Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TrojanDownloader.xs got me


  • Please log in to reply

#1
birdy

birdy

    New Member

  • Member
  • Pip
  • 2 posts
Dear Helper:
It seems that I have been got by TrojanDownloader.xs :) . I have used combofix to get some log.
It would be appreciate for help me to solvethis issue. :)


ComboFix 08-03-23.2 - birdyy 2008-03-25 1:42:32.1 - NTFSx86
執行位置?: C:\HJT\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat
-- Other TimeOuts --
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
C:\WINDOWS\system32\conime.exe
CF30730.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF30730.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

C:\WINDOWS\system32\conime.exe
CF30730.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF30730.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url
C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url
C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\birdyy\Favorites\Error Cleaner.url
C:\Documents and Settings\birdyy\Favorites\Privacy Protector.url
C:\Documents and Settings\birdyy\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\birdyy\桌面\Error Cleaner.url
C:\Documents and Settings\birdyy\桌面\Privacy Protector.url
C:\Documents and Settings\birdyy\桌面\Spyware&Malware Protection.url
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx

.
(((((((((((((((((((((((((((( 2008-02-24 - 2008-03-24 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-03-25 01:33 . 2008-03-25 01:38 <DIR> d-------- C:\HJT
2008-03-25 00:46 . 2008-03-25 00:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-25 00:46 . 2008-03-25 00:46 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-25 00:46 . 2008-03-25 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-24 19:46 . 2008-03-24 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-03-24 19:38 . 2008-03-24 19:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IDMComp
2008-03-24 19:14 . 2008-03-24 19:14 <DIR> d--h----- C:\Documents and Settings\Administrator\WLANProfiles
2008-03-24 16:53 . 2008-03-24 16:53 <DIR> d-------- C:\Documents and Settings\birdyy\Application Data\Grisoft
2008-03-24 16:53 . 2008-03-24 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 16:07 . 2008-03-24 16:07 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-24 15:26 . 2008-03-24 15:26 <DIR> d-------- C:\Program Files\Inet Delivery
2008-03-24 15:26 . 2008-03-24 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zgjgjwxu
2008-03-24 15:25 . 2008-03-24 13:22 221,184 --a------ C:\WINDOWS\vbgtorfd.dll
2008-03-24 15:25 . 2008-03-24 13:22 212,992 --a------ C:\WINDOWS\kdftlboewkf.dll
2008-03-24 15:25 . 2008-03-24 13:22 81,920 --a------ C:\WINDOWS\norlatmx.exe
2008-03-20 13:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-20 13:34 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-20 13:34 . 2007-07-30 19:18 25,976 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-20 01:17 . 2008-03-20 15:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-20 01:16 . 2008-03-20 15:26 <DIR> d-------- C:\Program Files\Windows Live
2008-03-20 01:15 . 2008-03-20 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-19 17:09 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-03-19 17:09 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\dllcache\bthpan.sys
2008-03-19 17:09 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-03-19 17:09 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-03-19 17:09 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2008-03-19 17:09 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\dllcache\bthenum.sys
2008-03-19 17:08 . 2004-08-04 00:37 271,744 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-03-19 17:08 . 2004-08-04 00:37 271,744 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-19 17:08 . 2004-08-04 00:48 110,592 --a------ C:\WINDOWS\system32\dllcache\bthprops.cpl
2008-03-19 17:08 . 2004-08-04 00:48 110,592 --a------ C:\WINDOWS\system32\bthprops.cpl
2008-03-19 17:08 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-03-19 17:08 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\dllcache\bthusb.sys
2008-03-19 17:08 . 2008-03-24 22:47 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-03-19 16:51 . 2008-03-19 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-03-19 16:39 . 2008-03-19 16:39 <DIR> d-------- C:\Program Files\IVT Corporation
2008-03-19 16:08 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-03-19 16:03 . 2008-03-19 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-19 16:02 . 2008-03-19 16:02 <DIR> d-------- C:\Program Files\DIFX
2008-03-19 16:00 . 2008-03-19 16:00 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-03-19 15:58 . 2008-03-19 16:33 <DIR> d-------- C:\Documents and Settings\birdyy\Application Data\PC Suite
2008-03-19 15:57 . 2008-03-19 15:58 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-03-19 14:05 . 2008-03-19 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-03-19 14:04 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-03-19 13:50 . 2008-03-19 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-03-14 16:52 . 2008-03-17 13:14 <DIR> d-------- C:\Program Files\cFosSpeed
2008-03-10 19:41 . 2008-03-10 19:41 <DIR> d-------- C:\etc
2008-03-06 16:13 . 2008-03-06 16:13 <DIR> d-------- C:\Program Files\ElcomSoft
2008-03-06 16:13 . 2008-03-06 16:22 1,104 --a------ C:\WINDOWS\APDFPRP.INI
2008-03-06 15:53 . 2008-03-06 16:12 473 --a------ C:\WINDOWS\crackpdf.INI
2008-03-06 15:52 . 2008-03-06 15:55 <DIR> d-------- C:\Program Files\PDF Password Cracker v3.0
2008-03-06 15:35 . 2008-03-06 15:35 63 --a------ C:\pdfinfo.ini
2008-03-06 15:32 . 2008-03-06 15:32 1,024 --a------ C:\WINDOWS\system32\pwdremover.dat
2008-03-06 15:32 . 2008-03-06 15:32 36 --a------ C:\WINDOWS\verypdf.ini
2008-03-06 15:30 . 2008-03-25 01:30 <DIR> d-------- C:\Downloads
2008-03-06 12:16 . 2008-03-06 15:35 83 --a------ C:\WINDOWS\winDecrypt.INI
2008-02-29 16:50 . 2008-03-24 21:44 256 ---h----- C:\WINDOWS\uedit32v11.cfg
2008-02-29 16:15 . 2008-02-29 16:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-29 15:39 . 2008-02-29 15:39 <DIR> d-------- C:\Program Files\ToniArts
2008-02-29 15:03 . 2008-02-29 16:18 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2008-02-29 15:00 . 2008-03-24 19:38 <DIR> d--h----- C:\WINDOWS\autorec
2008-02-29 15:00 . 2008-02-29 16:18 <DIR> d-------- C:\Documents and Settings\birdyy\Application Data\IDMComp
2008-02-29 15:00 . 2008-02-29 15:00 23,097 --a------ C:\WINDOWS\uedit32.mnu
2008-02-29 15:00 . 2008-02-29 15:00 23,097 --a------ C:\WINDOWS\Advanced.mfg
2008-02-29 15:00 . 2008-02-29 15:00 7,001 --a------ C:\WINDOWS\uedit32.pmu
2008-02-29 15:00 . 2008-02-29 15:00 7,001 --a------ C:\WINDOWS\Advanced.pfg
2008-02-29 15:00 . 2008-02-29 15:00 6,934 --a------ C:\WINDOWS\Basic.pfg
2008-02-29 15:00 . 2008-02-29 15:00 4,811 --a------ C:\WINDOWS\Basic.mfg
2008-02-29 15:00 . 2008-02-29 15:00 1,595 --a------ C:\WINDOWS\uedit32.tbr
2008-02-29 15:00 . 2008-02-29 15:00 1,595 --a------ C:\WINDOWS\Advanced.tfg
2008-02-29 15:00 . 2008-02-29 15:00 695 --a------ C:\WINDOWS\Basic.tfg

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 17:49 --------- d-----w C:\Program Files\FlashGet
2008-03-24 17:03 --------- d-----w C:\Documents and Settings\birdyy\Application Data\Skype
2008-03-19 08:04 --------- d-----w C:\Documents and Settings\birdyy\Application Data\Nokia
2008-03-19 08:00 --------- d-----w C:\Program Files\Nokia
2008-03-19 08:00 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-19 07:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 12:42 --------- d-----w C:\Program Files\eMule
2008-03-06 03:22 --------- d-----w C:\Documents and Settings\birdyy\Application Data\AdobeUM
2008-02-29 07:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-20 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-12 01:50 --------- d-----w C:\Program Files\Eset
2008-01-30 07:22 --------- d-----w C:\Program Files\TTERMPRO
.

(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD13890-4053-435A-9ABF-432925B093D3}]
2008-03-24 13:22 212992 --a------ C:\WINDOWS\kdftlboewkf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"VoipStunt"="C:\program files\voipstunt.com\voipstunt\voipstunt.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:37 25356328]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-31 10:50 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:01 1280808]
"aeezntvn"="C:\WINDOWS\system32\zubsvopa.exe" [2008-03-24 15:26 114688]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00 455168]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-04-28 02:55 69632]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 09:08 143360]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10 339968]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-19 21:21 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-19 21:21 688218]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-05-09 14:36 356352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-03-28 14:49 36972]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SNPHV71"="C:\WINDOWS\vsnphv71.exe" [ ]
"PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 16:33 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-13 13:57 949376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:48 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-03-01 11:48:54 653312]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-03-28 14:48:43 114688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 16:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"8ECFG21K00"= C:\Documents and Settings\All Users\Application Data\zgjgjwxu\psterqxs.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vbgtorfd"= {85DE80F2-EA77-4AAA-83EA-E07BA73DA6CC} - C:\WINDOWS\vbgtorfd.dll [2008-03-24 13:22 221184]
"dwnrpofk"= {25035B9D-5545-45EF-A0E7-19D5AA2A069D} - C:\WINDOWS\dwnrpofk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2005-06-19 13:01 24669 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2004-03-03 16:48 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\Microsoft Shared\\Windows CE Tools\\Platman\\bin\\cemgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\SharpReader\\SharpReader.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows CE Platform Builder\\5.00\\CORECON\\BIN\\cesvchost.exe"=
"C:\\Program Files\\Windows CE Platform Builder\\5.00\\CEPB\\wcetk\\cetest.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SERVICE.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SCC.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_DIAGNOSTICS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-03-31 04:45]
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2005-06-19 13:01]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2003-07-29 10:00]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2005-06-19 13:00]
R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2004-05-17 18:15]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2005-06-19 13:00]
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2004-04-28 02:55]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2005-06-19 13:00]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service;C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2007-10-25 11:57]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usbxp.sys [2004-04-30 14:35]
S3 MC6750L;MC6750L Driver;C:\WINDOWS\system32\DRIVERS\mc6750l.sys [2001-06-19 17:26]
S3 MC6750M;MC6750M Driver;C:\WINDOWS\system32\DRIVERS\mc6750m.sys [2001-06-27 14:17]
S3 MC6750U;MC6750U Driver;C:\WINDOWS\system32\DRIVERS\mc6750u.sys [2000-12-27 19:00]
S3 MIUSB2;Micron Imaging USB2 Driver (miusb2.sys);C:\WINDOWS\system32\Drivers\miusb2.sys [2005-06-30 09:22]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;C:\WINDOWS\system32\Drivers\SECBULK.sys [2002-04-02 01:23]
S3 WLAN;IEEE 802.11b WLAN network adaptor Driver;C:\WINDOWS\system32\DRIVERS\WLANNDS.sys [2003-06-26 11:19]
S3 xds560;Texas Instruments XDS560 Device Driver;C:\WINDOWS\system32\DRIVERS\xds560.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9526e76b-6aee-11db-8e90-545543445203}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 01:50:20
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
完成時間?: 2008-03-25 1:54:17
ComboFix-quarantined-files.txt 2008-03-24 17:54:08
.
2008-03-12 08:03:02 --- E O F ---
  • 0

Advertisements


#2
birdy

birdy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
never mind!
I have remove this virus with the help of combofix and spy catcher.
thinks! :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP