[CODE]
EFIX 5.5 20100625.10 - 2010-06-28 17:08:19.562 - NTFS
Microsoft Windows XP Service Pack 2 - shute
執行位置: C:\Documents and Settings\shute\桌面\efix.bat
系統在 2010-06-28 17:09:01.984 重新啟動
AV: Kaspersky Anti-Virus (Kaspersky Lab) True - Disable
FW: Kaspersky Anti-Virus (Kaspersky Lab) - Disable
* 已建立系統還原點.
提示:
未安裝安全性更新 KB957097
未安裝安全性更新 KB958644
未安裝安全性更新 KB958687
未安裝安全性更新 KB961371
未安裝安全性更新 KB973346
未安裝安全性更新 KB971029
未安裝安全性更新 KB978207
================================================================================
使用者帳戶列表:
Administrator
ASPNET
Guest
HelpAssistant
i'm fls$
LOCAL SERVlCE
shute -- Current
SUPPORT_388945a0
================================================================================
EF刪除的檔案列表:
f:\autorun.inf
e:\autorun.inf
c:\windows\system32\alq.exe
================================================================================
EF刪除的驅動服務列表:
....\service\AVPsys
EF修改的登錄值列表:
沒有刪除任何登錄值.
================================================================================
EF刪除的檔案備份位置列表:
C:\WINDOWS\system32\alq.exe => C:\ef_backup\backup\C\WINDOWS\system32\alq.exe.vir
e:\autorun.inf => C:\ef_backup\backup\e\autorun.inf.vir
f:\autorun.inf => C:\ef_backup\backup\f\autorun.inf.vir
================================================================================
各磁碟根目錄和隱藏資料相同名稱的執行檔案列表:
"d:\98年聖誕照型報名表.exe"
"e:\斯里蘭卡.exe"
"e:\全國賽.exe"
"f:\家事資料.exe"
"f:\97學年度家事資料.exe"
"f:\97耶誕造型.exe"
"f:\扶助專案.exe"
"f:\絕廟好戲.exe"
"f:\全國賽.exe"
"f:\98家事巧智.exe"
"f:\考卷.exe"
"f:\97耶誕造型1.exe"
================================================================================
各磁碟根目錄含有隱藏屬性的資料夾和檔案 :
2010-06-24 07:54:27 . 2010-06-24 07:54:27 <DIR> ---h-d--- c:\32788R22FWJFW
2004-08-04 20:00:00 . 2004-08-04 20:00:00 213830 ---h----- c:\bootfont.bin
2010-06-24 07:54:27 . 2010-06-24 07:54:27 <DIR> ---h-d--- c:\EF
2006-04-24 14:42:48 . 2006-04-24 14:42:48 <DIR> r--h-d--- c:\MSOCache
2007-01-08 14:53:49 . 2007-01-08 14:53:49 512 ---h----- c:\windat.dat
2010-06-25 11:46:52 . 2010-06-25 11:46:52 <DIR> rash-d--- d:\autorun.inf
2010-06-18 10:19:24 . 2010-06-18 10:19:24 <DIR> ---h-d--- d:\backup
2010-06-18 13:08:09 . 2010-06-18 13:08:09 162 -a-h----- d:\~$目錄6.doc
2010-04-18 12:58:52 . 2010-04-18 12:58:51 <DIR> ---h-d--- e:\斯里蘭卡
2010-04-18 12:59:34 . 2010-04-18 12:59:33 <DIR> ---h-d--- e:\全國賽
2003-09-21 20:00:00 . 2010-04-18 14:29:25 1845248 r--h----- e:\msbackup.exe
2010-06-28 08:38:22 . 2010-06-28 08:38:20 505564 rash----- e:\4878566.exe
2008-11-19 16:36:08 . 2008-11-19 16:36:07 <DIR> ---h-d--- f:\家事資料
2008-12-02 09:10:14 . 2008-12-02 09:10:13 <DIR> ---h-d--- f:\97學年度家事資料
2008-11-12 14:58:34 . 2008-11-12 14:58:32 <DIR> ---h-d--- f:\97耶誕造型
2008-11-13 15:15:48 . 2008-11-13 15:15:46 <DIR> ---h-d--- f:\扶助專案
2010-06-28 08:05:24 . 2010-06-28 08:05:23 505564 rash----- f:\4878566.exe
2009-11-09 20:08:20 . 2009-11-09 19:56:46 148480 -a-h----- f:\龍騰美顏第一冊是非填充.doc
2008-12-30 16:52:44 . 2008-12-30 16:52:43 <DIR> ---h-d--- f:\絕廟好戲
2009-11-09 20:44:52 . 2009-11-09 20:44:49 230912 -a-h----- f:\龍騰美顏第二冊是非填充.doc
2009-01-15 17:25:10 . 2009-01-15 16:54:39 474 r--h----- f:\winamp_cache_0001.xml
2009-01-21 10:45:36 . 2009-01-21 10:45:35 <DIR> ---h-d--- f:\全國賽
2009-11-09 21:31:34 . 2009-11-09 20:47:59 58368 -a-h----- f:\龍騰美顏第三冊是非.doc
2009-11-18 14:59:58 . 2009-11-18 14:59:46 47616 -a-h----- f:\AA000027題目卷.doc233.doc
2010-01-05 10:04:34 . 2010-01-05 09:41:25 11304448 -a-h----- f:\美顏組真情告白更新版.doc
2010-02-25 10:23:04 . 2010-02-25 10:23:03 <DIR> ---h-d--- f:\98家事巧智
2010-06-28 08:06:10 . 2010-06-28 08:05:18 559036 -a-h----- f:\AA000027題目卷.doc233.exe
2009-07-08 14:33:40 . 2009-07-08 14:33:39 <DIR> ---h-d--- f:\考卷
2009-04-22 19:34:20 . 2009-04-22 14:50:00 51712 -a-h----- f:\專題教案.doc
2008-11-04 11:12:52 . 2008-11-04 11:12:51 <DIR> ---h-d--- f:\97耶誕造型1
================================================================================
AUTORUN.INF:
<資料夾> d:\autorun.inf
********** Created 2010-05 -- 2010-06 Files: **********
2010-06-28 17:09:01 . 2010-06-28 17:09:01 <DIR> -----d--- C:\WINDOWS\system32\ef_backup
2010-06-28 17:06:06 . 2010-06-28 17:06:41 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\GlarySoft
2010-06-28 16:59:24 . 2010-06-28 16:59:24 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\TeamViewer
2010-06-28 16:57:15 . 2010-06-28 16:57:15 14388 -a------- C:\WINDOWS\system32\acc_c2.mui
2010-06-28 16:57:15 . 2010-06-28 16:57:15 13908 -a------- C:\WINDOWS\system32\acc_c1.mui
2010-06-28 08:06:24 . 2006-10-23 23:18:17 607232 -a------- C:\WINDOWS\system32\nvidia.dll
2010-06-28 08:06:24 . 2004-08-04 20:00:00 64000 -a------- C:\WINDOWS\system32\nvidiavi.dll
2010-06-28 07:32:34 . 2010-06-28 07:32:34 6 -a------- C:\WINDOWS\system32\prd.ini
2010-06-28 07:32:24 . 2010-06-28 17:05:43 43 -a------- C:\WINDOWS\system32\delay.vbs
2010-06-28 07:32:18 . 2010-06-28 16:57:50 97 -a------- C:\WINDOWS\SYSTEM\LFIMG77N.DRV
2010-06-28 07:32:18 . 2010-06-28 16:57:50 258 -a------- C:\WINDOWS\SYSTEM\LFIMG78M.DRV
2010-06-28 07:32:16 . 2010-06-28 16:56:28 403968 -a------- C:\WINDOWS\system32\wget.exe
2010-06-28 07:32:16 . 2006-08-25 23:49:37 617472 -a------- C:\WINDOWS\system32\mctati32.dll
2010-06-28 07:32:16 . 2006-07-05 18:56:00 1150464 -a------- C:\WINDOWS\system32\kerati32.dll
2010-06-28 07:32:16 . 2004-08-04 20:00:00 1028096 -a------- C:\WINDOWS\system32\ati42.dll
2010-06-25 11:46:52 . 2010-06-25 11:47:00 <DIR> -----d--- C:\delauto
2010-06-25 11:25:10 . 2010-06-25 11:25:10 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\Lavasoft
2010-06-25 11:24:50 . 2010-06-25 11:24:53 <DIR> -----d--- C:\Ad-Aware SE 掃除木馬免安裝版
2010-06-25 11:13:17 . 2010-06-25 11:13:17 <DIR> -----d--- C:\kavc
2010-06-24 07:54:27 . 2010-06-24 07:54:27 <DIR> ---h-d--- C:\EF
2010-06-24 07:54:27 . 2010-06-24 07:54:27 <DIR> ---h-d--- C:\32788R22FWJFW
2010-06-19 12:37:27 . 2010-06-19 12:37:27 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\Help
2010-06-18 13:10:57 . 2010-06-28 16:29:20 33 -a------- C:\WINDOWS\system32\liubox
2010-06-18 13:00:36 . 2010-06-18 18:12:20 <DIR> -----d--- C:\LUNGTENG
2010-06-18 12:52:15 . 2010-06-18 12:52:15 876032 -a------- C:\WINDOWS\system32\VFP6RCHT.DLL
2010-06-18 12:52:15 . 2010-06-18 12:52:15 6656 -a------- C:\WINDOWS\system32\FOXHHELPPS.DLL
2010-06-18 12:52:15 . 2010-06-18 12:52:15 3373328 -a------- C:\WINDOWS\system32\VFP6R.DLL
2010-06-18 12:52:15 . 2010-06-18 12:52:15 307200 -a------- C:\WINDOWS\system32\CFX32.OCX
2010-06-18 12:52:15 . 2010-06-18 12:52:15 26112 -a------- C:\WINDOWS\system32\FOXHHELP.EXE
2010-06-18 12:52:15 . 2010-06-18 12:52:15 24990 -a------- C:\WINDOWS\system32\VFP6RUN.EXE
2010-06-18 10:50:14 . 2010-06-28 16:45:13 542 -a------- C:\WINDOWS\hpbafd.ini
2010-06-18 10:44:56 . 2010-06-18 10:44:56 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\Ulead Systems
2010-06-18 10:44:18 . 2003-01-13 11:31:36 106496 ----n---- C:\WINDOWS\UPSCR.Scr
2010-06-18 10:43:33 . 2010-06-18 10:43:33 <DIR> -----d--- C:\WINDOWS\system32\windows media
2010-06-18 10:43:27 . 2010-06-18 10:43:33 <DIR> ---h-d--- C:\WINDOWS\msdownld.tmp
2010-06-18 10:43:23 . 2010-06-18 10:43:23 <DIR> -----d--- C:\Program Files\Windows Media Components
2010-06-18 10:43:16 . 2010-06-18 10:43:16 994 -a------- C:\WINDOWS\DirectX.log
2010-06-18 10:43:00 . 2005-08-30 12:02:42 24576 ----n---- C:\WINDOWS\system32\Ulead Photo Explorer 86.scr
2010-06-18 10:43:00 . 2004-05-11 18:43:32 24576 ----n---- C:\WINDOWS\system32\UleadPhotoExplorer85_Res.dll
2010-06-18 10:40:31 . 2006-07-22 19:37:54 49152 ----n---- C:\WINDOWS\system32\INETWH32.dll
2010-06-18 10:40:31 . 1999-10-15 12:50:10 1056768 ----n---- C:\WINDOWS\system32\ROBOEX32.DLL
2010-06-18 10:29:03 . 2010-06-18 10:29:03 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\U3
2010-06-18 10:27:59 . 2001-08-17 13:52:30 18688 -a-----c- C:\WINDOWS\system32\DLLCACHE\cdaudio.sys
2010-06-18 10:27:59 . 2001-08-17 13:52:30 18688 -a------- C:\WINDOWS\system32\DRIVERS\cdaudio.sys
2010-06-18 10:24:01 . 2010-06-18 10:45:52 97549 -a------- C:\WINDOWS\system32\DRIVERS\klick.dat
2010-06-18 10:24:01 . 2010-06-18 10:45:52 113933 -a------- C:\WINDOWS\system32\DRIVERS\klin.dat
2010-06-18 10:15:34 . 2009-09-21 13:48:02 223760 -a------- C:\WINDOWS\system32\DRIVERS\klif.sys
2010-06-18 10:14:24 . 2010-06-18 10:23:11 <DIR> -----d--- C:\Program Files\Kaspersky Lab
2010-06-18 10:13:25 . 2010-06-18 10:13:25 <DIR> -----d--- C:\NetAgent.8.0.2048_KAVWKS6.6.0.4.1217
2010-06-18 10:05:49 . 2010-06-18 10:05:49 <DIR> -----d--- C:\WINDOWS\system32\appmgmt
2010-06-18 10:00:33 . 2001-08-17 13:52:00 26496 -a-----c- C:\WINDOWS\system32\DLLCACHE\asc.sys
2010-06-18 10:00:33 . 2001-08-17 13:52:00 26496 -a------- C:\WINDOWS\system32\DRIVERS\asc.sys
********** Modified 2010-05 -- 2010-06 files: **********
2010-06-28 17:10:55 . 2004-08-04 20:00:00 2228 -a------- C:\WINDOWS\system32\wpa.dbl
2010-06-28 17:10:38 . 2006-04-21 16:42:33 1115613 -a------- C:\WINDOWS\WindowsUpdate.log
2010-06-28 17:10:15 . 2006-04-21 16:48:26 2048 -as------ C:\WINDOWS\bootstat.dat
2010-06-28 17:09:14 . 2006-04-21 16:53:31 12306 -a------- C:\WINDOWS\SchedLgU.Txt
2010-06-28 17:09:01 . 2010-06-28 17:09:01 <DIR> -----d--- C:\WINDOWS\system32\ef_backup
2010-06-28 17:06:41 . 2010-06-28 17:06:06 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\GlarySoft
2010-06-28 17:05:43 . 2010-06-28 07:32:24 43 -a------- C:\WINDOWS\system32\delay.vbs
2010-06-28 17:05:43 . 2006-04-22 00:07:02 <DIR> -----d--- C:\WINDOWS\system32\wbem
2010-06-28 17:04:41 . 2006-04-22 00:07:02 <DIR> -----d--- C:\WINDOWS\system32\drivers
2010-06-28 16:59:24 . 2010-06-28 16:59:24 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\TeamViewer
2010-06-28 16:58:19 . 2006-04-21 16:16:47 645878 -a------- C:\WINDOWS\setupapi.log
2010-06-28 16:58:10 . 2006-04-22 00:07:02 <DIR> r-sh-d-c- C:\WINDOWS\system32\dllcache
2010-06-28 16:57:53 . 2006-04-22 00:07:02 <DIR> r----d--- C:\WINDOWS\Web
2010-06-28 16:57:53 . 2006-04-22 00:07:02 <DIR> -----d--- C:\WINDOWS\system
2010-06-28 16:57:15 . 2010-06-28 16:57:15 14388 -a------- C:\WINDOWS\system32\acc_c2.mui
2010-06-28 16:57:15 . 2010-06-28 16:57:15 13908 -a------- C:\WINDOWS\system32\acc_c1.mui
2010-06-28 16:56:28 . 2010-06-28 07:32:16 403968 -a------- C:\WINDOWS\system32\wget.exe
2010-06-28 16:55:18 . 2006-04-21 16:54:59 278 --sh---c- C:\Documents and Settings\shute\ntuser.ini
2010-06-28 16:45:53 . 2006-12-28 10:25:55 <DIR> r--h-d--- C:\Documents and Settings\shute\Recent
2010-06-28 16:45:13 . 2010-06-18 10:50:14 542 -a------- C:\WINDOWS\hpbafd.ini
2010-06-28 16:29:20 . 2010-06-18 13:10:57 33 -a------- C:\WINDOWS\system32\liubox
2010-06-28 16:10:03 . 2006-04-21 16:22:24 216 -a-----c- C:\WINDOWS\wiadebug.log
2010-06-28 16:04:18 . 2010-06-25 12:46:21 12 -a------- C:\Documents and Settings\shute\intlname.ols
2010-06-28 15:55:37 . 2006-04-21 16:22:24 49 -a-----c- C:\WINDOWS\wiaservc.log
2010-06-28 08:06:24 . 2006-12-28 10:27:02 <DIR> --sh-d--- C:\RECYCLER
2010-06-28 07:32:34 . 2010-06-28 07:32:34 6 -a------- C:\WINDOWS\system32\prd.ini
2010-06-28 07:32:16 . 2006-04-22 00:07:02 <DIR> -----d--- C:\WINDOWS\java
2010-06-28 07:32:16 . 2006-04-22 00:07:02 <DIR> -----d--- C:\WINDOWS\ime
2010-06-28 07:32:15 . 2006-04-27 14:01:25 <DIR> -----d--- C:\Program Files\Common Files\Adobe
2010-06-25 12:46:20 . 2006-04-21 16:19:48 697958 -a-----c- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-25 12:46:20 . 2004-08-04 20:00:00 54916 -a-----c- C:\WINDOWS\system32\prfc0404.dat
2010-06-25 12:46:20 . 2004-08-04 20:00:00 53744 -a-----c- C:\WINDOWS\system32\perfc009.dat
2010-06-25 12:46:20 . 2004-08-04 20:00:00 383390 -a-----c- C:\WINDOWS\system32\perfh009.dat
2010-06-25 12:46:20 . 2004-08-04 20:00:00 200484 -a-----c- C:\WINDOWS\system32\prfh0404.dat
2010-06-25 11:47:00 . 2010-06-25 11:46:52 <DIR> -----d--- C:\delauto
2010-06-25 11:25:10 . 2010-06-25 11:25:10 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\Lavasoft
2010-06-25 11:24:53 . 2010-06-25 11:24:50 <DIR> -----d--- C:\Ad-Aware SE 掃除木馬免安裝版
2010-06-25 11:13:17 . 2010-06-25 11:13:17 <DIR> -----d--- C:\kavc
2010-06-24 07:54:27 . 2010-06-24 07:54:27 <DIR> ---h-d--- C:\EF
2010-06-24 07:54:27 . 2010-06-24 07:54:27 <DIR> ---h-d--- C:\32788R22FWJFW
2010-06-19 12:37:27 . 2010-06-19 12:37:27 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\Help
2010-06-18 18:12:20 . 2010-06-18 13:00:36 <DIR> -----d--- C:\LUNGTENG
2010-06-18 12:52:15 . 2010-06-18 12:52:15 876032 -a------- C:\WINDOWS\system32\VFP6RCHT.DLL
2010-06-18 12:52:15 . 2010-06-18 12:52:15 6656 -a------- C:\WINDOWS\system32\FOXHHELPPS.DLL
2010-06-18 12:52:15 . 2010-06-18 12:52:15 3373328 -a------- C:\WINDOWS\system32\VFP6R.DLL
2010-06-18 12:52:15 . 2010-06-18 12:52:15 307200 -a------- C:\WINDOWS\system32\CFX32.OCX
2010-06-18 12:52:15 . 2010-06-18 12:52:15 26112 -a------- C:\WINDOWS\system32\FOXHHELP.EXE
2010-06-18 12:52:15 . 2010-06-18 12:52:15 24990 -a------- C:\WINDOWS\system32\VFP6RUN.EXE
2010-06-18 12:52:15 . 1998-06-24 00:00:00 244416 -a-----c- C:\WINDOWS\system32\MSFLXGRD.OCX
2010-06-18 11:19:51 . 2006-04-22 00:07:02 <DIR> -----d--- C:\WINDOWS\repair
2010-06-18 11:03:39 . 2006-04-22 00:07:02 <DIR> ---h-d--- C:\WINDOWS\inf
2010-06-18 10:48:15 . 2006-04-21 16:15:44 384816 -a------- C:\WINDOWS\system32\FNTCACHE.DAT
2010-06-18 10:45:52 . 2010-06-18 10:24:01 97549 -a------- C:\WINDOWS\system32\DRIVERS\klick.dat
2010-06-18 10:45:52 . 2010-06-18 10:24:01 113933 -a------- C:\WINDOWS\system32\DRIVERS\klin.dat
2010-06-18 10:44:56 . 2010-06-18 10:44:56 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\Ulead Systems
2010-06-18 10:43:33 . 2010-06-18 10:43:33 <DIR> -----d--- C:\WINDOWS\system32\windows media
2010-06-18 10:43:33 . 2010-06-18 10:43:27 <DIR> ---h-d--- C:\WINDOWS\msdownld.tmp
2010-06-18 10:43:32 . 2006-04-21 16:39:49 30096 -a-----c- C:\WINDOWS\wmsetup.log
2010-06-18 10:43:16 . 2010-06-18 10:43:16 994 -a------- C:\WINDOWS\DirectX.log
2010-06-18 10:42:47 . 2010-06-18 10:40:30 <DIR> -----d--- C:\Program Files\Common Files\Ulead Systems
2010-06-18 10:40:29 . 2006-04-24 15:19:56 <DIR> -----d--- C:\Program Files\Common Files\InstallShield
2010-06-18 10:29:03 . 2010-06-18 10:29:03 <DIR> -----d--- C:\Documents and Settings\shute\Application Data\U3
2010-06-18 10:14:34 . 2006-04-22 00:07:02 <DIR> -----d--- C:\WINDOWS\system32\config
2010-06-18 10:14:25 . 2010-06-18 10:14:25 <DIR> -----d--- C:\Program Files\Common Files\Cisco Systems
2010-06-18 10:14:24 . 2010-06-18 10:14:24 <DIR> -----d--- C:\Program Files\Common Files\Kaspersky Lab
2010-06-18 10:13:25 . 2010-06-18 10:13:25 <DIR> -----d--- C:\NetAgent.8.0.2048_KAVWKS6.6.0.4.1217
2010-06-18 10:12:43 . 2006-04-21 16:15:52 163634 -a------- C:\WINDOWS\setupact.log
2010-06-18 10:09:36 . 2006-04-28 15:32:28 <DIR> -----d--- C:\idapi
2010-06-18 10:09:23 . 2006-05-01 11:33:06 <DIR> -----d--- C:\TqcWDexm.csf
2010-06-18 10:08:27 . 2006-04-28 15:40:35 <DIR> -----d--- C:\TqcOAexm.csf
2010-06-18 10:05:49 . 2010-06-18 10:05:49 <DIR> -----d--- C:\WINDOWS\system32\appmgmt
2010-06-18 10:03:48 . 2006-05-11 10:24:39 <DIR> -----d--- C:\ABWhiz
2010-06-18 10:03:48 . 2006-04-24 14:57:30 814 -a-----c- C:\WINDOWS\ODBC.INI
2010-06-18 10:03:31 . 2006-04-28 16:06:33 <DIR> -----d--- C:\Fpxpcai.csf
2010-06-18 10:03:09 . 2006-04-28 15:59:21 <DIR> -----d--- C:\Fp2kcai.csf
2010-06-18 10:02:47 . 2006-04-28 17:24:25 <DIR> -----d--- C:\Ex03cai.csf
2010-06-18 10:02:23 . 2006-04-28 15:25:59 <DIR> -----d--- C:\Exxpcai.csf
================================================================================
執行中的程序:
[V] [PID: 1076 ] C:\WINDOWS\system32\services.exe [ Microsoft Corporation ]
[V] [PID: 284 ] C:\WINDOWS\system32\spoolsv.exe [ Microsoft Corporation ]
[V] [PID: 804 ] C:\WINDOWS\Explorer.EXE [ Microsoft Corporation ]
[V] [PID: 860 ] C:\WINDOWS\system32\conime.exe [ Microsoft Corporation ]
[V] [PID: 1720 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [ Kaspersky Lab ]
[V] [PID: 1912 ] C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [ Kaspersky Lab ]
[V] [PID: 2028 ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [ Microsoft Corporation ]
[V] [PID: 452 ] C:\WINDOWS\system32\tlntsvr.exe [ Microsoft Corporation ]
[V] [PID: 504 ] C:\WINDOWS\system32\igfxtray.exe [ Intel Corporation ]
[V] [PID: 632 ] C:\WINDOWS\system32\hkcmd.exe [ Intel Corporation ]
[V] [PID: 1004 ] C:\WINDOWS\system32\igfxpers.exe [ Intel Corporation ]
[V] [PID: 1204 ] C:\WINDOWS\RTHDCPL.EXE [ Realtek Semiconductor Corp. ]
[V] [PID: 1472 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [ Kaspersky Lab ]
[-] [PID: 1512 ] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [ Ulead Systems, Inc. ]
[V] [PID: 1540 ] C:\WINDOWS\system32\ctfmon.exe [ Microsoft Corporation ]
[V] [PID: 2148 ] C:\WINDOWS\System32\alg.exe [ Microsoft Corporation ]
[V] [PID: 2232 ] C:\WINDOWS\system32\wbem\wmiprvse.exe [ Microsoft Corporation ]
[V] [PID: 2920 ] C:\WINDOWS\system32\wuauclt.exe [ Microsoft Corporation ]
================================================================================
登錄值列表 *** 注意 : 部分正常值不會顯示 ***
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ Microsoft Corporation ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ Intel Corporation ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ Intel Corporation ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ Intel Corporation ]
"RTHDCPL"="RTHDCPL.EXE" [ Realtek Semiconductor Corp. ]
"SkyTel"="SkyTel.EXE" [ Realtek Semiconductor Corp. ]
"Alcmtr"="ALCMTR.EXE" [ Realtek Semiconductor Corp. ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [ Kaspersky Lab ]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [ Ulead Systems, Inc. ]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [ Microsoft Corporation ]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [ Microsoft Corporation ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"="0"
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"="1"
"undockwithoutlogon"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" - 2006-10-18 21:47 133632 C:\WINDOWS\system32\WPDShServiceObj.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"="255"
"NoDriveAutoRun"="0xFFFFFF03"
[hku\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"="255"
================================================================================
服務 \ 驅動 列表:
顯示方式 : 啟動狀態 服務名稱;顯示名稱;檔案名稱
R2 klnagent;Kaspersky Lab Network Agent; C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [ Kaspersky Lab ]
S3 gdrv;gdrv; C:\WINDOWS\gdrv.sys [ Windows (R) 2000 DDK provider ]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [ Kaspersky Lab ]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [ Kaspersky Lab ]
================================================================================
IE 首頁設定:
Internet Explorer Version: 6.0.2900.2180
HKCU - Start Page = hxxp://tw.yahoo.com/
HKCU - Extra menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
HKCU - Extra menu item: 新增至廣告橫幅防護 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
LSP: c:\windows\system32\nwprovau.dll
DNS: {D3FD096B-02F4-4C41-B57E-A2F2E51722C0} - 172.16.1.254
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
{20D04FE0-3AEA-1069-A2D8-08002B30309D}=DWORD:00000001
{450D8FBA-AD25-11D0-98A8-0800361B1103}=DWORD:00000001
{208D2C60-3AEA-1069-A2D7-08002B30309D}=DWORD:00000001
{871C5380-42A0-1069-A2EA-08002B30309D}=DWORD:00000001
************************* HKLM\...\NAMESPACE *************************
.
{1f4de370-d627-11d1-ba4f-00a0c91eedba} - My Computer
{450D8FBA-AD25-11D0-98A8-0800361B1103} - My Documents
{645FF040-5081-101B-9F08-00AA002F954E} - Recycle Bin
{e17d4fc0-5564-11d1-83f2-00a0c90dc849} - Windows Search
************************* HKCU\...\NAMESPACE *************************
.
************************* HKU\(S-1-1-21...)\NAMESPACE ****************
.
************************* HKCR\CLSID\...\COMMAND *********************
.
************************* HKCU\SOFTWARE\Classes\CLSID\...\COMMAND ****
.
************************* FILES SCAN *********************************
C:\Documents and Settings\shute\桌面\
0990317-班級收支表.xls - C:\Documents and Settings\shute\桌面\0990317-班級收支表.xls [ N/A ]
123.doc - C:\Documents and Settings\shute\桌面\123.doc [ N/A ]
12生肖面具彩繪競賽優勝名冊.doc中英文.doc - C:\Documents and Settings\shute\桌面\12生肖面具彩繪競賽優勝名冊.doc中英文.doc [ N/A ]
98分區賽支出(231美髮).doc - C:\Documents and Settings\shute\桌面\98分區賽支出(231美髮).doc [ N/A ]
99年分區賽選手支出明細.xls - C:\Documents and Settings\shute\桌面\99年分區賽選手支出明細.xls [ N/A ]
baseball12.sav - C:\Documents and Settings\shute\桌面\baseball12.sav [ N/A ]
baseball12.zip - C:\Documents and Settings\shute\桌面\baseball12.zip [ N/A ]
efix.bat - C:\Documents and Settings\shute\桌面\efix.bat [ N/A ]
fix.SCR - C:\Documents and Settings\shute\桌面\fix.SCR [ N/A ]
Glary_Utilities_Portable_2[1].16.0.758_Multilingual.paf.exe - C:\Documents and Settings\shute\桌面\Glary_Utilities_Portable_2[1].16.0.758_Multilingual.paf.exe [ PortableAppZ.blogspot.com ]
Microsoft Office Access 2003.lnk - C:\WINDOWS\Installer\{90110404-6000-11D3-8CFE-0150048383C9}\accicons.exe [ N/A ]
Microsoft Office Excel 2003.lnk - C:\WINDOWS\Installer\{90110404-6000-11D3-8CFE-0150048383C9}\xlicons.exe [ N/A ]
Microsoft Office PowerPoint 2003.lnk - C:\WINDOWS\Installer\{90110404-6000-11D3-8CFE-0150048383C9}\pptico.exe [ N/A ]
Microsoft Office Word 2003.lnk - C:\WINDOWS\Installer\{90110404-6000-11D3-8CFE-0150048383C9}\wordicon.exe [ N/A ]
procexp.exe - C:\Documents and Settings\shute\桌面\procexp.exe [ Sysinternals - www.sysinternals.com ]
tv.scr - C:\Documents and Settings\shute\桌面\tv.scr [ N/A ]
vba_1.7.zip - C:\Documents and Settings\shute\桌面\vba_1.7.zip [ N/A ]
~$賽美容選手支出總表 98學年 鄭蕙嘉C.doc - C:\Documents and Settings\shute\桌面\~$賽美容選手支出總表 98學年 鄭蕙嘉C.doc [ N/A ]
分區賽美容選手支出總表 98學年 鄭蕙嘉C.doc - C:\Documents and Settings\shute\桌面\分區賽美容選手支出總表 98學年 鄭蕙嘉C.doc [ N/A ]
新增Microsoft Word 文件.doc - C:\Documents and Settings\shute\桌面\新增Microsoft Word 文件.doc [ N/A ]
本土教育12生肖面具彩繪.doc - C:\Documents and Settings\shute\桌面\本土教育12生肖面具彩繪.doc [ N/A ]
李季芳.doc - C:\Documents and Settings\shute\桌面\李季芳.doc [ N/A ]
美髮家事選手名單.doc - C:\Documents and Settings\shute\桌面\美髮家事選手名單.doc [ N/A ]
C:\Documents and Settings\All Users\桌面\
Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe [ Adobe Systems Incorporated ]
PhotoImpact 12.lnk - C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\Iedit.exe [ 友立資訊股份有限公司 ]
PhotoImpact Album 12.lnk - C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\album.exe [ Ulead Systems, Inc. ]
非常好ㄏㄠˇ色5.0.lnk - C:\Program Files\NewSoft\CPMagi5.0\cpmagi5.exe [ 力新國際科技股份有限公司 ]
C:\Documents and Settings\shute\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\
Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 [ Microsoft Corporation ]
啟動 Internet Explorer 瀏覽器.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [ Microsoft Corporation ]
顯示桌面.scf - C:\Documents and Settings\shute\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\顯示桌面.scf [ N/A ]
C:\Documents and Settings\shute\「開始」功能表\程式集\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [ Microsoft Corporation ]
Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe [ Microsoft Corporation ]
Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 [ Microsoft Corporation ]
遠端協助.lnk - C:\WINDOWS\system32\rcimlby.exe -LaunchRA [ Microsoft Corporation ]
================================================================================
Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.
================================================================================
a: Removable 0MB 0MB NOTREADY
c: Fixed 68505MB 76316MB NTFS READY
d: Fixed 59807MB 76308MB NTFS READY
e: Removable 3465MB 3816MB FAT32 READY
f: Removable 1250MB 1924MB FAT32 READY
g: CDROM 0MB 0MB NOTREADY
================================================================================
掃描結束時間: 2010-06-28 17:12:30.62
[/CODE]
下载该文档
文档格式:TXT
更新时间:2010-06-28
下载次数:0
点击次数:14