f877c1ab85} - C:\WINDOWS\system32\MMHADPQG1097.dll
ShellExecuteHooks-{00050005-0005-0005-0005-00050005BB15} - (no file)
ShellExecuteHooks-{BA4B5EBD-AB43-4c2b-84F5-F1AD85E79E4A} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Chui\Application Data\Mozilla\Firefox\Profiles\k9kyiv4z.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://zh-CN.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-CN:official
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 00:32:34
Windows 5.1.2600 Service Pack 2 NTFS
±½´yÁôÂ꺵{§Ç...
±½´yÁôÂ꺶iµ{...
±½´yÁôÂêºÀÉ®×...
±½´y§¹¦¨
ÁôÂÃÀÉ®×: 0
**************************************************************************
.
------------------------ Other Running Proocesses ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
§¹¦¨®É¶¡: 2008-09-30 0:38:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-29 16:38:35
Pre-Run: 54,270,971,904 ¦ì¤¸²Õ¥i¥Î
Post-Run: 58,195,042,304 ¦ì¤¸²Õ¥i¥Î
229 --- E O F --- 2008-09-09 22:48:24