ComboFix 09-01-01.02 - Computer 2009-01-02 20:10:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1014.581 [GMT -8:00]
执行位置: c:\documents and settings\Computer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Computer\Desktop\CFScript.txt
* 成功创造新还原点
* Resident AV is active
FILE ::
c:\documents and settings\Computer\delself.bat
c:\windows\system32\khfEUnKd.dll
c:\windows\system32\miilsiys.ini
c:\windows\system32\ytsbmgkn.ini
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9\FLFBootStrap.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus\FLFBootStrap.mtx
c:\documents and settings\Computer\Application Data\Twain
c:\documents and settings\Computer\delself.bat
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\program files\Webtools
c:\program files\Webtools\webtools.dll
C:\test.txt
c:\windows\system32\khfEUnKd.dll
c:\windows\system32\miilsiys.ini
c:\windows\system32\ytsbmgkn.ini
.
((((((((((((((((((((((((( 2008-12-03 至 2009-01-03 的新的档案 )))))))))))))))))))))))))))))))
.
2009-01-01 16:39 . 2009-01-01 16:39 1,307,356 --ahs---- c:\windows\system32\kvjbitvw.ini
2009-01-01 16:12 . 2009-01-01 16:13
d-------- C:\rsit
2008-12-31 10:18 . 2008-12-31 10:18 d-------- c:\documents and settings\Computer\Application Data\AOL
2008-12-31 10:17 . 2008-12-31 10:17 d-------- c:\program files\Common Files\Nullsoft
2008-12-31 10:17 . 2008-12-31 10:17 d-------- c:\documents and settings\Computer\Application Data\You've Got Pictures Screensaver
2008-12-31 10:17 . 2005-07-12 01:17 173,184 --a------ c:\windows\system32\ygpss.scr
2008-12-31 10:16 . 2000-05-22 00:00 115,920 --a------ c:\windows\system32\MSInet.ocx
2008-12-31 10:16 . 2001-11-21 10:15 102,400 --a------ c:\windows\system32\SimpleRegistry.dll
2008-12-31 10:16 . 1999-04-17 02:06 10,752 --a------ c:\windows\system32\aamd532.dll
2008-12-31 10:15 . 2008-12-31 10:15 d-------- c:\program files\Common Files\AolCoach
2008-12-31 10:15 . 2003-01-10 12:13 33,588 -ra------ c:\windows\system32\drivers\wanatw4.sys
2008-12-31 10:14 . 2008-12-31 10:17 d-------- c:\program files\Common Files\aolshare
2008-12-31 10:14 . 2009-01-01 22:45 d-------- c:\program files\America Online 9.0
2008-12-31 10:13 . 2008-12-31 10:13 335 --a------ c:\windows\nsreg.dat
2008-12-28 22:28 . 2008-12-29 23:29 200 --a------ c:\windows\cdplayer.ini
2008-12-26 23:47 . 2008-12-26 23:47 d-------- c:\program files\Midway Home Entertainment
2008-12-24 17:15 . 2008-12-25 15:20 d-------- c:\documents and settings\Computer\Application Data\dvdcss
2008-12-20 18:09 . 2008-12-20 18:09 d-------- c:\program files\LittleFighter2
2008-12-17 16:51 . 2008-12-17 16:51 d-------- c:\program files\Hamachi
2008-12-16 20:04 . 2009-01-02 20:18 d-------- c:\documents and settings\Computer\Application Data\Hamachi
2008-12-16 20:04 . 2008-12-17 16:51 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-12-06 13:48 . 2008-12-06 13:48 d-------- c:\program files\Transparent
2008-12-06 13:48 . 2008-12-06 13:52 d-------- c:\documents and settings\All Users\Application Data\Transparent
2008-12-04 17:35 . 2008-12-04 17:38 d-------- c:\program files\ManicTime
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 18:18 --------- d-----w c:\program files\Common Files\AOL
2008-12-31 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-27 07:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 06:18 --------- d-----w c:\program files\Trillian
2008-12-25 23:49 --------- d-----w c:\documents and settings\Computer\Application Data\mjusbsp
2008-12-25 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation
2008-12-04 00:01 --------- d-----w c:\program files\MSECache
2008-11-26 22:05 --------- d--h--w c:\documents and settings\Computer\Application Data\ijjigame
2008-11-23 05:56 --------- d-----w c:\program files\Java
2008-11-09 03:15 --------- d-----w c:\program files\EA Sports
2008-10-05 22:23 402 ----a-w c:\documents and settings\Computer\Application Data\wklnhst.dat
2008-07-18 14:41 229,376 ----a-w c:\documents and settings\Computer\cwshredder.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-01_18.14.43.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-03 04:15:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_498.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 517632]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-03-20 679936]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [BU]
"IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [BU]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [BU]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [BU]
"HostManager"="c:\program files\Common Files\AOL\1215549714\ee\AOLSoftware.exe" [BU]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
c:\documents and settings\Computer\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-17 625952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-07-08 1310720]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-07-08 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 13:51 73728 c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Java\\jre1.5.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Computer\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Midway Home Entertainment\\Rise and Fall\\RiseAndFall.exe"=
"c:\\Documents and Settings\\Computer\\Desktop\\yuk\\Empire Earth.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1230747293\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-18 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-19 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-19 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-18 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-18 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-18 76040]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R2 WUSB300NSvc;WUSB300NSvc;"c:\program files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe" [2008-07-08 53307]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-07-24 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-07-24 226304]
S2 OpenCASE Media Agent;OpenCASE Media Agent;"c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe" [2008-01-16 814728]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2006-07-24 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2006-07-24 7520]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []
.
‘计划任务’ 文件夹 里的内容
2009-01-03 c:\windows\Tasks\dxcqwped.job
- c:\windows\system32\rundll32.exe [2006-03-15 04:00]
2009-01-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2008-09-29 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-08-20 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
FF - ProfilePath - c:\documents and settings\Computer\Application Data\Mozilla\Firefox\Profiles\dmdupivv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 20:16:57
Windows 5.1.2600 Service Pack 2 NTFS
扫描被隐藏的进程。。。 ...
扫描被隐藏的启动组。。。
扫描被隐藏的文件。。。
扫描完成
被隐藏的档案: 0
**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------
- - - - - - - > 'winlogon.exe'(1116)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
完成时间: 2009-01-02 20:22:36 - 电脑已重新启动
ComboFix-quarantined-files.txt 2009-01-03 04:22:30
ComboFix2.txt 2009-01-02 02:16:29
Pre-Run: 79,576,817,664 bytes free
Post-Run: 79,558,074,368 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
304 --- E O F --- 2008-12-22 20:28:05