設為首頁收藏本站
開啟輔助訪問

OK論壇

 找回密碼
 註冊
OK論壇»論壇 即時話題 新手報到 新手試貼and載點
返回列表 發新帖
查看: 1027|回復: 0

新手試貼and載點

[複製鏈接]
莊凱丞

該用戶從未簽到
發表於 2008-11-3 17:36:23 | 顯示全部樓層 |閱讀模式
4.89 2008-11-02 12: 23:45 GMT+00:00
EFIX 4.89 -  Owner 2008-11-02 20: 25:57.78  -  NTFS
Microsoft Windows XP [版本 5.1.2600] - Service Pack 2
執行位置: C:\Documents and Settings\Owner\桌面
=======================================================
EFix刪除的檔案列表:
沒有刪除任何檔案.
=======================================================
EFix刪除的登錄值列表:
沒有刪除任何登錄值.
=======================================================
****** Created 2008-10 to 2008-11 Files ******
2008-11-02 . 2008-11-02 20:25 d--------  C:\WINDOWS\EFIXUNT
2008-11-02 . 2008-11-02 20:25 d--------  C:\NEFix
2008-10-21 . 2008-10-21 17:22 d--------  C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-10-08 . 2008-11-01 15:23 d--------  C:\Program Files\Panda Security
=======================================================
執行中的程序:
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe <Analog Devices, Inc.>
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <Hewlett-Packard>
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe <Macrovision Corporation>
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe <Sun Microsystems, Inc.>
C:\WINDOWS\system32\LVCOMSX.EXE <Logitech Inc.>
C:\Program Files\Logitech\Video\LogiTray.exe <Logitech Inc.>
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe <N/A>
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe <Hewlett-Packard Co.>
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe <Hewlett-Packard Co.>
C:\Program Files\VIA\RAID\raid_tool.exe <VIA Technologies>
C:\Program Files\Logitech\Video\FxSvr2.exe <Logitech Inc.>
C:\WINDOWS\ATKKBService.exe <ASUSTeK COMPUTER INC.>
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE <Microsoft Corporation>
C:\WINDOWS\system32\nvsvc32.exe <NVIDIA Corporation>
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <Analog Devices, Inc.>
C:\WINDOWS\system32\wdfmgr.exe <Microsoft Corporation>
C:\WINDOWS\system32\wscntfy.exe <Microsoft Corporation>
C:\WINDOWS\System32\alg.exe <Microsoft Corporation>
C:\WINDOWS\system32\wbem\wmiprvse.exe <Microsoft Corporation>
C:\WINDOWS\system32\cmd.exe <Microsoft Corporation>
C:\WINDOWS\explorer.exe <Microsoft Corporation>
=======================================================
登錄值列表 *** 注意 : 部分正常值不會顯示 ***
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [2004-08-04 20:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"  [2007-08-30 17:43]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe"  [File Not Found.]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe"  [File Not Found.]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"  [2007-06-05 21:13]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe"  [2004-06-01 18:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe"  [2004-08-04 20:00]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"  [2003-05-05 08:57]
"CnsMin"="C:\WINDOWS\DOWNLO~1\CnsMin.dll"  [2004-05-19 15:38]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"  [2002-04-11 04:19]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe"  [2003-07-14 22:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe"  [2003-07-14 22:57]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"  [File Not Found.]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"  [2005-08-11 16:30]
"MxieAutoExecute"="C:\PROGRA~1\mxie\mxie_waiting.exe"  [File Not Found.]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll"  [2005-03-30 10:48]
"ClubBox"=  [File Not Found.]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"  [2008-06-10 04:27]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll"  [2005-03-30 10:48]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"  [2004-05-21 19:11]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe"  [2004-06-01 11:09]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe"  [2004-06-01 11:03]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE"  [2004-08-04 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}]
. 2008-06-13 09:43    C:\迅雷\ComDlls\TDAtOnce_Now.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
. 2007-09-06 05:48    C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}]
. 2008-06-13 09:43    C:\迅雷\ComDlls\xunleiBHO_Now.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
. 2007-01-19 23:57    c:\Program Files\Google\GoogleToolbar3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings]
"DLLName"="wlnotify.dll"   --a------ 2004-08-04 20:00 C:\WINDOWS\system32\wlnotify.dll
Rename operations pending:
001; C:\DOCUME~1\Owner\LOCALS~1\Temp\~nsu.tmp\Au_.exe ;DELETE;
002; C:\DOCUME~1\Owner\LOCALS~1\Temp\~nsu.tmp ;DELETE;
MD5: f7054a7191ee1e403020649aa40a23e0  2007-06-13 21:22 977920 C:\WINDOWS\explorer.exe
MD5: 50d8db3bf83670339a8616eb5a75bf06  2007-06-13 21:10 977920 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
MD5: 453888766da789f18fbbf5b20e4bc17f  2004-08-04 20:00 976896 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
MD5: f7a2245d8bd832d1e7a01c26d5e6efd0  2008-04-15 00:30 978432 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\explorer.exe
MD5: f7054a7191ee1e403020649aa40a23e0  2007-06-13 21:22 977920 C:\WINDOWS\system32\dllcache\explorer.exe
MD5: 613d7c29c9e3e2375971da7e42e4e330  2008-04-15 00:31 25088 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\userinit.exe
MD5: f3a20a3c6a4df7fe038f4cca70080b10  2004-08-04 20:00 23552 C:\WINDOWS\system32\userinit.exe
MD5: f3a20a3c6a4df7fe038f4cca70080b10  2004-08-04 20:00 23552 C:\WINDOWS\system32\dllcache\userinit.exe
MD5: 82fe81c7f30172a315ad70327b868436  2008-04-15 00:30 108544 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\services.exe
MD5: 90463a559a0d57b5d4b3e698e1bdde92  2004-08-04 20:00 108032 C:\WINDOWS\system32\services.exe
MD5: 90463a559a0d57b5d4b3e698e1bdde92  2004-08-04 20:00 108032 C:\WINDOWS\system32\dllcache\services.exe
沒有數位簽章的系統檔案
MD5: 073941d59ae065910064b728dee981ee 2008-06-20 18:45 360320 c:\windows\system32\drivers\tcpip.sys <Microsoft Corporation>
C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01: 20:58 323646]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 01: 21:30 147456]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2004-10-29 18: 40:11 565248]
服務 \ 驅動 列表:
顯示方式 :  啟動狀態  服務名稱;顯示名稱;檔案名稱
啟動狀態 : S0 = Boot Start  S1 = System Start  S2 = Auto Start  S3 = Manual Start  S4 = Disable S9 = Unknow
S3  fz3plus;fz3plus;"C:\WINDOWS\system32\fz3plus.sys"  [2006-10-30 22:34]
S3  IlvMoneyDRIVER53;IlvMoneyDRIVER53;"C:\Documents and Settings\Owner\桌面\外掛\IlvMoney1224.sys"  [File Not Found.]
S3  MXD;MXD;"C:\Documents and Settings\Owner\桌面\外掛\sww.sys"  [File Not Found.]
S3  nocashio;nocashio;"C:\WINDOWS\SYSTEM32\drivers\nocashio.sys"  [2007-11-26 19:05]
S3  NPFWFLT;NPFWFLT;"C:\WINDOWS\system32\NPFWFLT.SYS"  [2007-09-11 13:10]
S1  oreans32;oreans32;"C:\WINDOWS\system32\drivers\oreans32.sys"  [File Not Found.]
S0  viasraid;viasraid;"C:\WINDOWS\SYSTEM32\DRIVERS\viasraid.sys"  [2003-10-31 11:22]
S3  XDva013;XDva013;"C:\WINDOWS\system32\XDva013.sys"  [File Not Found.]
S3  XDva024;XDva024;"C:\WINDOWS\system32\XDva024.sys"  [File Not Found.]
S3  XDva028;XDva028;"C:\WINDOWS\system32\XDva028.sys"  [File Not Found.]
S3  XDva031;XDva031;"C:\WINDOWS\system32\XDva031.sys"  [File Not Found.]
=======================================================
winsock file list:
工作排程資料夾內的資料:
2005-04-03 C:\WINDOWS\TASKS\FRU Task #Hewlett-Packard#hp psc 2200 series#1104726559.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 01:46]
=======================================================
catchme 0.3.1361 W2K/ XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
SCANNING HIDDEN FILES ...
SCANNING HIDDEN PROCESSES ...
SCANNING HIDDEN AUTOSTART ENTRIES ...
=======================================================
磁碟空間 C: - 8,801,038,336 位元組可用
磁碟空間 E: - 12,700,196,864 位元組可用
掃描結束時間: 2008-11-02 20: 27:45.31

[ 本帖最後由 莊凱丞 於 2008-11-3 05:43 PM 編輯 ]

本帖子中包含更多資源

您需要 登錄 才可以下載或查看,沒有帳號?註冊

x
回復

使用道具 舉報

返回列表 發新帖
高級模式
B Color Image Link Quote Code Smilies
您需要登錄後才可以回帖 登錄 | 註冊

本版積分規則

Archiver|手機版|小黑屋|OK討論區

GMT+8, 2025-6-27 12:06 AM , Processed in 0.051072 second(s), 21 queries , Gzip On.

Powered by Discuz! X3.4

Copyright © 2001-2020, Tencent Cloud.

快速回復 返回頂部 返回列表