這是Spybot 讀出來的東西:
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-07-24 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2007-11-07 Includes\Revision.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 118784
MD5: 6FC8ECA367679C2AEBBA09A416B4C18D
Located: HK_LM:Run, AVP
command: "C:\Program Files\KIS\avp.exe"
file: C:\Program Files\KIS\avp.exe
size: 227856
MD5: 7519905CD74F26E9385B83BF2EF242C2
Located: HK_LM:Run, AzMixerSel
command: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
file: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
size: 53248
MD5: EAF4EE7C73FB0784F2C128029C1ACE1C
Located: HK_LM:Run, Bluetooth Connection Assistant
command: LBTWIZ.EXE -silent
file: LBTWIZ.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 162328
MD5: 1C930A2C9A0A268F772126F33FF346F1
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 141848
MD5: B680B44AFD06C6E1982F04BEFAF5CBDB
Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7BBE4CF421AECC7F0226EDD75F12079F
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 974848
MD5: 287C76D06B7FBAD32FA064B007F17AC1
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 823296
MD5: 8EB1CB906CA03ECCFBBE0217113C154A
Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 56080
MD5: F2F64E6B1A67623E5B6C0195816B1644
Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1B17E09C1223F6D17336D2DD7A1AF4F4
Located: HK_LM:Run, OPT Drive Power Saving
command: "C:\Program Files\Sony\VAIO Power Management\OPT Drive Power Saving.EXE"
file: C:\Program Files\Sony\VAIO Power Management\OPT Drive Power Saving.EXE
size: 1486848
MD5: F79A4EAF1DC2F0ECD08265D7AD142984
Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 137752
MD5: 8553A8EFB0E9FF953065029A64D747B9
Located: HK_LM:Run, PHIMETIPSYNC
command: C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
file: C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE
size: 95296
MD5: B37D80E04823496C8E3B6067B9952C7D
Located: HK_LM:Run, PSQLLauncher
command: "C:\Program Files\Protector Suite QL\launcher.exe" /startup
file: C:\Program Files\Protector Suite QL\launcher.exe
size: 49168
MD5: 612997BF385273BFA1219A399E2BA986
Located: HK_LM:Run, SonyPowerCfg
command: "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
file: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
size: 217088
MD5: 2467ED3DF40CA82D9359E215DCD57E31
Located: HK_LM:Run, UnlockerAssistant
command: "C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe" -H
file: C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe
size: 15360
MD5: D0B7944F881639ACC626BDB13A436C55
Located: HK_LM:Run, VAIO Update 3
command: "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
file: C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
size: 546936
MD5: E55101F6657381FFAD01EDB6BBAD465A
Located: HK_LM:RunOnceEx, Title
command: UnHackMe Rootkit Check
file: UnHackMe Rootkit Check
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: .DEFAULT...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, ctfmon.exe
where: PE_C_ADMINISTRATOR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1867029185-3722341773-3004090105-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-18...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: Startup (common), Bluetooth.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 572008
MD5: 75A5A8115AE7D14BC08A17D0FB3DBEE5
Located: Startup (user), Nwtray.lnk
where: C:\Documents and Settings\Chun - Yi Wu\Start Menu\Programs\Startup...
command: C:\WINDOWS\system32\nwtray.exe
file: C:\WINDOWS\system32\nwtray.exe
size: 28672
MD5: 8EA25DB3B87BF8837F8799CDA811F719
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, klogon
command: C:\WINDOWS\system32\klogon.dll
file: C:\WINDOWS\system32\klogon.dll
size: 219664
MD5: AC07C2075EC8AB38592782BAE884494C
Located: WinLogon, LBTWlgn
command: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
file: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
size: 72208
MD5: 8AC3AB3F57922ED620C468EB62D88838
Located: WinLogon, psfus
command: C:\WINDOWS\system32\psqlpwd.dll
file: C:\WINDOWS\system32\psqlpwd.dll
size: 90112
MD5: 5885CDA5A2614A917A42A38BC422131C
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, VESWinlogon
command: VESWinlogon.dll
file: VESWinlogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
可否看出可疑之處?
|