新手試貼and載點
4.89 2008-11-02 12: 23:45 GMT+00:00EFIX 4.89 -Owner 2008-11-02 20: 25:57.78-NTFS
Microsoft Windows XP [版本 5.1.2600] - Service Pack 2
執行位置: C:\Documents and Settings\Owner\桌面
=======================================================
EFix刪除的檔案列表:
沒有刪除任何檔案.
=======================================================
EFix刪除的登錄值列表:
沒有刪除任何登錄值.
=======================================================
****** Created 2008-10 to 2008-11 Files ******
2008-11-02 . 2008-11-02 20:25 d--------C:\WINDOWS\EFIXUNT
2008-11-02 . 2008-11-02 20:25 d--------C:\NEFix
2008-10-21 . 2008-10-21 17:22 d--------C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-10-08 . 2008-11-01 15:23 d--------C:\Program Files\Panda Security
=======================================================
執行中的程序:
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe <Analog Devices, Inc.>
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <Hewlett-Packard>
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe <Macrovision Corporation>
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe <Sun Microsystems, Inc.>
C:\WINDOWS\system32\LVCOMSX.EXE <Logitech Inc.>
C:\Program Files\Logitech\Video\LogiTray.exe <Logitech Inc.>
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe <N/A>
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe <Hewlett-Packard Co.>
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe <Hewlett-Packard Co.>
C:\Program Files\VIA\RAID\raid_tool.exe <VIA Technologies>
C:\Program Files\Logitech\Video\FxSvr2.exe <Logitech Inc.>
C:\WINDOWS\ATKKBService.exe <ASUSTeK COMPUTER INC.>
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE <Microsoft Corporation>
C:\WINDOWS\system32\nvsvc32.exe <NVIDIA Corporation>
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <Analog Devices, Inc.>
C:\WINDOWS\system32\wdfmgr.exe <Microsoft Corporation>
C:\WINDOWS\system32\wscntfy.exe <Microsoft Corporation>
C:\WINDOWS\System32\alg.exe <Microsoft Corporation>
C:\WINDOWS\system32\wbem\wmiprvse.exe <Microsoft Corporation>
C:\WINDOWS\system32\cmd.exe <Microsoft Corporation>
C:\WINDOWS\explorer.exe <Microsoft Corporation>
=======================================================
登錄值列表 *** 注意 : 部分正常值不會顯示 ***
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe"
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe"
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe"
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"
"CnsMin"="C:\WINDOWS\DOWNLO~1\CnsMin.dll"
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe"
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe"
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
"MxieAutoExecute"="C:\PROGRA~1\mxie\mxie_waiting.exe"
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll"
"ClubBox"=
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll"
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe"
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe"
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE"
. 2008-06-13 09:43 C:\迅雷\ComDlls\TDAtOnce_Now.dll
. 2007-09-06 05:48 C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
. 2008-06-13 09:43 C:\迅雷\ComDlls\xunleiBHO_Now.dll
. 2007-01-19 23:57 c:\Program Files\Google\GoogleToolbar3.dll
"DLLName"="wlnotify.dll" --a------ 2004-08-04 20:00 C:\WINDOWS\system32\wlnotify.dll
Rename operations pending:
001; C:\DOCUME~1\Owner\LOCALS~1\Temp\~nsu.tmp\Au_.exe ;DELETE;
002; C:\DOCUME~1\Owner\LOCALS~1\Temp\~nsu.tmp ;DELETE;
MD5: f7054a7191ee1e403020649aa40a23e02007-06-13 21:22 977920 C:\WINDOWS\explorer.exe
MD5: 50d8db3bf83670339a8616eb5a75bf062007-06-13 21:10 977920 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
MD5: 453888766da789f18fbbf5b20e4bc17f2004-08-04 20:00 976896 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
MD5: f7a2245d8bd832d1e7a01c26d5e6efd02008-04-15 00:30 978432 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\explorer.exe
MD5: f7054a7191ee1e403020649aa40a23e02007-06-13 21:22 977920 C:\WINDOWS\system32\dllcache\explorer.exe
MD5: 613d7c29c9e3e2375971da7e42e4e3302008-04-15 00:31 25088 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\userinit.exe
MD5: f3a20a3c6a4df7fe038f4cca70080b102004-08-04 20:00 23552 C:\WINDOWS\system32\userinit.exe
MD5: f3a20a3c6a4df7fe038f4cca70080b102004-08-04 20:00 23552 C:\WINDOWS\system32\dllcache\userinit.exe
MD5: 82fe81c7f30172a315ad70327b8684362008-04-15 00:30 108544 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\services.exe
MD5: 90463a559a0d57b5d4b3e698e1bdde922004-08-04 20:00 108032 C:\WINDOWS\system32\services.exe
MD5: 90463a559a0d57b5d4b3e698e1bdde922004-08-04 20:00 108032 C:\WINDOWS\system32\dllcache\services.exe
沒有數位簽章的系統檔案
MD5: 073941d59ae065910064b728dee981ee 2008-06-20 18:45 360320 c:\windows\system32\drivers\tcpip.sys <Microsoft Corporation>
C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe
服務 \ 驅動 列表:
顯示方式 :啟動狀態服務名稱;顯示名稱;檔案名稱
啟動狀態 : S0 = Boot StartS1 = System StartS2 = Auto StartS3 = Manual StartS4 = Disable S9 = Unknow
S3fz3plus;fz3plus;"C:\WINDOWS\system32\fz3plus.sys"
S3IlvMoneyDRIVER53;IlvMoneyDRIVER53;"C:\Documents and Settings\Owner\桌面\外掛\IlvMoney1224.sys"
S3MXD;MXD;"C:\Documents and Settings\Owner\桌面\外掛\sww.sys"
S3nocashio;nocashio;"C:\WINDOWS\SYSTEM32\drivers\nocashio.sys"
S3NPFWFLT;NPFWFLT;"C:\WINDOWS\system32\NPFWFLT.SYS"
S1oreans32;oreans32;"C:\WINDOWS\system32\drivers\oreans32.sys"
S0viasraid;viasraid;"C:\WINDOWS\SYSTEM32\DRIVERS\viasraid.sys"
S3XDva013;XDva013;"C:\WINDOWS\system32\XDva013.sys"
S3XDva024;XDva024;"C:\WINDOWS\system32\XDva024.sys"
S3XDva028;XDva028;"C:\WINDOWS\system32\XDva028.sys"
S3XDva031;XDva031;"C:\WINDOWS\system32\XDva031.sys"
=======================================================
winsock file list:
工作排程資料夾內的資料:
2005-04-03 C:\WINDOWS\TASKS\FRU Task #Hewlett-Packard#hp psc 2200 series#1104726559.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
=======================================================
catchme 0.3.1361 W2K/ XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
SCANNING HIDDEN FILES ...
SCANNING HIDDEN PROCESSES ...
SCANNING HIDDEN AUTOSTART ENTRIES ...
=======================================================
磁碟空間 C: - 8,801,038,336 位元組可用
磁碟空間 E: - 12,700,196,864 位元組可用
掃描結束時間: 2008-11-02 20: 27:45.31
[ 本帖最後由 莊凱丞 於 2008-11-3 05:43 PM 編輯 ]
頁:
[1]