[中毒] USB中毒 已用EF掃毒過
USB中毒已久
C D槽都有autorun.inf
希望善心的大大可以幫忙
以下為EF掃毒報告
[code]
script code: 5844
efix 5.2 20090616.14 - 2009-06-18 18:04:05.92 - ntfs
Microsoft Windows XP Service Pack 2 - user
執行位置: C:\Documents and Settings\user\桌面\EF.exe
AV: AVG Anti-Virus Free (AVG Technologies) True - Enabled
AV: AntiVir Desktop (Avira GmbH) True - Enabled
================================================================================
EF刪除的檔案列表:
沒有刪除任何檔案.
================================================================================
EF修改的登錄值列表:
沒有刪除任何登錄值.
================================================================================
AUTORUN.INF:
<資料夾> C:\autorun.inf
<資料夾> D:\autorun.inf
================================================================================
各磁碟根目錄含有隱藏屬性的資料夾和檔案 :
2006-05-30 13:07:08 . 2008-08-09 05:13:49 -rhs--- 210 C:\boot.ini
2006-05-30 13:06:21 . 2004-08-04 20:00:00 arhs--- 213830 C:\bootfont.bin
2008-10-14 07:24:24 . 2009-06-18 10:46:48 a-hs--- 1600180224 C:\hiberfil.sys
2006-11-27 02:41:00 . 2005-07-28 16:56:02 a-h---- 18 C:\initrd.pam
2006-05-30 14:23:01 . 2006-05-30 14:23:01 arhs--- 0 C:\IO.SYS
2006-11-27 02:41:00 . 2006-04-06 18:03:08 a-h---- 66 C:\kernel.pam
2008-01-01 18:57:55 . 2008-05-31 14:00:24 -rhs--- 2048 C:\KYOGTS.SYS
2006-05-30 14:23:01 . 2006-05-30 14:23:01 -rhs--- 0 C:\MSDOS.SYS
2006-05-30 13:06:29 . 2004-08-04 20:00:00 arhs--- 47564 C:\NTDETECT.COM
2006-05-30 13:06:29 . 2008-05-13 23:37:54 arhs--- 257728 C:\ntldr
2006-11-08 03:29:41 . 2009-06-18 10:46:39 a-hs--- 2145386496 C:\pagefile.sys
2006-11-30 18:55:40 . 2006-11-30 18:55:40 a-h---- 268 C:\sqmdata00.sqm
2006-11-30 20:56:46 . 2006-11-30 20:56:46 a-h---- 268 C:\sqmdata01.sqm
2006-12-01 10:53:29 . 2006-12-01 10:53:29 a-h---- 268 C:\sqmdata02.sqm
2006-12-02 00:46:50 . 2006-12-02 00:46:50 a-h---- 268 C:\sqmdata03.sqm
2006-12-02 15:42:07 . 2006-12-02 15:42:07 a-h---- 268 C:\sqmdata04.sqm
2006-12-02 16:39:39 . 2006-12-02 16:39:39 a-h---- 232 C:\sqmdata05.sqm
2006-12-06 12:58:04 . 2006-12-06 12:58:04 a-h---- 268 C:\sqmdata06.sqm
2006-12-06 13:23:57 . 2006-12-06 13:23:57 a-h---- 268 C:\sqmdata07.sqm
2006-12-06 22:32:30 . 2006-12-06 22:32:30 a-h---- 268 C:\sqmdata08.sqm
2006-12-08 10:49:55 . 2006-12-08 10:49:55 a-h---- 268 C:\sqmdata09.sqm
2006-12-08 11:32:04 . 2006-12-08 11:32:04 a-h---- 268 C:\sqmdata10.sqm
2006-12-08 12:10:33 . 2006-12-08 12:10:33 a-h---- 268 C:\sqmdata11.sqm
2006-12-08 16:45:06 . 2006-12-08 16:45:06 a-h---- 268 C:\sqmdata12.sqm
2006-12-09 14:23:26 . 2006-12-09 14:23:26 a-h---- 268 C:\sqmdata13.sqm
2006-11-30 18:55:37 . 2006-11-30 18:55:37 a-h---- 244 C:\sqmnoopt00.sqm
2006-11-30 20:56:46 . 2006-11-30 20:56:46 a-h---- 244 C:\sqmnoopt01.sqm
2006-12-01 10:53:29 . 2006-12-01 10:53:29 a-h---- 244 C:\sqmnoopt02.sqm
2006-12-02 00:46:50 . 2006-12-02 00:46:50 a-h---- 244 C:\sqmnoopt03.sqm
2006-12-02 15:42:07 . 2006-12-02 15:42:07 a-h---- 244 C:\sqmnoopt04.sqm
2006-12-02 16:39:39 . 2006-12-02 16:39:39 a-h---- 244 C:\sqmnoopt05.sqm
2006-12-06 12:58:04 . 2006-12-06 12:58:04 a-h---- 244 C:\sqmnoopt06.sqm
2006-12-06 13:23:57 . 2006-12-06 13:23:57 a-h---- 244 C:\sqmnoopt07.sqm
2006-12-06 22:32:30 . 2006-12-06 22:32:30 a-h---- 244 C:\sqmnoopt08.sqm
2006-12-08 10:49:55 . 2006-12-08 10:49:55 a-h---- 244 C:\sqmnoopt09.sqm
2006-12-08 11:32:04 . 2006-12-08 11:32:04 a-h---- 244 C:\sqmnoopt10.sqm
2006-12-08 12:10:33 . 2006-12-08 12:10:33 a-h---- 244 C:\sqmnoopt11.sqm
2006-12-08 16:45:06 . 2006-12-08 16:45:06 a-h---- 244 C:\sqmnoopt12.sqm
2006-12-09 14:23:26 . 2006-12-09 14:23:26 a-h---- 244 C:\sqmnoopt13.sqm
2009-01-31 04:44:57 . 2009-06-18 13:08:25 --h---- <DIR> C:\$AVG8.VAULT$
2006-11-27 02:41:00 . 2006-11-27 02:41:15 --h---- <DIR> C:\InstantON
2006-05-31 10:30:25 . 2009-05-11 22:00:38 --hs--- <DIR> C:\RECYCLER
2006-11-08 03:30:56 . 2006-11-27 02:33:25 --hs--- <DIR> C:\System Volume
Information
2009-02-18 17:24:07 . 2009-02-18 17:24:07 --h---- <DIR> D:\$AVG8.VAULT$
2006-11-30 20:29:49 . 2006-11-30 20:29:49 -rh---- <DIR> D:\MSOCache
2006-11-30 21:37:31 . 2008-07-21 23:26:31 --hs--- <DIR> D:\RECYCLER
2006-11-08 03:30:56 . 2006-11-27 02:31:46 --hs--- <DIR> D:\System Volume
Information
********** Created 2009-05 -- 2009-06 Files: **********
2009-06-12 05:46:12 . 2009-05-01 05:13:09 unknow- [2048] 12800
C:\WINDOWS\system32\dllcache\xpshims.dll
2009-06-12 05:46:10 . 2009-05-01 05:12:56 unknow- [2048] 246272
C:\WINDOWS\system32\dllcache\ieproxy.dll
2009-06-09 16:06:00 . 2009-06-12 00:00:01 ------- <DIR> C:\Program
Files\eToro
2009-06-09 14:44:48 . 2009-06-09 14:44:48 ------- <DIR> C:\Program Files\iPod
2009-06-09 03:59:25 . 2009-06-18 17:12:48 a------ 25 C:\WINDOWS\popcinfot.dat
2009-05-29 02:35:08 . 2009-06-08 12:09:03 ------- <DIR> C:\Program
Files\WowUSBVirusKiller
2009-05-26 00:42:22 . 2000-08-31 08:00:00 a------ 29696 C:\WINDOWS\nircmd.com
2009-05-26 00:32:30 . 2009-05-26 03:19:27 ------- <DIR> C:\Program
Files\USBScan
2009-05-25 23:19:02 . 2009-05-25 23:22:58 ------- <DIR>
C:\WINDOWS\system32\NtmsData
.
********** Modified 2009-04 -- 2009-06 files: **********
2009-06-18 17:12:48 a------ 25 C:\WINDOWS\popcinfot.dat
2009-06-18 10:52:47 a------ 1688 C:\WINDOWS\psnetwork.ini
2009-06-18 10:52:42 a------ 43 C:\WINDOWS\PCDNSetting.ini
2009-06-18 06:38:04 ------- 32686 C:\WINDOWS\SchedLgU.Txt
2009-06-12 20:06:11 a------ 271784 C:\WINDOWS\system32\FNTCACHE.DAT
2009-06-02 00:51:12 a------ 23635392 C:\WINDOWS\system32\MRT.exe
2009-05-13 13:02:17 unknow- [2080] 915456
C:\WINDOWS\system32\dllcache\wininet.dll
2009-05-13 13:02:16 unknow- [2080] 5936128
C:\WINDOWS\system32\dllcache\mshtml.dll
2009-05-13 13:02:16 a------ 5936128 C:\WINDOWS\system32\mshtml.dll
2009-05-07 23:42:36 unknow- [2048] 339456
C:\WINDOWS\system32\dllcache\localspl.dll
2009-05-07 23:42:36 a------ 339456 C:\WINDOWS\system32\localspl.dll
2009-05-04 01:35:51 a------ 1542 C:\WINDOWS\powerplayer.ini
2009-05-04 01:35:51 a------ 113 C:\WINDOWS\PPSMediaList.ini
2009-05-04 01:34:48 a------ 20 C:\WINDOWS\powerlist.ini
2009-05-01 05:13:09 unknow- [2048] 12800
C:\WINDOWS\system32\dllcache\xpshims.dll
2009-05-01 05:13:04 unknow- [2080] 1985024
C:\WINDOWS\system32\dllcache\iertutil.dll
2009-05-01 05:13:04 a------ 1985024 C:\WINDOWS\system32\iertutil.dll
2009-05-01 05:13:03 a------ 11064832 C:\WINDOWS\system32\ieframe.dll
2009-05-01 05:12:57 unknow- [2080] 25600
C:\WINDOWS\system32\dllcache\jsproxy.dll
2009-05-01 05:12:57 unknow- [2080] 1469440
C:\WINDOWS\system32\dllcache\inetcpl.cpl
2009-05-01 05:12:57 unknow- [2080] 1207808
C:\WINDOWS\system32\dllcache\urlmon.dll
2009-05-01 05:12:57 a------ 25600 C:\WINDOWS\system32\jsproxy.dll
2009-05-01 05:12:57 a------ 1469440 C:\WINDOWS\system32\inetcpl.cpl
2009-05-01 05:12:56 unknow- [2048] 246272
C:\WINDOWS\system32\dllcache\ieproxy.dll
2009-05-01 05:12:56 a------ 385536 C:\WINDOWS\system32\iedkcs32.dll
2009-04-30 19:21:08 a------ 173056 C:\WINDOWS\system32\ie4uinit.exe
2009-04-29 14:16:11 a------ 773 C:\WINDOWS\system32\lvcoinst.log
2009-04-20 04:08:01 unknow- [2048] 1846272
C:\WINDOWS\system32\dllcache\win32k.sys
.
================================================================================
執行中的程序:
[PID: 996] C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
[Seagate Technology LLC]
[PID: 956] C:\WINDOWS\system32\conime.exe [Microsoft Corporation]
[PID: 5944] C:\Program Files\Windows Live\Messenger\usnsvc.exe [Microsoft
Corporation]
[PID: 5728] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
[TOSHIBA CORPORATION.]
[PID: 5664] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
[TOSHIBA CORPORATION.]
[PID: 5520] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe [東芝
公司。]
[PID: 524] C:\Program Files\Bonjour\mDNSResponder.exe [Apple Inc.]
[PID: 5204] C:\Program Files\iPod\bin\iPodService.exe [Apple Inc.]
[PID: 4976] C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
[Logitech Inc.]
[PID: 484] C:\WINDOWS\system32\wuauclt.exe [Microsoft Corporation]
[PID: 452] C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [AVG Technologies CZ, s.r.o.]
[PID: 4336] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [東
芝公司。]
[PID: 424] C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe [Apple Inc.]
[PID: 4172] C:\Program Files\Skype\Phone\Skype.exe [Skype Technologies S.A.]
[PID: 408] C:\Program Files\Avira\AntiVir Desktop\avguard.exe [Avira GmbH]
[PID: 4044] C:\WINDOWS\system32\ctfmon.exe [Microsoft Corporation]
[PID: 3932] C:\Program Files\Apoint\Apntex.exe [Alps Electric Co., Ltd.]
[PID: 3848] C:\Program Files\Common Files\Sony Shared\VAIO
Entertainment\VzRs\VzRs.exe [Sony Corporation]
[PID: 3740] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[Logitech Inc.]
[PID: 372] C:\WINDOWS\System32\alg.exe [Microsoft Corporation]
[PID: 3716] C:\Program Files\iTunes\iTunesHelper.exe [Apple Inc.]
[PID: 3564] C:\Program Files\Protector Suite QL\menusw.exe [UPEK Inc.]
[PID: 3504] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [Sony
Corporation]
[PID: 3368] c:\program files\avira\antivir desktop\avcenter.exe [Avira GmbH]
[PID: 3312] C:\Program Files\EmvSmartCardReader\SmartMON.exe [N/A]
[PID: 3268] C:\WINDOWS\system32\igfxsrvc.exe [Intel Corporation]
[PID: 3232] C:\WINDOWS\system32\igfxext.exe [Intel Corporation]
[PID: 3220] C:\Program Files\Sony\Wireless Switch Setting
Utility\Switcher.exe [Sony Corporation]
[PID: 3080] C:\Program Files\Common
Files\LogiShrd\LComMgr\Communications_Helper.exe [N/A]
[PID: 3072] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [Sony
Corporation]
[PID: 2956] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [Avira GmbH]
[PID: 2920] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
Platform\VzCdb\VzFw.exe [Sony Corporation]
[PID: 2912] C:\Program Files\Windows Live\Messenger\livecall.exe [Microsoft
Corporation]
[PID: 2884] C:\Program Files\Apoint\Apoint.exe [Alps Electric Co., Ltd.]
[PID: 2800] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
Platform\VzCdb\VzCdbSvc.exe [Sony Corporation]
[PID: 2788] C:\Program Files\Viewpoint\Common\ViewpointService.exe [Viewpoint
Corporation]
[PID: 2668] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
Platform\VCSW\VCSW.exe [Sony Corporation]
[PID: 2632] C:\Program Files\Seagate\SeagateManager\FreeAgent
Status\StxMenuMgr.exe [Seagate LLC]
[PID: 2612] C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [Sony
Corporation]
[PID: 2608] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[Viewpoint Corporation]
[PID: 2564] C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe [Symantec Corporation]
[PID: 2536] C:\Program Files\Sony\ISB Utility\ISBMgr.exe [Sony Corporation]
[PID: 2340] C:\WINDOWS\system32\scardsvr.exe [Microsoft Corporation]
[PID: 2272] C:\Program Files\EmvSmartCardReader\BePCSC.exe [N/A]
[PID: 2264] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [Intel
Corporation]
[PID: 2260] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [Microsoft
Corporation]
[PID: 2080] C:\Program Files\Logitech\QuickCam\Quickcam.exe [N/A]
[PID: 2012] C:\Program Files\Avira\AntiVir Desktop\sched.exe [Avira GmbH]
[PID: 1968] C:\WINDOWS\system32\spoolsv.exe [Microsoft Corporation]
[PID: 1964] D:\Open PCMan Combo\PCMan.exe [PCMan Project]
[PID: 1864] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[Microsoft Corporation]
[PID: 184] C:\Program Files\PPStream\ppsap.exe [PPStream Inc]
[PID: 1788] C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [N/A]
[PID: 1756] C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[Logitech Inc.]
[PID: 1700] C:\Program Files\Java\jre6\bin\jusched.exe [Sun Microsystems,
Inc.]
[PID: 1676] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[Logitech Inc.]
[PID: 1608] C:\Program Files\Java\jre6\bin\jqs.exe [Sun Microsystems, Inc.]
[PID: 1572] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[RealNetworks, Inc.]
[PID: 1360] C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [Intel
Corporation ]
[PID: 1248] C:\PROGRA~1\AVG\AVG8\avgnsx.exe [AVG Technologies CZ, s.r.o.]
[PID: 1244] C:\PROGRA~1\AVG\AVG8\avgtray.exe [AVG Technologies CZ, s.r.o.]
[PID: 1168] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [Intel Corporation]
[PID: 1120] C:\PROGRA~1\AVG\AVG8\avgrsx.exe [AVG Technologies CZ, s.r.o.]
[PID: 1052] C:\Program Files\Windows Defender\MsMpEng.exe [Microsoft
Corporation]
系統執行程序中沒有檔案資訊的動態連結檔:
winlogon.exe PID: (612)
=> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
explorer.exe PID: (440)
=> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
================================================================================
HOSTS:
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 webbrowser.tv
127.0.0.1 www.webbrowser.tv
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com
127.0.0.1 hityou.com
登錄值列表 *** 注意 : 部分正常值不會顯示 ***
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Microsoft
Corporation]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe" [N/A]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [DT Soft
Ltd]
"PPS Accelerator"="C:\Program Files\PPStream\PPSAP.exe" [PPStream Inc]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [Skype Technologies S.A.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\ime\IMJP8_1\imjpmig.exe" [Microsoft Corporation]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [Alps Electric Co., Ltd.]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [Intel Corporation]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [Intel Corporation]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [Intel Corporation]
"SkyTel"="C:\WINDOWS\SkyTel.exe" [Realtek Semiconductor Corp.]
"Alcmtr"="C:\WINDOWS\Alcmtr.exe" [Realtek Semiconductor Corp.]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
[Realtek Semiconductor Corp.]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [Sony
Corporation]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [Sony
Corporation]
"IMEKRMIG6.1"="C:\WINDOWS\ime\IMKR6_1\imekrmig.exe" [Microsoft Corporation]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE" [N/A]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting
Utility\Switcher.exe" [Sony Corporation]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [Sony
Corporation]
"Biomenu"="C:\Program Files\Protector Suite QL\menusw.exe" [UPEK Inc.]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft
Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [Microsoft Corp.]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft
Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [Microsoft Corp.]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
[RealNetworks, Inc.]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [Ahead Software Gmbh]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe"
[Microsoft Corporation]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [File Not Found.]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application
Launcher\Application Launcher.exe" [N/A]
"PowerGramo"="C:\Program Files\Monsters\PowerGramo\PowerGramo.exe" [Freebird]
"LogitechCommunicationsManager"="C:\Program Files\Common
Files\LogiShrd\LComMgr\Communications_Helper.exe" [N/A]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe"
[N/A]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [Apple
Inc.]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleSyncNotifier.exe" [Apple Inc.]
"SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [N/A]
"BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [N/A]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [AVG Technologies CZ, s.r.o.]
"MaxMenuMgr"="C:\Program Files\Seagate\SeagateManager\FreeAgent
Status\stxmenumgr.exe" [Seagate LLC]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader
9.0\Reader\reader_sl.exe" [Adobe Systems Incorporated]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [Sun
Microsystems, Inc.]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [Avira GmbH]
"WowUSBSecurity"="C:\Program Files\WowUSBVirusKiller\start.bat" [N/A]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE"
[Microsoft Corporation]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE"
[Microsoft Corporation]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" - 2006-10-18 21:47
133632 C:\WINDOWS\system32\WPDShServiceObj.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2008-07-28 18:47 882416 C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
2009-02-27 12:07 75128 C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
2009-05-11 08:17 1107224 C:\Program Files\AVG\AVG8\avgssie.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 13:37 1004800 C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
2008-09-30 13:05 145424 c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2007-10-19 11:20 546320 C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-03-09 05:18 35840 C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-03-09 05:18 73728 C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 18:47 160496 C:\Program
Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll - 2009-05-11 08:17 11952 C:\WINDOWS\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\psfus]
fusstub.dll - 2006-02-22 20:25 39936 C:\WINDOWS\system32\fusstub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll - 2006-09-23 15:24 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet
Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
[HKEY_CURRENT_USER\control panel\desktop]
"SCRNSAVE.EXE"=C:\WINDOWS\system32\FLIQLO.scr
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
NoDriveTypeAutoRun=0xff
NoDriveAutoRun REG_BINARY FFFFFF03
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun=0xff
NoCDBurning=0x0
HonorAutoRunSetting=0x1
[hku\.default\software\microsoft\windows\currentversion\policies\explorer]
NoDriveTypeAutoRun=0xff
C:\Documents and Settings\user\「開始」功能表\程式集\啟動\
PPS.lnk - C:\Program Files\PPStream\PPStream.exe [ 2008-06-03 11:32:16
1418912 ]
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [
2005-02-10 13:04:46 778240 ]
騰訊QQ.lnk - C:\Program Files\Tencent\QQ\QQ.exe [ 2007-05-17 11:33:58
1441792 ]
C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba
Stack\TosBtMng.exe [ 2006-02-02 22:19:10 1753088 ]
EZO v3.1.002.9.lnk -
C:\WINDOWS\Installer\{E1056C34-E994-4CF9-AD0A-5BFE96747F8C}\NewShortcut11_99FCC8E930884B9189002116D9749810.exe
[ 2008-11-28 00:33:19 45056 ]
Rename operations pending:
001; C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll ;DELETE;
002; C:\WINDOWS\TEMP\logishrd\ ;DELETE;
003; C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\index.dat ;DELETE;
004; C:\DOCUME~1\user\Cookies\index.dat ;DELETE;
005; C:\DOCUME~1\user\LOCALS~1\History\History.IE5\index.dat ;DELETE;
006; C:\DOCUME~1\user\LOCALS~1\History\History.IE5\MS8804~1\index.dat ;DELETE;
007; C:\Program Files\Avira\AntiVir Desktop\aeheur.dll.tmp ;DELETE;
008; C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll.tmp ;DELETE;
009; C:\Program Files\Avira\AntiVir Desktop\aescript.dll.tmp ;DELETE;
================================================================================
服務 \ 驅動 列表:
顯示方式 : 啟動狀態 服務名稱;顯示名稱;檔案名稱
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program
Files\Avira\AntiVir Desktop\sched.exe [Avira GmbH]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [AVG
Technologies CZ, s.r.o.]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program
Files\Java\jre6\bin\jqs.exe [Sun Microsystems, Inc.]
R1 AvgLdx86;AVG Free AVI Loader Driver
x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [AVG Technologies CZ, s.r.o.]
R1 AvgTdiX;AVG Free8 Network
Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [AVG Technologies CZ,
s.r.o.]
S3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [USB Smart
Card Reader]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite
QL\Drivers\FdRedir.sys [UPEK Inc.]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common
Files\Protector Suite QL\Drivers\filedisk.sys [UPEK Inc.]
S3 hwdatacard;Huawei DataCard USB Modem and USB
Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [Huawei Technologies Co.,
Ltd.]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [Infineon
Technologies AG]
S3 LVRS;Logitech RightSound Filter
Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [Logitech Inc.]
S3 MODBDA2;KWorld MOD3000 TV
receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [DiBcom SA]
S3 MODLOAD2;DVB-T USB2.0 adapter
loader;C:\WINDOWS\system32\DRIVERS\modload2.sys [DiBcom S.A]
R0 shpf;Sony HDD Protection Filter
Driver;C:\WINDOWS\system32\DRIVERS\shpf.sys [Sony Corporation]
R3 SPI;Sony Programmable I/O Control
Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [Sony Corporation]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [UPEK
Inc.]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [Texas
Instruments]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
[Apple, Inc.]
================================================================================
[HKLM\System\CurrentControlSet\Services\aspnet_state]
ImagePath = C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Microsoft Corporation]
[HKLM\System\CurrentControlSet\Services\LVPr2Mon]
ImagePath = C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [N/A]
[HKLM\System\CurrentControlSet\Services\sptd]
ImagePath = C:\WINDOWS\system32\Drivers\sptd.sys [N/A]
================================================================================
工作排程資料夾內的資料:
2009-06-13 C:\WINDOWS\TASKS\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30
12:34 566592]
2009-06-18 C:\WINDOWS\TASKS\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20 293144]
2009-06-18
C:\WINDOWS\TASKS\User_Feed_Synchronization-{0507652B-2A2B-4F4C-A69B-F12BB7D06E5E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 04:31 13312]
IE 首頁設定:
Internet Explorer Version: 8.0.6001.18702
HKCU - Start Page = hxxp://tw.yahoo.com/?fr=fp-yie8
HKCU - Extra menu item: &Windows Live Search - res://C:\Program Files\Windows
Live Toolbar\msntb.dll/search.htm
HKCU - Extra menu item: Add to Windows &Live Favorites -
hxxp://favorites.live.com/quickadd.aspx
HKCU - Extra menu item: Convert to Palm e-Book - C:\Program
Files\CnPUG-WavePDB\WavePDB.htm
HKCU - Extra menu item: 上傳到QQ網路硬碟 - C:\Program
Files\Tencent\QQ\AddToNetDisk.htm
HKCU - Extra menu item: 匯出至 Microsoft Office Excel(&X) -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
HKCU - Extra menu item: 新增到QQ自定義面板 - C:\Program
Files\Tencent\QQ\AddPanel.htm
HKCU - Extra menu item: 新增到QQ表情 - C:\Program
Files\Tencent\QQ\AddEmotion.htm
HKCU - Extra menu item: 添加到QQ自定義面板 - C:\Program
Files\Tencent\QQ\AddPanel.htm
HKCU - Extra menu item: 添加到QQ表情 - C:\Program
Files\Tencent\QQ\AddEmotion.htm
HKCU - Extra menu item: 用QQ MMS傳送該圖片 - C:\Program
Files\Tencent\QQ\SendMMS.htm
HKCU - Extra menu item: 用QQ彩信發送該圖片 - C:\Program
Files\Tencent\QQ\SendMMS.htm
HKLM - Extensions: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program
Files\Tencent\QQ\QQ.EXE
HKLM - Extensions: {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} -
C:\ESW\GoEzoZone.exe
HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
HKLM - Extensions: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
HKLM - Extensions: {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} -
{39732CE5-0EE6-401A-A0B2-27F46B755C5B} - C:\Program
Files\Tencent\QQ\QQIEHelper.dll
LSP: c:\program files\bonjour\mdnsnsp.dll
================================================================================
Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.
================================================================================
C: -Local Disk- Size: 30005817344 FreeSpace: 3894210560 NTFS
D: -Local Disk- Size: 45016924160 FreeSpace: 5481009152 NTFS
E: -Removable Disk- No Assess
F: -Removable Disk- No Assess
G: -Compact Disc- No Assess
J: -Compact Disc- No Assess
掃描結束時間: 2009-06-18 18:12:03.39
[/CODE]
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 218.211.223.12
推
06/19 00:39, , 1F
06/19 00:39, 1F
→
06/19 00:39, , 2F
06/19 00:39, 2F
推
06/19 00:43, , 3F
06/19 00:43, 3F
推
06/19 02:52, , 4F
06/19 02:52, 4F
推
06/19 10:45, , 5F
06/19 10:45, 5F
→
06/19 16:40, , 6F
06/19 16:40, 6F
推
06/19 21:38, , 7F
06/19 21:38, 7F
推
06/20 15:45, , 8F
06/20 15:45, 8F
→
06/23 21:41, , 9F
06/23 21:41, 9F
AntiVirus 近期熱門文章
PTT數位生活區 即時熱門文章
