我都有咁ge情況

ComboFix 09-02-24.02 - Administrator 2009-02-10 12:13:22.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.950.1.1028.18.479.239 [GMT 8:00]
執行位置: c:\documents and settings\Administrator\桌面\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\setup.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\spoclsv.exe
c:\windows\system32\svch0st.exe

.
(((((((((((((((((((((((((((((((((((((((   驅動/服務   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53


(((((((((((((((((((((((((  2009-01-24 至 2009-02-24 的新的檔案  )))))))))))))))))))))))))))))))
.

2009-02-10 11:12 . 2009-02-10 11:12        <DIR>        d--------        c:\documents and settings\Administrator\Application Data\SecondLife
2009-02-10 11:10 . 2009-02-10 11:12        <DIR>        d--------        c:\program files\SecondLife
2009-01-31 02:36 . 2009-01-31 02:36        <DIR>        d--------        c:\program files\Common Files\Thunder Network
2009-01-31 02:36 . 2009-01-31 02:36        <DIR>        d--------        c:\documents and settings\All Users\Application Data\vucache
2009-01-31 02:36 . 2009-01-31 02:36        <DIR>        d--hs----        c:\documents and settings\All Users\Application Data\thunder_vod_cache
2009-01-31 02:36 . 2009-01-31 02:36        <DIR>        d--------        c:\documents and settings\All Users\Application Data\Thunder Network
2009-01-31 02:36 . 2009-01-31 03:28        1,623        --a------        c:\windows\system32\cid_store.dat
2009-01-31 02:36 . 2009-01-31 02:36        20        --a------        c:\windows\system32\pub_store.dat
2009-01-31 02:35 . 2009-01-31 02:37        <DIR>        d--------        c:\program files\Thunder Network

.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 03:32        142,464        ----a-w        c:\windows\system32\drivers\aec.sys
2009-02-10 03:32        142,464        ----a-w        c:\windows\system32\dllcache\aec.sys
2009-02-09 15:26        ---------        d-----w        c:\program files\Foxy
2009-01-30 20:18        ---------        d-----w        c:\program files\OpenOffice.org 2.4
2009-01-30 20:16        ---------        d-----w        c:\documents and settings\Administrator\Application Data\OpenOffice.org2
2009-01-20 21:24        ---------        d--h--w        c:\program files\InstallShield Installation Information
2009-01-02 08:37        2,560        ----a-w        c:\windows\_MSRSTRT.EXE
2009-01-02 08:36        ---------        d-----w        c:\program files\CursorXP
.

------- Sigcheck -------

2006-04-20 19:51  359808  b4e29943b4b04bd5e7381546848e6669        c:\windows\system32\dllcache\tcpip.sys
2006-04-20 19:51  359808  b4e29943b4b04bd5e7381546848e6669        c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"x3"="c:\windows\system32\shellext\svchost.exe" [2008-12-10 650441]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Foxy\\Foxy.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10696:TCP"= 10696:TCP:BitCometLite 10696 TCP
"10696:UDP"= 10696:UDP:BitCometLite 10696 UDP
"3073:TCP"= 3073:TCP:Foxy (192.168.1.100:3073) 3073 TCP
"3073:UDP"= 3073:UDP:Foxy (192.168.1.100:3073) 3073 UDP

R?2 jjyvhe;jjyvhe;c:\windows\system32\svchost.exe -kjjyvhe --> c:\windows\system32\svchost.exe -kjjyvhe [?]
R0 ahci8086;ahci8086;c:\windows\system32\drivers\ahci8086.sys [2006-10-28 119808]
R0 CSB6IDE;CSB6IDE;c:\windows\system32\drivers\csb6ide.sys [2006-10-28 2802]
S0 ARCSAS;ARCSAS;c:\windows\system32\DRIVERS\arcsas.sys --> c:\windows\system32\DRIVERS\arcsas.sys [?]
S0 QL2300;QL2300;c:\windows\system32\drivers\ql2300.sys [2006-10-28 167424]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\Nostale\GameGuard\dump_wmimmc.sys --> c:\windows\Nostale\GameGuard\dump_wmimmc.sys [?]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w550obex.sys --> c:\windows\system32\DRIVERS\w550obex.sys [?]

.