ComboFix 08-03-14.4 - Yips 2008-03-16 19:03:00.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.950.1.1028.18.1242 [GMT 8:00]
執行位置?: F:\Documents and Settings\Yips\桌面\新資料夾\ComboFix.exe
 * 已建立新的還原點

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((   其他遭刪除的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\Yips\Application Data\macromedia\Flash Player\#SharedObjects\NJXR7YXK\iforex.com
F:\Documents and Settings\Yips\Application Data\macromedia\Flash Player\#SharedObjects\NJXR7YXK\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
F:\Documents and Settings\Yips\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
F:\Documents and Settings\Yips\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

.
((((((((((((((((((((((((((((   2008-02-16 - 2008-03-16 之間建立的檔案  )))))))))))))))))))))))))))))))))
.

2008-03-16 14:17 . 2008-03-16 14:32	<DIR>	d--------	F:\UFI_Backup
2008-03-16 03:00 . 2008-03-16 03:21	<DIR>	d--h-----	F:\WINDOWS\$hf_mig$
2008-03-16 01:30 . 2008-03-16 01:30	<DIR>	d--------	F:\Documents and Settings\LocalService\桌面
2008-03-16 01:30 . 2008-03-16 01:30	<DIR>	d--------	F:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-16 01:09 . 2008-03-16 16:26	3,709	--a------	F:\WINDOWS\system32\Config.MPF
2008-03-15 15:59 . 2008-03-15 15:59	<DIR>	d--------	F:\Program Files\SiteAdvisor
2008-03-15 15:59 . 2008-03-16 19:03	<DIR>	d--------	F:\Documents and Settings\Yips\Application Data\SiteAdvisor
2008-03-15 15:59 . 2008-03-16 03:18	<DIR>	d--------	F:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-15 15:57 . 2007-07-21 09:08	201,288	--a------	F:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-15 15:57 . 2007-07-13 09:20	113,952	--a------	F:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-15 15:57 . 2007-07-24 07:40	79,304	--a------	F:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-15 15:57 . 2007-07-21 09:08	40,488	--a------	F:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-15 15:57 . 2007-07-21 09:08	35,240	--a------	F:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-15 15:57 . 2007-07-24 12:02	33,800	--a------	F:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-15 15:56 . 2008-03-15 15:57	<DIR>	d--------	F:\Program Files\McAfee.com
2008-03-15 15:56 . 2008-03-16 05:53	<DIR>	d--------	F:\Program Files\McAfee
2008-03-15 15:56 . 2008-03-15 15:57	<DIR>	d--------	F:\Program Files\Common Files\McAfee
2008-03-15 15:30 . 2008-03-15 15:30	<DIR>	d--------	F:\WINDOWS\McAfee.com
2008-03-15 14:45 . 2008-03-16 01:29	<DIR>	d--------	F:\Documents and Settings\All Users\Application Data\McAfee
2008-03-05 19:00 . 2008-03-05 19:00	<DIR>	d--------	F:\Program Files\Common Files\Adobe
2008-02-25 19:52 . 2008-02-25 19:52	50	--a------	F:\WINDOWS\cdplayer.ini
2008-02-17 00:22 . 2008-02-17 00:22	107,888	--a------	F:\WINDOWS\system32\CmdLineExt.dll
2008-02-17 00:21 . 2008-02-17 00:21	<DIR>	d--------	F:\WINDOWS\system32\AGEIA
2008-02-17 00:21 . 2008-02-17 00:21	<DIR>	d--------	F:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 00:21 . 2008-02-17 00:21	<DIR>	d--------	F:\Program Files\AGEIA Technologies
2008-02-16 13:04 . 2008-03-05 04:49	38	--a------	F:\WINDOWS\AviSplitter.INI

.
((((((((((((((((((((((((((((((((((((   近三個月內更動的檔案   )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 08:37	---------	d---a-w	F:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 21:13	---------	d--h--w	F:\Program Files\InstallShield Installation Information
2008-03-15 17:38	---------	d-----w	F:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-15 17:07	---------	d-----w	F:\Program Files\ESET
2008-03-13 09:21	---------	d-----w	F:\Program Files\Spyware Doctor
2008-03-10 10:40	---------	d-----w	F:\Program Files\Windows Live Safety Center
2008-03-08 12:39	---------	d-----w	F:\Program Files\BitComet
2008-03-07 07:00	---------	d-----w	F:\Program Files\Norton Security Scan
2008-02-22 23:41	---------	d-----w	F:\Program Files\Common Files\Symantec Shared
2008-02-18 11:19	---------	d-----w	F:\Program Files\SWDHC
2008-02-17 12:26	---------	d-----w	F:\Documents and Settings\Yips\Application Data\U3
2008-02-15 05:51	359,040	----a-w	F:\WINDOWS\system32\drivers\TCPIP.SYS
2008-02-14 02:57	---------	d-----w	F:\Documents and Settings\Yips\Application Data\PC Tools
2008-02-10 09:32	---------	d-----w	F:\Documents and Settings\Yips\Application Data\Ahead
2008-02-07 03:54	---------	d-----w	F:\Program Files\Java
2008-02-04 13:15	---------	d-----w	F:\Program Files\Picasa2
2008-02-04 13:15	---------	d-----w	F:\Program Files\Google
2008-02-04 13:02	---------	d-----w	F:\Program Files\Windows Live
2008-02-04 11:36	---------	d-----w	F:\Program Files\Microsoft ActiveSync
2008-02-04 11:30	---------	d-----w	F:\Program Files\Common Files\CANON
2008-02-04 11:29	---------	d-----w	F:\Program Files\Canon
2008-02-04 11:28	---------	d--h--w	F:\Documents and Settings\All Users\Application Data\CanonBJ
2008-02-04 11:27	---------	d--h--w	F:\Program Files\CanonBJ
2008-02-04 11:21	---------	d-----w	F:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-04 11:20	---------	d-----w	F:\Program Files\Common Files\LightScribe
2008-02-04 11:20	---------	d-----w	F:\Program Files\Common Files\Ahead
2008-02-04 11:16	---------	d-----w	F:\Program Files\Nero
2008-02-04 11:16	---------	d-----w	F:\Documents and Settings\All Users\Application Data\Nero
2008-02-04 11:10	---------	d-----w	F:\Program Files\XP Codec Pack
2008-02-04 11:07	223,128	----a-w	F:\WINDOWS\system32\drivers\vaxscsi.sys
2008-02-04 11:07	---------	d-----w	F:\Program Files\Alcohol Soft
2008-02-04 11:05	611,064	----a-w	F:\WINDOWS\system32\drivers\sptd.sys
2008-02-04 10:26	---------	d-----w	F:\Program Files\Common Files\InstallShield
2008-02-04 08:53	---------	d-----w	F:\Program Files\Realtek
2008-02-03 21:19	---------	d-----w	F:\Program Files\Common Files\Java
2008-02-03 20:37	---------	d-----w	F:\Program Files\The KMPlayer
2008-02-03 20:34	---------	d-----w	F:\Program Files\Real
2008-02-03 20:34	---------	d-----w	F:\Program Files\Common Files\xing shared
2008-02-03 20:34	---------	d-----w	F:\Program Files\Common Files\Real
2008-02-03 20:13	315,392	----a-w	F:\WINDOWS\HideWin.exe
2008-02-03 19:54	---------	d-----w	F:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((((((((   重要登錄檔   )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:47 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="F:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"TkBellExe"="F:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-04 04:34 185896]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 15:28 16126464 F:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 F:\WINDOWS\Alcmtr.exe]
"NeroFilterCheck"="F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 14:20 161064]
"Easy-PrintToolBox"="F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2006-10-17 09:20 398944]
"CJIMETIPSYNC"="F:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 22:57 63040]
"PHIMETIPSYNC"="F:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 22:57 95296]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ISTray"="F:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"mcagent_exe"="F:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:47 15360]

F:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Google 更新器.lnk - F:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-04 21:15:06 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\Program Files\\BitComet\\BitComet.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\WINDOWS\\system32\\sessmgr.exe"=
"F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26083:TCP"= 26083:TCP:BitComet 26083 TCP
"26083:UDP"= 26083:UDP:BitComet 26083 UDP

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;F:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 14:12]
R3 RTHDMIAzAudService;Service for HDMI;F:\WINDOWS\system32\drivers\RtHDMI.sys [2007-02-05 10:23]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"F:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
排程工作資料夾的內容
"2008-03-15 17:28:45 F:\WINDOWS\Tasks\McDefragTask.job"
- f:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-15 17:28:45 F:\WINDOWS\Tasks\McQcTask.job"
- f:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-07 07:00:17 F:\WINDOWS\Tasks\Norton Security Scan.job"
- F:\Program Files\Norton Security Scan\Nsss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 19:05:49
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成 
隱藏檔案?: 0 

**************************************************************************
.
完成時間?: 2008-03-16 19:06:52
ComboFix-quarantined-files.txt  2008-03-16 11:06:49
.
2008-03-15 19:01:13	--- E O F ---