[問題] 防寫自動產生
我的隨身碟沒有防寫開關
可是卻跑出防寫已鎖定.都沒辦法用怎麼辦
(我的隨身碟是TOYATA賞車送的2G)
EF掃出的log
[code]
efix 5.3 20090929.12 - 2009-10-06 21:33:17.78 - ntfs
Microsoft Windows XP Service Pack 3 - NBMT
Running from: C:\Documents and Settings\NBMT\桌面\EF2009092912.exe
AV: AntiVir Desktop (Avira GmbH) True - Enabled
FW: F-Secure Anti-Virus Client Security 5.55 (F-Secure Corporation) - Disable
FW: COMODO Firewall (COMODO) - Disable
warning:
Please install security updates KB971029
================================================================================
User account:
Administrator
Guest
HelpAssistant
NBMT -- Current
SUPPORT_388945a0
================================================================================
delete files list:
no delete files.
================================================================================
delete registry keys list:
Do not remove any value Sign.
================================================================================
Attribute contains "hidden" "system" Folders and files:
2007-09-10 20:00:35 . 2007-09-27 10:20:37 -rhs--- 211 C:\boot.ini
2004-08-04 20:00:00 . 2004-08-04 20:00:00 arhs--- 213830 C:\bootfont.bin
2004-08-04 20:00:00 . 2004-08-04 20:00:00 arhs--- 47564 C:\NTDETECT.COM
2004-08-04 20:00:00 . 2009-06-01 09:41:29 arhs--- 257728 C:\ntldr
2009-06-23 21:39:12 . 2009-06-23 21:39:12 a-h---- 232 C:\sqmdata00.sqm
2009-08-06 09:00:09 . 2009-08-06 09:00:09 a-h---- 232 C:\sqmdata01.sqm
2009-08-11 18:42:17 . 2009-08-11 18:42:17 a-h---- 232 C:\sqmdata02.sqm
2009-09-03 13:30:37 . 2009-09-03 13:30:37 a-h---- 232 C:\sqmdata03.sqm
2009-09-11 17:43:53 . 2009-09-11 17:43:53 a-h---- 232 C:\sqmdata04.sqm
2009-06-23 21:39:12 . 2009-06-23 21:39:12 a-h---- 244 C:\sqmnoopt00.sqm
2009-08-06 09:00:09 . 2009-08-06 09:00:09 a-h---- 244 C:\sqmnoopt01.sqm
2009-08-11 18:42:17 . 2009-08-11 18:42:17 a-h---- 244 C:\sqmnoopt02.sqm
2009-09-03 13:30:37 . 2009-09-03 13:30:37 a-h---- 244 C:\sqmnoopt03.sqm
2009-09-11 17:43:53 . 2009-09-11 17:43:53 a-h---- 244 C:\sqmnoopt04.sqm
2007-09-10 13:53:17 . 2007-09-10 13:53:17 -rh---- <DIR> G:\MSOCache
********** Created 2009-09 -- 2009-10 Files: **********
2009-10-06 21:24:52 . 2009-10-06 21:25:43 ------- <DIR> C:\Program
Files\WowUSBProtector
2009-10-05 11:34:35 . 2009-10-05 11:34:35 ------- <DIR> C:\Documents and
Settings\NBMT\Application Data\Office Genuine Advantage
2009-10-05 10:56:16 . 2009-10-05 10:56:06 a------ 86976
C:\WINDOWS\system32\drivers\inspect.sys
2009-10-05 10:56:16 . 2009-10-05 10:56:06 a------ 25160
C:\WINDOWS\system32\drivers\cmdhlp.sys
2009-10-05 10:56:16 . 2009-10-05 10:56:06 a------ 179792
C:\WINDOWS\system32\guard32.dll
2009-10-05 10:56:16 . 2009-10-05 10:56:06 a------ 132040
C:\WINDOWS\system32\drivers\cmdguard.sys
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\zh-HK
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\tr-TR
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\sv-SE
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\pt-BR
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\nl-NL
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\nb-NO
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\ko-KR
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\it-IT
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\he-IL
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\fr-FR
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\fi-FI
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\es-ES
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\el-GR
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\de-DE
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\da-DK
2009-10-05 09:48:06 . 2009-10-05 09:48:06 ------- <DIR>
C:\WINDOWS\system32\ar-SA
2009-09-24 14:03:05 . 2009-09-24 14:03:05 ------- <DIR> C:\Program
Files\Common Files\Adobe Systems Shared
2009-09-23 03:01:36 . 2009-06-22 05:46:00 ------- 153088
C:\WINDOWS\system32\dllcache\triedit.dll
2009-09-17 19:08:35 . 2009-09-18 12:26:19 ------- <DIR> C:\Program
Files\uusee
2009-09-16 08:51:10 . 2009-10-05 12:59:52 ------- <DIR> C:\Documents and
Settings\NBMT\Tracing
2009-09-16 08:47:12 . 2006-11-29 13:06:18 a------ 3426072
C:\WINDOWS\system32\d3dx9_32.dll
2009-09-16 08:45:45 . 2009-09-16 08:45:45 ------- <DIR> C:\Program
Files\Microsoft
2009-09-16 08:44:40 . 2009-09-23 17:56:46 ------- <DIR> C:\Program
Files\Windows Live
2009-09-16 08:39:02 . 2009-09-16 08:39:02 ------- <DIR> C:\Program
Files\Common Files\Windows Live
2009-09-13 17:20:43 . 2009-09-13 17:21:07 a------ 0 C:\WINDOWS\t.vbs
2009-09-13 17:20:41 . 2009-09-13 17:20:41 a------ 95 C:\WINDOWS\q.bat
2009-09-12 18:16:54 . 2009-09-12 18:16:54 a------ 14848
C:\WINDOWS\system32\BASSMOD.dll
2009-09-12 18:15:00 . 2009-09-12 18:15:00 ------- <DIR> C:\Documents and
Settings\NBMT\Application Data\Locktime
.
********** Modified 2009-08 -- 2009-10 files: **********
2009-10-06 21:05:44 a------ 2206 C:\WINDOWS\system32\wpa.dbl
2009-10-06 21:05:11 a------ 159 C:\WINDOWS\wiadebug.log
2009-10-06 21:05:06 a------ 49 C:\WINDOWS\wiaservc.log
2009-10-06 20:44:51 a------ 69 C:\WINDOWS\system32\liubox
2009-10-05 10:56:06 a------ 86976 C:\WINDOWS\system32\drivers\inspect.sys
2009-10-05 10:56:06 a------ 25160 C:\WINDOWS\system32\drivers\cmdhlp.sys
2009-10-05 10:56:06 a------ 179792 C:\WINDOWS\system32\guard32.dll
2009-10-05 10:56:06 a------ 132040 C:\WINDOWS\system32\drivers\cmdguard.sys
2009-09-24 14:16:54 a------ 298048 C:\WINDOWS\system32\FNTCACHE.DAT
2009-09-17 13:50:31 a------ 32 C:\WINDOWS\system32\rdInfo
2009-09-17 03:00:49 a------ 6176 C:\WINDOWS\ocmsn.log
2009-09-17 03:00:49 a------ 4976 C:\WINDOWS\tabletoc.log
2009-09-17 03:00:49 a------ 48640 C:\WINDOWS\ocgen.log
2009-09-17 03:00:49 a------ 45120 C:\WINDOWS\tsoc.log
2009-09-17 03:00:49 a------ 19592 C:\WINDOWS\ntdtcsetup.log
2009-09-17 03:00:39 a------ 4513 C:\WINDOWS\updspapi.log
2009-09-14 16:20:13 a------ 1418 C:\WINDOWS\pcpdfwin.ini
2009-09-13 17:21:07 a------ 0 C:\WINDOWS\t.vbs
2009-09-13 17:20:41 a------ 95 C:\WINDOWS\q.bat
2009-09-12 18:16:54 a------ 14848 C:\WINDOWS\system32\BASSMOD.dll
2009-09-08 12:23:14 a------ 36 C:\WINDOWS\verypdf.ini
2009-08-29 05:38:20 a------ 24689600 C:\WINDOWS\system32\MRT.exe
2009-08-27 03:00:24 a------ 1202 C:\WINDOWS\system32\TZLog.log
2009-08-25 11:21:38 a-hs--- 952 C:\WINDOWS\system32\KGyGaAvL.sys
2009-08-21 16:05:15 a------ 103 C:\WINDOWS\system32\hptrace.ini
2009-08-21 14:02:21 a------ 92872 C:\WINDOWS\system32\prfc0404.dat
2009-08-21 14:02:21 a------ 877394 C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-21 14:02:21 a------ 68156 C:\WINDOWS\system32\perfc009.dat
2009-08-21 14:02:21 a------ 435260 C:\WINDOWS\system32\perfh009.dat
2009-08-21 14:02:21 a------ 270340 C:\WINDOWS\system32\prfh0404.dat
2009-08-17 10:41:26 a------ 3712 C:\WINDOWS\system32\jupdate-1.6.0_15-b03.log
2009-08-08 03:05:37 a------ 735 C:\WINDOWS\win.ini
2009-08-06 19:24:18 a------ 327896 C:\WINDOWS\system32\wucltui.dll
2009-08-06 19:24:18 a------ 327896 C:\WINDOWS\system32\dllcache\wucltui.dll
2009-08-06 19:24:18 a------ 209632 C:\WINDOWS\system32\wuweb.dll
2009-08-06 19:24:18 a------ 209632 C:\WINDOWS\system32\dllcache\wuweb.dll
2009-08-06 19:24:10 a------ 44768 C:\WINDOWS\system32\wups2.dll
2009-08-06 19:24:10 a------ 35552 C:\WINDOWS\system32\wups.dll
2009-08-06 19:24:10 a------ 35552 C:\WINDOWS\system32\dllcache\wups.dll
2009-08-06 19:24:10 a------ 217816 C:\WINDOWS\system32\wuaucpl.cpl
2009-08-06 19:24:10 a------ 217816 C:\WINDOWS\system32\dllcache\wuaucpl.cpl
2009-08-06 19:24:10 a------ 11992 C:\WINDOWS\system32\wuaucpl.cpl.mui
2009-08-06 19:24:06 a------ 53472 C:\WINDOWS\system32\wuauclt.exe
2009-08-06 19:24:06 a------ 53472 C:\WINDOWS\system32\dllcache\wuauclt.exe
2009-08-06 19:24:04 a------ 96480 C:\WINDOWS\system32\cdm.dll
2009-08-06 19:23:54 a------ 575704 C:\WINDOWS\system32\wuapi.dll
2009-08-06 19:23:54 a------ 575704 C:\WINDOWS\system32\dllcache\wuapi.dll
2009-08-06 19:23:54 a------ 16096 C:\WINDOWS\system32\wucltui.dll.mui
2009-08-06 19:23:46 a------ 274288 C:\WINDOWS\system32\mucltui.dll
2009-08-06 19:23:46 a------ 215920 C:\WINDOWS\system32\muweb.dll
2009-08-06 19:23:46 a------ 1929952 C:\WINDOWS\system32\wuaueng.dll
2009-08-06 19:23:46 a------ 1929952 C:\WINDOWS\system32\dllcache\wuaueng.dll
2009-08-06 19:23:46 a------ 13168 C:\WINDOWS\system32\mucltui.dll.mui
2009-08-06 19:23:46 a------ 13024 C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-06 19:23:46 a------ 12512 C:\WINDOWS\system32\wuapi.dll.mui
.
================================================================================
Running process:
[PID: 972] C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
[<Verified> COMODO]
[PID: 1572] C:\WINDOWS\system32\spoolsv.exe [<Verified> Microsoft
Corporation]
[PID: 1624] C:\Program Files\Avira\AntiVir Desktop\sched.exe [ Avira GmbH]
[PID: 1952] C:\Program Files\Avira\AntiVir Desktop\avguard.exe [ Avira GmbH]
[PID: 2000] C:\Program Files\Java\jre6\bin\jqs.exe [<Verified> Sun
Microsystems, Inc.]
[PID: 328] C:\WINDOWS\system32\npkcmsvc.exe [ INCA Internet Co., Ltd.]
[PID: 472] C:\Program Files\Microsoft\Search Enhancement
Pack\SeaPort\SeaPort.exe [<Verified> Microsoft Corporation]
[PID: 696] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [ adi]
[PID: 1064] C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [ Analog
Devices, Inc.]
[PID: 1100] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe [ Hewlett-Packard]
[PID: 1176] C:\Program Files\Alcohol Soft\Alcohol
120\StarWind\StarWindService.exe [ Rocket Division Software]
[PID: 1312] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe [ ]
[PID: 1412] C:\Program Files\Java\jre6\bin\jusched.exe [<Verified> Sun
Microsystems, Inc.]
[PID: 1456] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [ Avira GmbH]
[PID: 1724] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [
Adobe Systems Inc.]
[PID: 1736] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
[<Verified> COMODO]
[PID: 1772] C:\WINDOWS\system32\ctfmon.exe [<Verified> Microsoft
Corporation]
[PID: 2116] C:\Program
Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe [ N/A]
[PID: 2936] C:\WINDOWS\System32\alg.exe [<Verified> Microsoft Corporation]
[PID: 584] C:\WINDOWS\system32\conime.exe [<Verified> Microsoft Corporation]
[PID: 3132] C:\Program Files\WowUSBProtector\WowUSBSecurity.exe [ N/A]
[PID: 3896] C:\WINDOWS\system32\wbem\wmiprvse.exe [<Verified> Microsoft
Corporation]
[PID: 300] C:\Program Files\WowUSBProtector\WowUSBAutoUpdate.exe [ N/A]
[PID: 468] C:\Program Files\WowUSBProtector\WowUSBAutoUpdate.exe [ N/A]
[PID: 3552] C:\WINDOWS\system32\wbem\wmiprvse.exe [<Verified> Microsoft
Corporation]
[PID: 3640] C:\WINDOWS\system32\wuauclt.exe [<Verified> Microsoft
Corporation]
unknow dlls:
'spoolsv.exe'(1572)
=> C:\WINDOWS\system32\HPBHealr.dll
=> C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPPRN05.DLL 60.05.17.02
=> C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5k4.DLL 61.072.51.02
'WowUSBAutoUpdate.exe'(468)
=> C:\DOCUME~1\NBMT\LOCALS~1\Temp\_MEI300\win32api.pyd 2.5.212.0
=> C:\DOCUME~1\NBMT\LOCALS~1\Temp\_MEI300\pywintypes25.dll 2.5.212.0
=> C:\DOCUME~1\NBMT\LOCALS~1\Temp\_MEI300\pythoncom25.dll 2.5.212.0
================================================================================
HOSTS:
127.0.0.1 localhost
127.0.0.1 blogo.tw
127.0.0.1 sedewanion.com
127.0.0.1 www.1a123.com
127.0.0.1 www.lovebak.com
127.0.0.1 www.microsofttw.com
127.0.0.1 www.456kill.com
127.0.0.1 www.tw7890.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
registry keys list
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\ime\IMJP8_1\imjpmig.exe" [Microsoft Corporation]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [adi]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe" [Hewlett-Packard]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [Hewlett-Packard]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
[Hewlett-Packard]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft
Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [Microsoft Corp.]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft
Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [Microsoft Corp.]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [Ahead Software Gmbh]
"MSNDreyePlugin"="C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe"
[N/A]
"ISUSPM Startup"="C:\Program Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe" [Macrovision Corporation]
"ISUSScheduler"="C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" [Macrovision Corporation]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [Sun
Microsystems, Inc.]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [Avira GmbH]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat
7.0\Distillr\acrotray.exe" [Adobe Systems Inc.]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet
Security\cfp.exe" [COMODO]
"WowUSBSecurity"="C:\Program Files\WowUSBProtector\start.bat" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" - 2006-10-18 21:47
133632 C:\WINDOWS\system32\WPDShServiceObj.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2009-05-19 11:36 137600 C:\Program Files\Microsoft\Search Enhancement
Pack\Search Helper\SEPsearchhelperie.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2006-12-18 04:18 231160 C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-07-25 05:23 41760 C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-07-25 05:22 73728 C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\WINDOWS\system32\rundll32.exe"
"C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
NoDriveTypeAutoRun REG_BINARY FF000000
NoNetHood=0x0
NoSMHelp=0x0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
HonorAutoRunSetting=0x1
NoDriveTypeAutoRun=0xffffff
[hku\.default\software\microsoft\windows\currentversion\policies\explorer]
NoDriveTypeAutoRun=0xffffff
C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Adobe Acrobat Speed Launcher.lnk -
C:\WINDOWS\Installer\{AC76BA86-1028-0000-7760-000000000002}\SC_Acrobat.exe [
2009-09-28 13:37:25 25214 ]
Rename operations pending:
001; C:\WINDOWS\temp\Perflib_Perfdata_7d0.dat ;DELETE;
002; C:\Documents and Settings\NBMT\Local Settings\temp\~DF10DC.tmp ;DELETE;
003; C:\Documents and Settings\NBMT\Local Settings\temp\~DF10DC.tmp ;DELETE;
004; C:\WINDOWS\system32\2A5E00.com ;DELETE;
005; C:\WINDOWS\system32\2A5E001.com ;DELETE;
006; C:\WINDOWS\system32\2358E9.com ;DELETE;
007; C:\WINDOWS\system32\2358E91.com ;DELETE;
================================================================================
service \ drivers list :
===============================
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program
Files\Avira\AntiVir Desktop\sched.exe [Avira GmbH]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program
Files\Java\jre6\bin\jqs.exe -service -config C:\Program
Files\Java\jre6\lib\deploy\jqs\jqs.conf [File Not Found.]
S3 napagent;Network Access Protection Agent;C:\WINDOWS\System32\qagentrt.dll
[Microsoft Corporation]
R2 npkcmsvc;npkcmsvc;C:\WINDOWS\system32\npkcmsvc.exe [INCA Internet Co.,
Ltd.]
R2 SeaPort;SeaPort;C:\Program Files\Microsoft\Search Enhancement
Pack\SeaPort\SeaPort.exe [Microsoft Corporation]
R1 cmdGuard;COMODO Internet Security Sandbox
Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [COMODO]
R1 cmdHlp;COMODO Internet Security Helper
Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [COMODO]
R3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [Hewlett
Packard]
S3 NOWMEMDF;NOWMEMDF;C:\WINDOWS\system32\NOWMEMDF.sys [(c)NOWCOM]
S3 SR_M180;MP3 Voice Recorder Service;C:\WINDOWS\system32\Drivers\SRM180.sys
[Yountel Corporation]
================================================================================
Contents of the 'Scheduled Tasks' folder
IE HomePage Setting:
Internet Explorer Version: 8.0.6001.18702
HKCU - Extra menu item: 下載編碼內容(&D.S.Lite)
HKCU - Extra menu item: 下載編碼檔案內容(&D.S.Lite)
HKCU - Extra menu item: 匯出至 Microsoft Office Excel(&X) -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
HKCU - Extra menu item: 彶紲森珜善陔檢ViVi
HKCU - Extra menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
HKCU - Extra menu item: 轉換為 Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
HKCU - Extra menu item: 轉換連結目標到現有 PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
HKCU - Extra menu item: 轉換連結目標為 Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
HKCU - Extra menu item: 轉換選定的連結到現有 PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
HKCU - Extra menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
HKCU - Extra menu item: 轉換選擇內容到現有 PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
HKCU - Extra menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
HKCU - Extra menu item: 陔檢刲坰
HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
DNS: {747ED346-C893-4029-BA05-E30BCFAFCF67} - 140.120.1.2,140.120.1.21
================================================================================
Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.
================================================================================
A: -Removable Disk- No Assess
C: -Local Disk- Size: 36702134272 FreeSpace: 23699587072 NTFS
D: -Local Disk- Size: 62915133440 FreeSpace: 54667587584 NTFS
E: -Local Disk- Size: 43313324032 FreeSpace: 21432807424 NTFS
F: -Local Disk- Size: 52427931648 FreeSpace: 15207976960 NTFS
G: -Local Disk- Size: 49351675904 FreeSpace: 48539541504 NTFS
H: -Compact Disc- No Assess
I: -Compact Disc- No Assess
J: -Removable Disk- No Assess
K: -Removable Disk- Size: 2108391424 FreeSpace: 107282432 FAT
Scanning the end of time: 2009-10-06 21:33:52.39
[/CODE]
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 140.120.134.153
推
10/07 10:48, , 1F
10/07 10:48, 1F
→
10/07 10:50, , 2F
10/07 10:50, 2F
AntiVirus 近期熱門文章
PTT數位生活區 即時熱門文章
