Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Trojan and spyware (i guess)

[Fixed] Hijackthis! Logs - Trojan and spyware (i guess) posted in the Security & Safety forums; ComboFix 08-02-17.2 - Si Lai 2008-02-18 22:30:30.4 - NTFSx86 執行位置?: C:\Users\Si Lai\Desktop\ComboFix.exe . (((((((((((((((((((((((((((( 2008-01-18 - 2008-02-18 之間建立的檔案 ))))))))))))))))))))))))))))))))) . 2008-02-18 14:09 . 2008-02-18 14:09 231,103,480 --a------ C:\Windows\MEMORY.DMP 2008-02-17 21:15 ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 3 of 3 < 1 2 3
  #15  
Old 02-18-2008
Bronze Member
My PC
 
Join Date: Feb 2008
Location: UK
Posts: 12
PC Experience: Some Experience
simonlaihk - See this Members User comments on their Profile page
Default Re: Trojan and spyware (i guess)
ComboFix 08-02-17.2 - Si Lai 2008-02-18 22:30:30.4 - NTFSx86
執行位置?: C:\Users\Si Lai\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((( 2008-01-18 - 2008-02-18 之間建立的檔案 )))))))))))))))))))))))))))))))))
.
2008-02-18 14:09 . 2008-02-18 14:09 231,103,480 --a------ C:\Windows\MEMORY.DMP
2008-02-17 21:15 . 2008-02-17 21:15 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-17 21:15 . 2008-02-17 21:15 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-17 17:17 . 2008-02-17 17:17 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-17 11:22 . 2008-02-17 11:22 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-17 11:22 . 2008-02-17 11:22 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-17 11:22 . 2008-02-17 11:22 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-17 11:22 . 2008-02-17 11:22 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-17 11:22 . 2008-02-17 11:22 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-17 11:22 . 2008-02-17 11:22 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-17 11:22 . 2008-02-17 11:22 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-17 11:21 . 2008-02-17 11:21 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-17 11:21 . 2008-02-17 11:21 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-17 11:21 . 2008-02-17 11:21 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-17 11:21 . 2008-02-17 11:21 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-17 11:21 . 2008-02-17 11:21 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-17 11:20 . 2008-02-17 11:20 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 11:20 . 2008-02-17 11:20 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-17 11:09 . 2008-02-17 11:09 268 --ah----- C:\sqmdata07.sqm
2008-02-17 11:09 . 2008-02-17 11:09 244 --ah----- C:\sqmnoopt07.sqm
2008-02-12 22:15 . 2008-02-12 22:15 268 --ah----- C:\sqmdata06.sqm
2008-02-12 22:15 . 2008-02-12 22:15 244 --ah----- C:\sqmnoopt06.sqm
2008-02-12 18:10 . 2008-02-12 18:10 268 --ah----- C:\sqmdata05.sqm
2008-02-12 18:10 . 2008-02-12 18:10 244 --ah----- C:\sqmnoopt05.sqm
2008-02-10 11:58 . 2008-02-10 11:58 268 --ah----- C:\sqmdata04.sqm
2008-02-10 11:58 . 2008-02-10 11:58 244 --ah----- C:\sqmnoopt04.sqm
2008-02-09 14:00 . 2008-02-09 14:00 268 --ah----- C:\sqmdata03.sqm
2008-02-09 14:00 . 2008-02-09 14:00 244 --ah----- C:\sqmnoopt03.sqm
2008-02-09 09:20 . 2008-02-09 09:20 268 --ah----- C:\sqmdata02.sqm
2008-02-09 09:20 . 2008-02-09 09:20 244 --ah----- C:\sqmnoopt02.sqm
2008-02-08 21:23 . 2008-02-08 21:23 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\Apple Computer
2008-02-08 21:23 . 2008-02-08 21:23 <DIR> d-------- C:\Program Files\iTunes
2008-02-08 21:23 . 2008-02-08 21:23 <DIR> d-------- C:\Program Files\iPod
2008-02-08 21:23 . 2008-02-08 21:23 54,156 --ah----- C:\Windows\QTFont.qfn
2008-02-08 21:23 . 2008-02-08 21:23 1,409 --a------ C:\Windows\QTFont.for
2008-02-08 21:10 . 2008-02-08 21:23 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-02-08 21:10 . 2008-02-08 21:23 <DIR> d-------- C:\ProgramData\Apple Computer
2008-02-08 21:10 . 2008-02-08 21:11 <DIR> d-------- C:\Program Files\QuickTime
2008-02-08 21:10 . 2008-02-08 21:10 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-08 21:09 . 2008-02-08 21:09 <DIR> d-------- C:\Users\All Users\Apple
2008-02-08 21:09 . 2008-02-08 21:09 <DIR> d-------- C:\ProgramData\Apple
2008-02-08 21:09 . 2008-02-08 21:09 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-08 15:25 . 2008-02-08 16:18 <DIR> d-------- C:\SDFix
2008-02-06 18:28 . 2008-02-06 18:28 <DIR> d-------- C:\Program Files\CCleaner
2008-02-05 17:10 . 2008-02-05 17:10 <DIR> d-------- C:\Users\Si Lai\Music
2008-02-01 16:00 . 2008-02-01 16:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 15:37 . 2008-02-01 15:37 <DIR> d-------- C:\VundoFix Backups
2008-02-01 15:32 . 2008-02-01 15:35 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-01 15:32 . 2008-02-01 15:35 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-01 15:32 . 2008-02-01 15:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-30 23:52 . 2008-01-30 23:52 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-01-30 23:52 . 2008-01-30 23:52 <DIR> d-------- C:\ProgramData\FLEXnet
2008-01-30 12:56 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-01-30 12:56 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-01-30 12:56 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-01-30 12:56 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-30 12:55 . 2008-01-30 12:55 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\PC Tools
2008-01-30 12:55 . 2008-02-06 18:16 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-30 12:36 . 2008-01-30 12:36 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\PCToolsFirewallPlus
2008-01-30 12:33 . 2008-02-18 22:15 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-30 12:33 . 2008-02-18 22:15 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-30 12:31 . 2008-02-06 19:12 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-01-30 12:31 . 2008-01-30 12:31 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-01-30 12:31 . 2008-01-04 14:13 218,520 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-01-30 12:31 . 2008-01-04 14:13 125,848 --a------ C:\Windows\System32\drivers\pctfw.sys
2008-01-30 12:31 . 2008-01-04 14:13 40,856 --a------ C:\Windows\System32\drivers\pctmp.sys
2008-01-30 12:31 . 2008-01-04 14:13 18,328 --a------ C:\Windows\System32\drivers\pctssipc.sys
2008-01-27 22:12 . 2008-02-18 09:24 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\AVG7
2008-01-27 22:08 . 2008-01-27 22:08 <DIR> d-------- C:\Users\All Users\Grisoft
2008-01-27 22:08 . 2008-01-27 22:14 <DIR> d-------- C:\Users\All Users\avg7
2008-01-27 22:08 . 2008-01-27 22:08 <DIR> d-------- C:\ProgramData\Grisoft
2008-01-27 22:08 . 2008-01-27 22:14 <DIR> d-------- C:\ProgramData\avg7
2008-01-27 22:08 . 2008-01-27 22:08 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-01-27 18:53 . 2008-01-30 22:32 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\Free Download Manager
2008-01-27 18:53 . 2008-01-27 18:53 <DIR> d-------- C:\Program Files\Free Download Manager
2008-01-26 14:20 . 2008-01-26 14:20 67 --a------ C:\Windows\DVDRegionFree.INI
2008-01-26 14:17 . 2008-01-26 14:17 <DIR> d-------- C:\Program Files\DVD Region+CSS Free
.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 22:15 49,416 ----a-w C:\Users\Si Lai\AppData\Roaming\nvModes.dat
2008-02-17 11:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-17 11:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 11:20 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 11:20 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 11:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 11:16 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 11:16 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 11:16 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 11:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-08 21:22 --------- d-----w C:\Program Files\Bonjour
2008-01-28 18:34 --------- d-----w C:\Program Files\7-Zip
2008-01-26 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 02:39 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-01-10 05:01 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 20:10 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 20:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 20:10 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 20:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 18:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-06 14:40 --------- d-----w C:\ProgramData\Lavasoft
2008-01-06 14:40 --------- d-----w C:\Program Files\Lavasoft
2008-01-06 14:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 06:08 --------- d-----w C:\ProgramData\Age of Empires 3
2008-01-06 05:35 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-01-06 04:42 --------- d-----w C:\Program Files\Microsoft Games
2008-01-03 04:39 --------- d-----w C:\Users\Si Lai\AppData\Roaming\Ahead
2008-01-03 03:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-03 02:37 --------- d-----w C:\ProgramData\CyberLink
2008-01-03 02:36 --------- d-----w C:\Users\Si Lai\AppData\Roaming\CyberLink
2008-01-03 02:21 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-02 14:43 --------- d-----w C:\Program Files\Equis
2008-01-02 14:43 --------- d-----w C:\Program Files\Common Files\Equis
2008-01-02 07:17 --------- d-----w C:\Program Files\Real
2008-01-02 07:17 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-02 07:17 --------- d-----w C:\Program Files\Common Files\Real
2008-01-01 12:06 --------- d-----w C:\Program Files\Trojan-PSW_Win32_Delf_sl_Remover
2007-12-30 12:33 --------- d-----w C:\Users\Si Lai\AppData\Roaming\Lingoes
2007-12-29 14:04 --------- d-----w C:\Program Files\Lingoes
2007-12-29 13:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-29 13:33 --------- d-----w C:\Users\Si Lai\AppData\Roaming\AdobeUM
2007-12-29 08:39 --------- d-----w C:\Users\Si Lai\AppData\Roaming\Media Player Classic
2007-12-29 08:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-29 08:35 --------- d-----w C:\Program Files\BulletProofSoft.com
2007-12-29 08:24 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-29 08:11 36,864 ----a-w C:\Windows\System32\QCKEY32.DLL
2007-12-29 07:57 4,994,717 ----a-w C:\Windows\System32\q9data.bin
2007-12-29 07:52 --------- d-----w C:\Program Files\RISEDICT
2007-12-29 07:51 --------- d-----w C:\Program Files\CHDICT
2007-12-29 07:49 65,536 ----a-w C:\Windows\System32\qcSkinMakerDll.dll
2007-12-29 07:49 57,396 ----a-w C:\Windows\System32\Q9xpb5u.EXE
2007-12-29 07:49 47,252 ----a-w C:\Windows\System32\Qcbeigbk.bin
2007-12-29 07:49 4,236,288 ----a-w C:\Windows\System32\q9xpb5.exe
2007-12-29 07:49 35,328 ----a-w C:\Windows\System32\qseteudc.exe
2007-12-29 07:49 29,514 ----a-w C:\Windows\System32\QCBEIB5.BIN
2007-12-29 07:49 103,840 ----a-w C:\Windows\System32\q9wave16.exe
2007-12-29 07:49 --------- d-----w C:\Program Files\Q9XPB5
2007-12-29 07:48 90,162 ----a-w C:\Windows\System32\doime.exe
2007-12-29 07:48 65,536 ----a-w C:\Windows\System32\SkinMakerDll.dll
2007-12-29 07:48 29,516 ----a-w C:\Windows\System32\q9b5gb.bin
2007-12-29 07:48 26,112 ----a-w C:\Windows\System32\QTRAYIME.EXE
2007-12-29 03:40 --------- d-----w C:\Users\Si Lai\AppData\Roaming\ArcSoft
2007-12-29 03:03 --------- d-----w C:\Program Files\BitComet
2007-12-28 15:32 --------- d-----w C:\Program Files\Windows Defender
2007-12-28 15:32 --------- d-----w C:\Program Files\Windows Calendar
2007-12-28 15:14 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 15:13 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-12-28 15:13 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-12-28 15:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-28 15:12 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-28 15:12 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-28 15:11 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-28 15:11 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-12-28 15:11 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-28 15:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-28 15:11 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-28 15:11 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-28 15:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-28 15:11 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-12-28 15:11 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-28 15:11 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-28 15:11 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-12-28 14:44 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 14:34 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-28 14:32 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2007-12-28 14:32 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-28 14:31 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-28 14:31 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-28 14:30 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-28 14:30 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-28 14:30 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-28 14:30 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-28 14:30 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-28 14:30 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-28 14:30 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-28 14:30 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-28 14:30 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-28 14:29 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-12-28 14:26 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-28 14:26 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))) )))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 20:10 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 03:35 5724184]
"Lingoes"="C:\Program Files\Lingoes\Translator2\Lingoes.exe" [2007-12-06 20:57 1933312]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-03 02:28 4608]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-28 15:13 1006264]
"Unattend0000000001{C1C65770-BE5F-4D51-8681-EF44DA75AE36}"="wscript.exe" [2006-11-02 09:46 135168 C:\Windows\System32\wscript.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-28 11:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-28 11:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-04-28 11:05 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-04 08:56 4452352 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 08:49 861744]
"Q-HotkeyMgr"="C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe" [2007-03-30 02:26 237673]
"QShot"="C:\Program Files\BenQ\QShot\QShot.exe" [2007-04-13 02:14 421888]
"BenQSurround"="C:\Program Files\BenQ\BenQ Surround\BenQSurround.exe" [2007-04-20 03:33 1187840]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 07:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 14:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 07:40 155648]
"Q-MediaBar"="C:\Program Files\BenQ\Q-MediaBar\QBar.exe" [2007-01-26 00:49 159744]
"Unattend0000000001{DD273B8B-BEE0-4F62-83E5-9E21F47874A1}"="wscript.exe" [2006-11-02 09:46 135168 C:\Windows\System32\wscript.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 23:00 33648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-02 07:17 185896]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-27 22:08 579072]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-12-31 09:16 2594712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-27 22:08 219136]
C:\Users\Si Lai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
九方快速啟動.lnk - C:\Windows\System32\QTRAYIME.EXE [2007-12-29 07:48:58 26112]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 15:18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-27 22:08 9216 C:\Windows\System32\avgwlntf.dll
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.s ys [2008-01-04 14:13]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\Windows\system32\drivers\pctmp.sys [2008-01-04 14:13]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\Windows\system32\drivers\pctssipc.sys [2008-01-04 14:13]
R2 QBIOSIO;QBIOSIo.dll;C:\Windows\system32\QBIOSIo.dl l [2007-01-19 16:02]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 ARCSOFTVIRTUALCAPTURE;ArcSoft Magic-i Driver;C:\Windows\system32\DRIVERS\ArcSoftVirtualC apture.sys [2006-11-24 09:53]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-01-23 08:25]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-07 10:35]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-13 02:12]
S3 btwaudio;藍芽音效裝置;C:\Windows\system32\drivers\btwaud io.sys [2006-11-20 05:59]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-20 05:59]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwr chid.sys [2006-11-20 05:59]
S3 QBIOSIO.dll;QBIOSIO.dll;C:\Windows\system32\QBIOSI O.dll [2007-01-19 16:02]
S3 QBIOSIOdetect.dll;QBIOSIOdetect.dll;C:\DRV\BT\BTCh k\QBIOSIOdetect.dll [2007-01-22 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bc9495bb-b52a-11dc-8f88-806e6f6e6963}]
\shell\AutoRun\command - E:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c14dc390-b530-11dc-97e4-001b24a47bc1}]
\shell\AutoRun\command - H:\autorun6e.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d0d9981d-c1cf-11dc-9764-001b24a47bc1}]
\shell\AutoRun\command - EXPLORER.EXE
\shell\explore\Command - EXPLORER.EXE
\shell\open\Command - EXPLORER.EXE
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 22:32:21
Windows 6.0.6000 NTFS
掃描隱藏的程序...
掃描隱藏的進程...
掃描隱藏的檔案...
掃描完成
隱藏檔案?: 0
************************************************** ************************
.
完成時間?: 2008-02-18 22:33:13
ComboFix-quarantined-files.txt 2008-02-18 22:33:10
ComboFix2.txt 2008-02-17 11:25:45
ComboFix3.txt 2008-02-08 16:43:22
.
2008-02-17 23:54:39 --- E O F ---
  #16  
Old 02-19-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Trojan and spyware (i guess)
Ok.Can you re-run the instructions in post #11 please as those files have not been removed.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #17  
Old 02-20-2008
Bronze Member
My PC
 
Join Date: Feb 2008
Location: UK
Posts: 12
PC Experience: Some Experience
simonlaihk - See this Members User comments on their Profile page
Default Re: Trojan and spyware (i guess)
I cannot proceed combofix to delete those files and then the computer will restart itself.
  #18  
Old 02-20-2008
Bronze Member
My PC
 
Join Date: Feb 2008
Location: UK
Posts: 12
PC Experience: Some Experience
simonlaihk - See this Members User comments on their Profile page
Default Re: Trojan and spyware (i guess)
by the way, The AVG can shows that "ntoskrnl.exe has changed" I dont know what is that suppose to mean
  #19  
Old 02-20-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Trojan and spyware (i guess)
Will you just run Combofix and post a new log please.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #20  
Old 02-23-2008
Bronze Member
My PC
 
Join Date: Feb 2008
Location: UK
Posts: 12
PC Experience: Some Experience
simonlaihk - See this Members User comments on their Profile page
Default Re: Trojan and spyware (i guess)
ComboFix 08-02-17.2 - Si Lai 2008-02-23 18:40:20.5 - NTFSx86
執行位置?: C:\Users\Si Lai\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((( 2008-01-23 - 2008-02-23 之間建立的檔案 )))))))))))))))))))))))))))))))))
.
2008-02-20 23:24 . 2008-02-20 23:24 <DIR> d-------- C:\Program Files\DVD Region+CSS Free
2008-02-18 14:09 . 2008-02-18 14:09 231,103,480 --a------ C:\Windows\MEMORY.DMP
2008-02-17 21:15 . 2008-02-17 21:15 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-17 21:15 . 2008-02-17 21:15 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-17 17:17 . 2008-02-17 17:17 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-17 11:22 . 2008-02-17 11:22 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-17 11:22 . 2008-02-17 11:22 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-17 11:22 . 2008-02-17 11:22 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-17 11:22 . 2008-02-17 11:22 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-17 11:22 . 2008-02-17 11:22 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-17 11:22 . 2008-02-17 11:22 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-17 11:22 . 2008-02-17 11:22 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-17 11:21 . 2008-02-17 11:21 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-17 11:21 . 2008-02-17 11:21 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-17 11:21 . 2008-02-17 11:21 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-17 11:21 . 2008-02-17 11:21 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-17 11:21 . 2008-02-17 11:21 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-17 11:20 . 2008-02-17 11:20 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 11:20 . 2008-02-17 11:20 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-17 11:09 . 2008-02-17 11:09 268 --ah----- C:\sqmdata07.sqm
2008-02-17 11:09 . 2008-02-17 11:09 244 --ah----- C:\sqmnoopt07.sqm
2008-02-12 22:15 . 2008-02-12 22:15 268 --ah----- C:\sqmdata06.sqm
2008-02-12 22:15 . 2008-02-12 22:15 244 --ah----- C:\sqmnoopt06.sqm
2008-02-12 18:10 . 2008-02-12 18:10 268 --ah----- C:\sqmdata05.sqm
2008-02-12 18:10 . 2008-02-12 18:10 244 --ah----- C:\sqmnoopt05.sqm
2008-02-10 11:58 . 2008-02-10 11:58 268 --ah----- C:\sqmdata04.sqm
2008-02-10 11:58 . 2008-02-10 11:58 244 --ah----- C:\sqmnoopt04.sqm
2008-02-09 14:00 . 2008-02-09 14:00 268 --ah----- C:\sqmdata03.sqm
2008-02-09 14:00 . 2008-02-09 14:00 244 --ah----- C:\sqmnoopt03.sqm
2008-02-09 09:20 . 2008-02-09 09:20 268 --ah----- C:\sqmdata02.sqm
2008-02-09 09:20 . 2008-02-09 09:20 244 --ah----- C:\sqmnoopt02.sqm
2008-02-08 21:23 . 2008-02-08 21:23 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\Apple Computer
2008-02-08 21:23 . 2008-02-08 21:23 <DIR> d-------- C:\Program Files\iTunes
2008-02-08 21:23 . 2008-02-08 21:23 <DIR> d-------- C:\Program Files\iPod
2008-02-08 21:23 . 2008-02-08 21:23 54,156 --ah----- C:\Windows\QTFont.qfn
2008-02-08 21:23 . 2008-02-08 21:23 1,409 --a------ C:\Windows\QTFont.for
2008-02-08 21:10 . 2008-02-08 21:23 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-02-08 21:10 . 2008-02-08 21:23 <DIR> d-------- C:\ProgramData\Apple Computer
2008-02-08 21:10 . 2008-02-08 21:11 <DIR> d-------- C:\Program Files\QuickTime
2008-02-08 21:10 . 2008-02-08 21:10 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-08 21:09 . 2008-02-08 21:09 <DIR> d-------- C:\Users\All Users\Apple
2008-02-08 21:09 . 2008-02-08 21:09 <DIR> d-------- C:\ProgramData\Apple
2008-02-08 21:09 . 2008-02-08 21:09 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-08 15:25 . 2008-02-08 16:18 <DIR> d-------- C:\SDFix
2008-02-06 18:28 . 2008-02-06 18:28 <DIR> d-------- C:\Program Files\CCleaner
2008-02-05 17:10 . 2008-02-05 17:10 <DIR> d-------- C:\Users\Si Lai\Music
2008-02-01 16:00 . 2008-02-01 16:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 15:37 . 2008-02-01 15:37 <DIR> d-------- C:\VundoFix Backups
2008-02-01 15:32 . 2008-02-01 15:35 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-01 15:32 . 2008-02-01 15:35 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-01 15:32 . 2008-02-01 15:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-30 23:52 . 2008-01-30 23:52 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-01-30 23:52 . 2008-01-30 23:52 <DIR> d-------- C:\ProgramData\FLEXnet
2008-01-30 12:56 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-01-30 12:56 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-01-30 12:56 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-01-30 12:56 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-30 12:55 . 2008-01-30 12:55 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\PC Tools
2008-01-30 12:55 . 2008-02-06 18:16 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-30 12:36 . 2008-01-30 12:36 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\PCToolsFirewallPlus
2008-01-30 12:33 . 2008-02-23 18:41 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-30 12:33 . 2008-02-23 18:41 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-30 12:31 . 2008-02-06 19:12 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-01-30 12:31 . 2008-01-30 12:31 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-01-30 12:31 . 2008-01-04 14:13 218,520 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-01-30 12:31 . 2008-01-04 14:13 125,848 --a------ C:\Windows\System32\drivers\pctfw.sys
2008-01-30 12:31 . 2008-01-04 14:13 40,856 --a------ C:\Windows\System32\drivers\pctmp.sys
2008-01-30 12:31 . 2008-01-04 14:13 18,328 --a------ C:\Windows\System32\drivers\pctssipc.sys
2008-01-27 22:12 . 2008-02-23 18:35 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\AVG7
2008-01-27 22:08 . 2008-01-27 22:08 <DIR> d-------- C:\Users\All Users\Grisoft
2008-01-27 22:08 . 2008-01-27 22:14 <DIR> d-------- C:\Users\All Users\avg7
2008-01-27 22:08 . 2008-01-27 22:08 <DIR> d-------- C:\ProgramData\Grisoft
2008-01-27 22:08 . 2008-01-27 22:14 <DIR> d-------- C:\ProgramData\avg7
2008-01-27 22:08 . 2008-01-27 22:08 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-01-27 18:53 . 2008-01-30 22:32 <DIR> d-------- C:\Users\Si Lai\AppData\Roaming\Free Download Manager
2008-01-27 18:53 . 2008-01-27 18:53 <DIR> d-------- C:\Program Files\Free Download Manager
2008-01-26 14:20 . 2008-02-20 23:26 67 --a------ C:\Windows\DVDRegionFree.INI
.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 18:35 49,416 ----a-w C:\Users\Si Lai\AppData\Roaming\nvModes.dat
2008-02-17 11:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-17 11:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 11:20 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 11:20 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 11:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 11:16 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 11:16 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 11:16 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 11:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-08 21:22 --------- d-----w C:\Program Files\Bonjour
2008-01-28 18:34 --------- d-----w C:\Program Files\7-Zip
2008-01-26 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 02:39 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-01-10 05:01 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 20:10 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 20:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 20:10 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 20:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 18:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-06 14:40 --------- d-----w C:\ProgramData\Lavasoft
2008-01-06 14:40 --------- d-----w C:\Program Files\Lavasoft
2008-01-06 14:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 06:08 --------- d-----w C:\ProgramData\Age of Empires 3
2008-01-06 05:35 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-01-06 04:42 --------- d-----w C:\Program Files\Microsoft Games
2008-01-03 04:39 --------- d-----w C:\Users\Si Lai\AppData\Roaming\Ahead
2008-01-03 03:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-03 02:37 --------- d-----w C:\ProgramData\CyberLink
2008-01-03 02:36 --------- d-----w C:\Users\Si Lai\AppData\Roaming\CyberLink
2008-01-03 02:21 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-02 14:43 --------- d-----w C:\Program Files\Equis
2008-01-02 14:43 --------- d-----w C:\Program Files\Common Files\Equis
2008-01-02 07:17 --------- d-----w C:\Program Files\Real
2008-01-02 07:17 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-02 07:17 --------- d-----w C:\Program Files\Common Files\Real
2008-01-01 12:06 --------- d-----w C:\Program Files\Trojan-PSW_Win32_Delf_sl_Remover
2007-12-30 12:33 --------- d-----w C:\Users\Si Lai\AppData\Roaming\Lingoes
2007-12-29 14:04 --------- d-----w C:\Program Files\Lingoes
2007-12-29 13:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-29 13:33 --------- d-----w C:\Users\Si Lai\AppData\Roaming\AdobeUM
2007-12-29 08:39 --------- d-----w C:\Users\Si Lai\AppData\Roaming\Media Player Classic
2007-12-29 08:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-29 08:35 --------- d-----w C:\Program Files\BulletProofSoft.com
2007-12-29 08:24 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-29 08:11 36,864 ----a-w C:\Windows\System32\QCKEY32.DLL
2007-12-29 07:57 4,994,717 ----a-w C:\Windows\System32\q9data.bin
2007-12-29 07:52 --------- d-----w C:\Program Files\RISEDICT
2007-12-29 07:51 --------- d-----w C:\Program Files\CHDICT
2007-12-29 07:49 65,536 ----a-w C:\Windows\System32\qcSkinMakerDll.dll
2007-12-29 07:49 57,396 ----a-w C:\Windows\System32\Q9xpb5u.EXE
2007-12-29 07:49 47,252 ----a-w C:\Windows\System32\Qcbeigbk.bin
2007-12-29 07:49 4,236,288 ----a-w C:\Windows\System32\q9xpb5.exe
2007-12-29 07:49 35,328 ----a-w C:\Windows\System32\qseteudc.exe
2007-12-29 07:49 29,514 ----a-w C:\Windows\System32\QCBEIB5.BIN
2007-12-29 07:49 103,840 ----a-w C:\Windows\System32\q9wave16.exe
2007-12-29 07:49 --------- d-----w C:\Program Files\Q9XPB5
2007-12-29 07:48 90,162 ----a-w C:\Windows\System32\doime.exe
2007-12-29 07:48 65,536 ----a-w C:\Windows\System32\SkinMakerDll.dll
2007-12-29 07:48 29,516 ----a-w C:\Windows\System32\q9b5gb.bin
2007-12-29 07:48 26,112 ----a-w C:\Windows\System32\QTRAYIME.EXE
2007-12-29 03:40 --------- d-----w C:\Users\Si Lai\AppData\Roaming\ArcSoft
2007-12-29 03:03 --------- d-----w C:\Program Files\BitComet
2007-12-28 15:32 --------- d-----w C:\Program Files\Windows Defender
2007-12-28 15:32 --------- d-----w C:\Program Files\Windows Calendar
2007-12-28 15:14 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 15:13 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-12-28 15:13 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-12-28 15:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-28 15:12 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-28 15:12 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-28 15:11 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-28 15:11 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-12-28 15:11 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-28 15:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-28 15:11 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-28 15:11 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-28 15:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-28 15:11 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-12-28 15:11 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-28 15:11 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-28 15:11 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-12-28 14:44 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 14:34 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-28 14:32 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2007-12-28 14:32 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-28 14:31 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-28 14:31 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-28 14:30 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-28 14:30 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-28 14:30 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-28 14:30 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-28 14:30 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-28 14:30 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-28 14:30 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-28 14:30 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-28 14:30 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-28 14:29 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-12-28 14:26 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-28 14:26 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))) )))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 20:10 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 03:35 5724184]
"Lingoes"="C:\Program Files\Lingoes\Translator2\Lingoes.exe" [2007-12-06 20:57 1933312]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-03 02:28 4608]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-28 15:13 1006264]
"Unattend0000000001{C1C65770-BE5F-4D51-8681-EF44DA75AE36}"="wscript.exe" [2006-11-02 09:46 135168 C:\Windows\System32\wscript.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-28 11:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-28 11:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-04-28 11:05 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-04 08:56 4452352 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 08:49 861744]
"Q-HotkeyMgr"="C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe" [2007-03-30 02:26 237673]
"QShot"="C:\Program Files\BenQ\QShot\QShot.exe" [2007-04-13 02:14 421888]
"BenQSurround"="C:\Program Files\BenQ\BenQ Surround\BenQSurround.exe" [2007-04-20 03:33 1187840]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 07:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 14:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 07:40 155648]
"Q-MediaBar"="C:\Program Files\BenQ\Q-MediaBar\QBar.exe" [2007-01-26 00:49 159744]
"Unattend0000000001{DD273B8B-BEE0-4F62-83E5-9E21F47874A1}"="wscript.exe" [2006-11-02 09:46 135168 C:\Windows\System32\wscript.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 23:00 33648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-02 07:17 185896]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-27 22:08 579072]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-12-31 09:16 2594712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-27 22:08 219136]
C:\Users\Si Lai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
九方快速啟動.lnk - C:\Windows\System32\QTRAYIME.EXE [2007-12-29 07:48:58 26112]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 15:18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-27 22:08 9216 C:\Windows\System32\avgwlntf.dll
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.s ys [2008-01-04 14:13]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\Windows\system32\drivers\pctmp.sys [2008-01-04 14:13]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\Windows\system32\drivers\pctssipc.sys [2008-01-04 14:13]
R2 QBIOSIO;QBIOSIo.dll;C:\Windows\system32\QBIOSIo.dl l [2007-01-19 16:02]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 ARCSOFTVIRTUALCAPTURE;ArcSoft Magic-i Driver;C:\Windows\system32\DRIVERS\ArcSoftVirtualC apture.sys [2006-11-24 09:53]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-01-23 08:25]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-07 10:35]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-13 02:12]
S3 btwaudio;藍芽音效裝置;C:\Windows\system32\drivers\btwaud io.sys [2006-11-20 05:59]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-20 05:59]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwr chid.sys [2006-11-20 05:59]
S3 QBIOSIO.dll;QBIOSIO.dll;C:\Windows\system32\QBIOSI O.dll [2007-01-19 16:02]
S3 QBIOSIOdetect.dll;QBIOSIOdetect.dll;C:\DRV\BT\BTCh k\QBIOSIOdetect.dll [2007-01-22 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c14dc390-b530-11dc-97e4-001b24a47bc1}]
\shell\AutoRun\command - H:\autorun6e.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d0d9981d-c1cf-11dc-9764-001b24a47bc1}]
\shell\AutoRun\command - EXPLORER.EXE
\shell\explore\Command - EXPLORER.EXE
\shell\open\Command - EXPLORER.EXE
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 18:42:40
Windows 6.0.6000 NTFS
掃描隱藏的程序...
掃描隱藏的進程...
掃描隱藏的檔案...
掃描完成
隱藏檔案?: 0
************************************************** ************************
.
完成時間?: 2008-02-23 18:43:33
ComboFix-quarantined-files.txt 2008-02-23 18:43:30
ComboFix2.txt 2008-02-18 22:33:13
ComboFix3.txt 2008-02-17 11:25:45
ComboFix4.txt 2008-02-08 16:43:22
.
2008-02-20 12:44:00 --- E O F ---
  #21  
Old 02-23-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Trojan and spyware (i guess)
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Killall::

File::
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 3 of 3 < 1 2 3

Bookmarks