謝謝大大的指教!!
因為網頁又開始跑出來了~
我弟不知道又灌了什麼東西進去@@
馬上來用看看
掃了三十多分鐘後又發現不少毒@@
efix 5.3 20091126.30 - 2009-12-10 15:44:05.39 - ntfs
Microsoft Windows XP Service Pack 3 - MMX
執行位置: C:\Documents and Settings\MMX\桌面\新資料夾 (2)\EF2009112630.exe
AV: AntiVir Desktop (Avira GmbH) True - Enabled
提示:
未安裝安全性更新 KB971029
================================================================================
使用者帳戶列表:
Administrator
ASPNET
Guest
HelpAssistant
MMX -- Current
SUPPORT_388945a0
================================================================================
EF刪除的檔案列表:
c:\windows\ahnrpta.exe
================================================================================
EF刪除的驅動服務列表:
....\service\AVPsys
EF修改的登錄值列表:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"=-
================================================================================
EF刪除的檔案備份位置列表:
C:\WINDOWS\AhnRpta.exe => C:\ef_backup\backup\C\WINDOWS\AhnRpta.exe.vir
================================================================================
各磁碟根目錄含有隱藏屬性的資料夾和檔案 :
2006-08-24 00:57:20 . 2009-05-02 19:20:46 -rhs--- 223 C:\boot.ini
2006-08-24 00:56:51 . 2006-03-02 20:00:00 -rhs--- 213830 C:\bootfont.bin
2006-08-24 00:56:55 . 2006-03-02 20:00:00 -rhs--- 47564 C:\NTDETECT.COM
2006-08-24 00:56:55 . 2009-05-18 21:11:07 -rhs--- 257728 C:\ntldr
2009-07-23 09:24:54 . 2009-08-23 14:45:29 --hs--- 251904 C:\radial.cdb
2009-06-25 08:00:49 . 2009-11-25 19:32:48 --h---- <DIR> C:\Config.Msi
2009-10-30 21:46:16 . 2009-11-01 13:04:46 -rhs--- 127235 D:\clxam6r6.exe
2009-05-16 17:31:11 . 2009-05-16 17:31:11 --hs--- <DIR> D:\vod_cache_data
********** Created 2009-11 -- 2009-12 Files: **********
2009-12-10 14:59:34 . 2009-12-10 15:03:35 ------- <DIR> C:\WINDOWS\LastGood
2009-11-28 18:43:00 . 2009-11-28 18:53:22 ------- <DIR> C:\Program Files\Windows Live Safety Center
2009-11-25 19:33:00 . 2009-05-11 09:12:24 a------ 28520 C:\WINDOWS\system32\drivers\ssmdrv.sys
2009-11-25 19:33:00 . 2009-03-30 09:33:07 a------ 96104 C:\WINDOWS\system32\drivers\avipbb.sys
2009-11-25 19:33:00 . 2009-02-13 11:29:11 a------ 22360 C:\WINDOWS\system32\drivers\avgntmgr.sys
2009-11-25 19:33:00 . 2009-02-13 11:17:49 a------ 45416 C:\WINDOWS\system32\drivers\avgntdd.sys
2009-11-25 18:19:55 . 2009-11-25 19:16:38 ------- <DIR> C:\WINDOWS\system32\NtmsData
2009-11-23 20:56:08 . 2009-11-23 20:56:08 ------- <DIR> C:\新資料夾
2009-11-23 19:59:15 . 2007-03-20 16:44:06 a------ 94480 C:\WINDOWS\system32\drivers\tmcomm.sys
2009-11-23 19:36:30 . 2006-06-20 20:36:00 a------ 692224 C:\WINDOWS\system32\kixforms.dll
2009-11-22 18:00:58 . 2009-12-08 19:34:00 a------ 56816 C:\WINDOWS\system32\drivers\avgntflt.sys
2009-11-16 23:28:00 . 2009-11-16 23:28:00 ------- <DIR> C:\Documents and Settings\MMX\My Documents\CyberLink
2009-11-16 23:26:51 . 2009-11-16 23:26:52 ------- <DIR> C:\Documents and Settings\MMX\Application Data\CyberLink
2009-11-16 23:25:47 . 2009-11-16 23:25:47 ------- <DIR> C:\Documents and Settings\MMX\Application Data\Ulead Systems
2009-11-16 23:18:09 . 2009-11-16 23:20:58 ------- <DIR> C:\Program Files\CyberLink
2009-11-16 23:13:30 . 2009-11-16 23:13:30 ------- <DIR> C:\Documents and Settings\MMX\Application Data\InstallShield
2009-11-16 23:12:54 . 2008-04-01 21:40:42 a------ 209040 C:\WINDOWS\system32\IVIresizeW7.dll
2009-11-16 23:12:54 . 2008-04-01 21:40:40 a------ 196752 C:\WINDOWS\system32\IVIresizeP6.dll
2009-11-16 23:12:54 . 2008-04-01 21:40:40 a------ 192656 C:\WINDOWS\system32\IVIresizePX.dll
2009-11-16 23:12:54 . 2008-04-01 21:40:38 a------ 196752 C:\WINDOWS\system32\IVIresizeM6.dll
2009-11-16 23:12:54 . 2008-04-01 21:40:36 a------ 204944 C:\WINDOWS\system32\IVIresizeA6.dll
2009-11-16 23:12:54 . 2008-04-01 21:40:34 a------ 24720 C:\WINDOWS\system32\IVIresize.dll
2009-11-16 23:12:30 . 2009-11-16 23:12:30 ------- <DIR> C:\Program Files\Windows Media Components
2009-11-16 23:11:28 . 2009-11-16 23:12:29 ------- <DIR> C:\Program Files\Common Files\Ulead Systems
2009-11-16 23:11:27 . 2009-11-16 23:11:27 ------- <DIR> C:\Program Files\Corel
2009-11-10 06:42:44 . 2009-11-10 06:42:44 ------- <DIR> C:\Documents and Settings\MMX\My Documents\瑪奇
.
********** Modified 2009-10 -- 2009-12 files: **********
2009-12-10 14:59:34 . 2009-12-10 15:03:35 ------- <DIR> C:\WINDOWS\LastGood
2009-11-28 18:43:00 . 2009-11-28 18:53:22 ------- <DIR> C:\Program Files\Windows Live Safety Center
2009-11-25 18:19:55 . 2009-11-25 19:16:38 ------- <DIR> C:\WINDOWS\system32\NtmsData
2009-11-23 20:56:08 . 2009-11-23 20:56:08 ------- <DIR> C:\新資料夾
2009-11-22 18:00:58 . 2009-12-08 19:34:00 a------ 56816 C:\WINDOWS\system32\drivers\avgntflt.sys
2009-11-16 23:28:00 . 2009-11-16 23:28:00 ------- <DIR> C:\Documents and Settings\MMX\My Documents\CyberLink
2009-11-16 23:26:51 . 2009-11-16 23:26:52 ------- <DIR> C:\Documents and Settings\MMX\Application Data\CyberLink
2009-11-16 23:25:47 . 2009-11-16 23:25:47 ------- <DIR> C:\Documents and Settings\MMX\Application Data\Ulead Systems
2009-11-16 23:18:09 . 2009-11-16 23:20:58 ------- <DIR> C:\Program Files\CyberLink
2009-11-16 23:13:30 . 2009-11-16 23:13:30 ------- <DIR> C:\Documents and Settings\MMX\Application Data\InstallShield
2009-11-16 23:12:30 . 2009-11-16 23:12:30 ------- <DIR> C:\Program Files\Windows Media Components
2009-11-16 23:11:28 . 2009-11-16 23:12:29 ------- <DIR> C:\Program Files\Common Files\Ulead Systems
2009-11-16 23:11:27 . 2009-11-16 23:11:27 ------- <DIR> C:\Program Files\Corel
2009-11-10 06:42:44 . 2009-11-10 06:42:44 ------- <DIR> C:\Documents and Settings\MMX\My Documents\瑪奇
2009-11-07 11:06:24 . 2009-11-07 11:06:24 ------- <DIR> C:\WINDOWS\pss
2009-11-02 06:16:13 . 2009-11-08 22:32:58 ------- <DIR> C:\Documents and Settings\MMX\Application Data\HpUpdate
2009-11-02 06:16:12 . 2009-11-02 06:16:12 ------- <DIR> C:\WINDOWS\Hewlett-Packard
2009-10-25 23:54:43 . 2009-10-25 23:54:43 ------- <DIR> C:\Program Files\Free Offers from Freeze.com
2009-10-25 23:54:40 . 2009-10-25 23:54:40 ------- <DIR> C:\Program Files\Common Files\Winferno
2009-10-25 23:54:01 . 2009-10-26 00:02:02 ------- <DIR> C:\Program Files\Winferno
2009-10-25 22:59:22 . 2009-10-25 22:59:22 ------- <DIR> C:\Documents and Settings\MMX\Application Data\Titanium Gears
2009-10-25 22:59:14 . 2009-10-25 23:59:13 ------- <DIR> C:\Program Files\Playalot Games
2009-10-25 22:53:03 . 2009-10-26 00:03:34 ------- <DIR> C:\Program Files\My.Freeze.com Toolbar
2009-10-25 22:51:14 . 2009-10-25 22:51:14 ------- <DIR> C:\Program Files\coolbirdsettings
2009-10-25 22:07:15 . 2009-11-28 22:04:36 ------- <DIR> C:\Documents and Settings\MMX\Application Data\coolbirdsettings
2009-10-25 22:07:14 . 2009-10-25 22:51:12 ------- <DIR> C:\Program Files\TorrentSpeeder
2009-10-25 16:38:21 . 2009-11-25 19:32:59 ------- <DIR> C:\Program Files\Avira
2009-10-25 14:24:11 . 2009-10-25 14:24:11 ------- <DIR> C:\WINDOWS\system32\Kaspersky Lab
2009-10-16 20:03:15 . 2009-10-16 21:53:50 ------- <DIR> C:\Program Files\Common Files\Blizzard Entertainment
2009-10-13 23:26:16 . 2009-10-13 23:26:16 ------- <DIR> C:\Program Files\Windows Live SkyDrive
2009-10-13 23:14:21 . 2009-10-13 23:14:21 ------- <DIR> C:\WINDOWS\SxsCaPendDel
2009-10-13 23:10:05 . 2009-10-13 23:10:05 ------- <DIR> C:\WINDOWS\system32\appmgmt
2009-10-12 15:19:17 . 2009-10-12 15:19:17 ------- <DIR> C:\Documents and Settings\MMX\WINDOWS
2009-06-25 08:01:02 . 2009-11-02 06:16:18 ------- <DIR> C:\Program Files\HP
2009-06-25 08:00:49 . 2009-11-25 19:32:48 --h---- <DIR> C:\Config.Msi
2009-05-19 03:06:21 . 2009-12-10 15:43:07 ------- <DIR> C:\WINDOWS\Prefetch
2009-05-18 21:11:16 . 2009-10-25 13:51:45 ------- <DIR> C:\WINDOWS\network diagnostic
2009-05-09 00:04:46 . 2009-12-10 14:58:43 ------- <DIR> C:\Documents and Settings\MMX\Tracing
2009-05-08 23:50:47 . 2009-10-13 23:26:27 ------- <DIR> C:\Program Files\Windows Live
2009-05-03 18:18:35 . 2009-11-19 17:07:05 ---s--- <DIR> C:\Documents and Settings\MMX\My Documents\mabinogi
2009-05-03 09:18:25 . 2009-12-10 09:14:56 ------- <DIR> C:\Program Files\eMule
2009-05-03 02:44:09 . 2009-12-10 15:43:56 ------- <DIR> C:\WINDOWS\Temp
2009-05-03 02:44:09 . 2009-12-10 15:43:45 ------- <DIR> C:\WINDOWS
2009-05-03 02:44:09 . 2009-12-10 15:43:08 ------- <DIR> C:\WINDOWS\system32
2009-05-03 02:44:09 . 2009-12-10 15:20:08 --h---- <DIR> C:\WINDOWS\inf
2009-05-03 02:44:09 . 2009-12-10 14:59:43 -rhs--- <DIR> C:\WINDOWS\system32\dllcache
2009-05-03 02:44:09 . 2009-12-10 14:59:38 ------- <DIR> C:\WINDOWS\Help
2009-05-03 02:44:09 . 2009-12-10 06:21:08 ------- <DIR> C:\WINDOWS\system32\drivers
2009-05-03 02:44:09 . 2009-11-28 22:05:26 ------- <DIR> C:\WINDOWS\system32\drivers\etc
2009-05-03 02:44:09 . 2009-11-25 19:32:47 ------- <DIR> C:\WINDOWS\WinSxS
2009-05-03 02:44:09 . 2009-11-25 18:51:23 ------- <DIR> C:\WINDOWS\repair
2009-05-03 02:44:09 . 2009-11-25 18:13:05 a------ 90112 C:\WINDOWS\DUMP50df.tmp
2009-05-03 02:44:09 . 2009-11-16 23:19:44 -r-s--- <DIR> C:\WINDOWS\Fonts
2009-05-03 02:44:09 . 2009-11-01 20:23:30 a------ 90112 C:\WINDOWS\DUMP4f1a.tmp
2009-05-03 02:44:09 . 2009-10-13 22:37:37 ------- <DIR> C:\WINDOWS\system
2009-05-02 19:20:56 . 2009-12-10 15:42:50 ---s--- <DIR> C:\Documents and Settings\MMX\Cookies
2009-05-02 19:20:56 . 2009-12-10 15:41:46 -rh---- <DIR> C:\Documents and Settings\MMX\Recent
2009-05-02 19:20:56 . 2009-12-09 23:42:08 ------- <DIR> C:\Documents and Settings\MMX\桌面
2009-05-02 19:20:56 . 2009-12-08 17:31:36 a-h---- 6291456 C:\Documents and Settings\MMX\NTUSER.DAT
2009-05-02 19:20:56 . 2009-11-22 20:44:22 -r----- <DIR> C:\Documents and Settings\MMX\My Documents
2009-05-02 19:20:56 . 2009-11-21 17:43:44 --h---- <DIR> C:\Documents and Settings\MMX\NetHood
2009-05-02 19:20:56 . 2009-11-16 23:26:52 -rh---- <DIR> C:\Documents and Settings\MMX\Application Data
2009-05-02 19:20:56 . 2009-11-07 22:37:01 -r----- <DIR> C:\Documents and Settings\MMX\Favorites
2009-05-02 19:20:56 . 2009-10-25 13:33:31 -r----- <DIR> C:\Documents and Settings\MMX\My Documents\My Pictures
2009-05-02 19:20:56 . 2009-10-20 12:49:57 -r----- <DIR> C:\Documents and Settings\MMX\「開始」功能表
2009-05-02 19:00:35 . 2009-11-16 23:24:25 --h---- <DIR> C:\Program Files\InstallShield Installation Information
2009-05-02 18:56:42 . 2009-10-14 00:32:22 ------- <DIR> C:\WINDOWS\Microsoft.NET
2009-05-02 18:56:42 . 2009-10-13 23:13:39 -r-s--- <DIR> C:\WINDOWS\assembly
2009-05-02 18:55:40 . 2009-12-08 17:32:16 a--s--- 2048 C:\WINDOWS\bootstat.dat
2009-05-02 18:54:29 . 2009-12-10 15:19:18 --h---- <DIR> C:\WINDOWS\$hf_mig$
2009-05-02 18:53:32 . 2009-11-28 18:43:01 ---s--- <DIR> C:\WINDOWS\Downloaded Program Files
2009-05-02 18:53:11 . 2009-10-26 00:02:01 ---s--- <DIR> C:\WINDOWS\Tasks
2009-05-02 18:53:06 . 2009-11-23 19:58:31 ------- <DIR> C:\Program Files\Internet Explorer
2009-05-02 18:52:35 . 2009-11-25 18:51:17 ------- <DIR> C:\WINDOWS\Registration
2009-05-02 18:48:44 . 2009-11-25 19:32:48 --hs--- <DIR> C:\WINDOWS\Installer
2009-05-02 18:48:42 . 2009-11-28 18:43:00 -r----- <DIR> C:\Program Files
2009-05-02 18:48:42 . 2009-11-16 23:11:28 ------- <DIR> C:\Program Files\Common Files
2009-05-02 18:48:42 . 2009-10-13 23:26:21 ------- <DIR> C:\Program Files\Common Files\Microsoft Shared
2009-05-02 18:47:47 . 2009-12-10 15:20:02 ------- <DIR> C:\WINDOWS\system32\CatRoot2
2009-05-02 18:47:31 . 2009-11-18 08:30:22 a------ 160344 C:\WINDOWS\system32\FNTCACHE.DAT
2006-08-24 00:54:07 . 2009-11-23 20:33:43 --hs--- <DIR> C:\System Volume Information
.
================================================================================
執行中的程序:
[PID: 968] C:\WINDOWS\system32\Ati2evxx.exe [<Verified> ATI Technologies Inc.]
[PID: 1480] C:\WINDOWS\system32\spoolsv.exe [<Verified> Microsoft Corporation]
[PID: 1504] C:\WINDOWS\system32\Ati2evxx.exe [<Verified> ATI Technologies Inc.]
[PID: 1696] C:\Program Files\Avira\AntiVir Desktop\sched.exe [ Avira GmbH]
[PID: 256] C:\WINDOWS\RTHDCPL.EXE [<Verified> Realtek Semiconductor Corp.]
[PID: 276] C:\Program Files\EmvSmartCardReader\SmartMON.exe [ N/A]
[PID: 288] C:\Program Files\EmvSmartCardReader\BePCSC.exe [ N/A]
[PID: 304] C:\Program Files\GridService\peer.exe [ FS2YOU]
[PID: 340] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [<Verified> Hewlett-Packard]
[PID: 484] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [ Avira GmbH]
[PID: 504] C:\WINDOWS\system32\ctfmon.exe [<Verified> Microsoft Corporation]
[PID: 740] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [ ATI Technologies Inc.]
[PID: 1284] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [ ATI Technologies Inc.]
[PID: 2104] C:\Program Files\CyberLink\Shared files\RichVideo.exe [<Verified> ]
[PID: 2216] C:\WINDOWS\system32\scardsvr.exe [<Verified> Microsoft Corporation]
[PID: 2268] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [<Verified> Microsoft Corporation]
[PID: 2328] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [<Verified> Ulead Systems, Inc.]
[PID: 2364] C:\Program Files\Viewpoint\Common\ViewpointService.exe [<Verified> Viewpoint Corporation]
[PID: 4044] C:\WINDOWS\System32\alg.exe [<Verified> Microsoft Corporation]
[PID: 3956] C:\Program Files\Avira\AntiVir Desktop\avguard.exe [ Avira GmbH]
[PID: 2836] C:\Program Files\eMule\emule.exe [ hxxp://www.emule-project.net]
[PID: 2624] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [<Verified> Yahoo! Inc.]
[PID: 4000] C:\WINDOWS\system32\wbem\wmiprvse.exe [<Verified> Microsoft Corporation]
[PID: 2848] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [<Verified> Microsoft Corporation]
[PID: 2920] C:\Program Files\Windows Live\Contacts\wlcomm.exe [<Verified> Microsoft Corporation]
[PID: 1008] C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe [<Verified> Hewlett-Packard Co.]
[PID: 3152] C:\WINDOWS\system32\conime.exe [<Verified> Microsoft Corporation]
[PID: 3416] C:\WINDOWS\system32\wbem\wmiprvse.exe [<Verified> Microsoft Corporation]
[PID: 2548] C:\WINDOWS\system32\wuauclt.exe [<Verified> Microsoft Corporation]
系統執行程序中沒有檔案資訊的動態連結檔:
'spoolsv.exe'(1480)
=> C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp4xa.dll 61.063.264.22
'ccc.exe'(1284)
=> C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll 1.0.0.0
=> C:\WINDOWS\assembly\GAC\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 1.0.0.0
=> C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll 1.0.0.0
'msnmsgr.exe'(2848)
=> C:\WINDOWS\system32\msdmo.dll
================================================================================
HOSTS:
98.126.17.171 www.qqluna.com
98.126.17.171 www.mhluna.com
98.126.17.171 www.101wg.cn
98.126.17.171 www.poc88.cn
98.126.17.171 www.lqran.com
98.126.17.171 myyong.com
98.126.17.171 www.sexran.net
98.126.17.171 www.yyran.com
98.126.17.171 www.99yong.com
98.126.17.171 www.vipyong.com
98.126.17.171 www.ranyong.com
98.126.17.171 www.babyran.com
98.126.17.171 www.zumuran.com
98.126.17.171 www.mxran.com
98.126.17.171 cityyong.com
98.126.17.171 www.ddran.cn
98.126.17.171 www.gmyong.com
98.126.17.171 www.codeyong.com
98.126.17.171 www.95yong.com
98.126.17.171 ran.878x.net
98.126.17.171 www.xxran.com
登錄值列表 *** 注意 : 部分正常值不會顯示 ***
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
"<沒有名稱>"="" [File Not Found.]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [N/A]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [Yahoo! Inc.]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\ime\IMJP8_1\imjpmig.exe" [Microsoft Corporation]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe" [Microsoft Corporation]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe" [Microsoft Corporation]
"RTHDCPL"="C:\WINDOWS\RTHDCPL.exe" [Realtek Semiconductor Corp.]
"Alcmtr"="C:\WINDOWS\Alcmtr.exe" [Realtek Semiconductor Corp.]
"SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [N/A]
"BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [N/A]
"Grid Service"="C:\Program Files\GridService\peer.exe" [FS2YOU]
"way math bike enc"="C:\Documents and Settings\All Users\Application Data\cast dale way math\axis mfcd.exe" [Upgraded Pofitors]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [X]
"HP Software Update"="C:\Program Files\HP\HP Software Update\hpwuschd2.exe" [Hewlett-Packard]
"<沒有名稱>"="" [File Not Found.]
"UVS12 Preload"="C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe" [Corel TW Corp.]
"UpdatePDRShortCut"="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [CyberLink Corp.]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [Avira GmbH]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" - 2006-10-18 21:47 133632 C:\WINDOWS\system32\WPDShServiceObj.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2008-07-28 18:47 882416 C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
2008-04-01 08:39 73728 C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2009-05-19 11:36 137600 C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
2008-11-26 19:42 1916024 C:\Program Files\My.Freeze.com Toolbar\freeze_int2.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 18:47 160496 C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
HonorAutoRunSetting=0x1
c:\documents and settings\all users\「開始」功能表\程式集\啟動\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [ 2004-12-14 04:44:06 29696 ]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [ 2001-02-13 01:01:04 83360 ]
Rename operations pending:
001; C:\DOCUME~1\MMX\LOCALS~1\Temp\7dda43f45eed.tmp ;DELETE;
002; C:\DOCUME~1\MMX\LOCALS~1\Temp\94344f0efc01.tmp ;DELETE;
003; C:\DOCUME~1\MMX\LOCALS~1\Temp\377c599f8ea8.tmp ;DELETE;
004; C:\DOCUME~1\MMX\LOCALS~1\Temp\d75b5cdbab85.tmp ;DELETE;
005; C:\DOCUME~1\MMX\LOCALS~1\Temp\c652771aa24f.tmp ;DELETE;
006; C:\DOCUME~1\MMX\LOCALS~1\Temp\071078895fa2.tmp ;DELETE;
007; C:\DOCUME~1\MMX\LOCALS~1\Temp\f86e7abdac98.tmp ;DELETE;
008; C:\DOCUME~1\MMX\LOCALS~1\Temp\669c80533954.tmp ;DELETE;
009; C:\WINDOWS\system32\drivers\EagleNt.sys ;DELETE;
010; C:\DOCUME~1\MMX\LOCALS~1\Temp\54c25c742f85.tmp ;DELETE;
011; C:\DOCUME~1\MMX\LOCALS~1\Temp\5cce76030df2.tmp ;DELETE;
012; C:\DOCUME~1\MMX\LOCALS~1\Temp\f31c7ac3b164.tmp ;DELETE;
013; C:\DOCUME~1\MMX\LOCALS~1\Temp\89c47018e6e7.tmp ;DELETE;
014; C:\DOCUME~1\MMX\LOCALS~1\Temp\a1c88f79ef7a.tmp ;DELETE;
015; C:\DOCUME~1\MMX\LOCALS~1\Temp\3e5590ab50c3.tmp ;DELETE;
016; C:\DOCUME~1\MMX\LOCALS~1\Temp\825a92efca72.tmp ;DELETE;
017; C:\DOCUME~1\MMX\LOCALS~1\Temp\1b3696272de6.tmp ;DELETE;
018; C:\WINDOWS\system32\drivers\EagleNt.sys ;DELETE;
019; C:\WINDOWS\system32\wuapi.dll.wusetup.163670078.bak ;DELETE;
020; C:\WINDOWS\system32\wuauclt.exe.wusetup.163670125.bak ;DELETE;
021; C:\WINDOWS\system32\wuaueng.dll.wusetup.163670359.bak ;DELETE;
"C:\WINDOWS\system32\drivers\cdaudio.sys" not found.
"C:\WINDOWS\system32\ipfltdrv.sys" not found.
================================================================================
服務 \ 驅動 列表:
顯示方式 : 啟動狀態 服務名稱;顯示名稱;檔案名稱
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [Avira GmbH]
P12 MediaSerial;Portable Media Number;C:\WINDOWS\system32\RjmktvC.dll [File Not Found.]
S3 napagent;Network Access Protection Agent;C:\WINDOWS\System32\qagentrt.dll [Microsoft Corporation]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service [File Not Found.]
S2 rcmdsvc;Remote Command Service;C:\WINDOWS\system32\xtzlno.exe [File Not Found.]
R2 SeaPort;SeaPort;C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [Microsoft Corporation]
S2 VServer_2008;V_Server;C:\Program Files\Common Files\Microsoft Shared\MSInfo\R_Server.exe [File Not Found.]
S2 winloginsav;Rising Scan Service2009;C:\WINDOWS\system32\RlmitjC.dl [File Not Found.]
U? AVPsys;AVPsys;[X]
S3 city;city;C:\WINDOWS\system32\drivers\city.ahc [N/A]
S3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [File Not Found.]
S3 SecRomDrv;Secure CDROM Property;C:\WINDOWS\system32\DRIVERS\cdrom.sys [Microsoft Corporation]
S3 Yong_tw;Yong_tw;C:\WINDOWS\system32\drivers\Yong_tw.ahc [N/A]
================================================================================
工作排程資料夾內的資料:
IE 首頁設定:
Internet Explorer Version: 6.0.2900.5512
HKLM - Search Page = hxxp://tw.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://tw.search.yahoo.com
HKCU - Start Page = hxxp://tw.yahoo.com/
HKCU - Search Page = hxxp://tw.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://tw.search.yahoo.com
HKCU - Extra menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
HKLM - Extensions: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
HKLM - Extensions: {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
HKLM - Extensions: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
HKLM - Extensions: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
================================================================================
Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.
================================================================================
A: -Removable Disk- No Assess
C: -Local Disk- Size: 32218386432 FreeSpace: 12433031168 NTFS
D: -Local Disk- Size: 214334345216 FreeSpace: 11102408704 NTFS
E: -Compact Disc- No Assess
掃描結束時間: 2009-12-10 15:44:41.74
小紅傘開著好像毒也是一直來XD
[h80053 在 2009-12-10 04:36 PM 作了最後編輯]
