查看完整版本: 隨身碟內容看不見

hhd0907 2009-6-21 01:17 AM

隨身碟內容看不見

隨身碟內容看不見
用(執行)cmd
鍵入dir/a
發現Kterne.exe
鍵入del Kterne.exe/a:rh也刪不掉
請問大大如何處理
|y35|

hhd0907 2009-6-21 10:31 PM

EF掃描紀錄

[code]script code: 23464

efix 5.2 20090619.16 -  2009-06-21 21:54:11.48  -  ntfs
Microsoft Windows XP Service Pack 3 - user
執行位置: C:\工具\電腦防駭\EF.exe
AV: ESET NOD32防毒系統 2.70 (ESET, spol. s r.o.) True - Enabled

================================================================================
EF刪除的檔案列表:

沒有刪除任何檔案.

================================================================================
EF修改的登錄值列表:

沒有刪除任何登錄值.

================================================================================
EF刪除的檔案備份位置列表:

c:\WINDOWS\system32\inteltrv.exe => C:\ef_backup\backup\c\WINDOWS\system32\inteltrv.exe.vir
================================================================================
AUTORUN.INF:

<資料夾> C:\autorun.inf

<資料夾> E:\autorun.inf

<資料夾> G:\autorun.inf

<資料夾> H:\autorun.inf

<資料夾> I:\autorun.inf
================================================================================
各磁碟根目錄含有隱藏屬性的資料夾和檔案 :

2004-10-01 00:43:37 . 2007-10-30 21:35:49 a-hs--- 210  C:\boot.ini
2004-08-26 20:00:00 . 2004-08-26 20:00:00 arhs--- 213830  C:\bootfont.bin
2004-09-30 16:55:12 . 2004-09-30 16:55:12 arhs--- 0  C:\IO.SYS
2004-09-30 16:55:12 . 2004-09-30 16:55:12 arhs--- 0  C:\MSDOS.SYS
2004-08-26 20:00:00 . 2004-08-26 20:00:00 arhs--- 47564  C:\NTDETECT.COM
2004-08-26 20:00:00 . 2008-08-30 21:21:41 arhs--- 257728  C:\ntldr
2004-10-01 00:37:56 . 2007-10-30 20:50:09 a-hs--- 1609797632  C:\pagefile.sys
2008-08-30 20:17:12 . 2009-02-10 00:59:40 a-h---- 268  C:\sqmdata00.sqm
2008-08-30 20:26:19 . 2009-02-10 11:11:07 a-h---- 268  C:\sqmdata01.sqm
2008-08-30 20:41:17 . 2009-02-11 16:21:16 a-h---- 268  C:\sqmdata02.sqm
2008-08-30 20:52:21 . 2009-02-12 12:54:34 a-h---- 268  C:\sqmdata03.sqm
2008-08-30 21:00:20 . 2009-02-13 07:17:14 a-h---- 268  C:\sqmdata04.sqm
2008-08-30 21:33:45 . 2009-02-13 16:46:56 a-h---- 268  C:\sqmdata05.sqm
2008-08-31 12:44:54 . 2009-02-13 21:35:05 a-h---- 268  C:\sqmdata06.sqm
2008-09-01 21:04:39 . 2009-02-14 09:46:57 a-h---- 268  C:\sqmdata07.sqm
2008-09-02 08:42:28 . 2009-02-15 09:44:23 a-h---- 268  C:\sqmdata08.sqm
2008-09-03 22:05:53 . 2009-02-16 12:46:24 a-h---- 268  C:\sqmdata09.sqm
2008-09-04 23:03:45 . 2009-02-16 16:15:50 a-h---- 268  C:\sqmdata10.sqm
2008-09-06 21:04:41 . 2009-02-17 15:23:14 a-h---- 268  C:\sqmdata11.sqm
2008-09-08 14:12:19 . 2009-02-18 20:27:09 a-h---- 268  C:\sqmdata12.sqm
2008-09-08 19:38:40 . 2009-02-19 13:31:43 a-h---- 268  C:\sqmdata13.sqm
2008-09-09 06:43:41 . 2009-02-20 16:17:06 a-h---- 268  C:\sqmdata14.sqm
2008-09-09 20:39:41 . 2009-02-07 10:23:25 a-h---- 268  C:\sqmdata15.sqm
2008-09-10 06:45:06 . 2009-02-07 23:35:01 a-h---- 268  C:\sqmdata16.sqm
2008-09-10 08:02:22 . 2009-02-08 19:30:40 a-h---- 268  C:\sqmdata17.sqm
2008-09-10 21:44:32 . 2009-02-09 08:47:47 a-h---- 268  C:\sqmdata18.sqm
2008-09-11 19:12:34 . 2009-02-09 22:50:56 a-h---- 268  C:\sqmdata19.sqm
2008-08-30 20:17:12 . 2009-02-10 00:59:40 a-h---- 244  C:\sqmnoopt00.sqm
2008-08-30 20:26:19 . 2009-02-10 11:11:07 a-h---- 244  C:\sqmnoopt01.sqm
2008-08-30 20:41:17 . 2009-02-11 16:21:16 a-h---- 244  C:\sqmnoopt02.sqm
2008-08-30 20:52:21 . 2009-02-12 12:54:34 a-h---- 244  C:\sqmnoopt03.sqm
2008-08-30 21:00:20 . 2009-02-13 07:17:13 a-h---- 244  C:\sqmnoopt04.sqm
2008-08-30 21:33:45 . 2009-02-13 16:46:56 a-h---- 244  C:\sqmnoopt05.sqm
2008-08-31 12:44:54 . 2009-02-13 21:35:05 a-h---- 244  C:\sqmnoopt06.sqm
2008-09-01 21:04:39 . 2009-02-14 09:46:56 a-h---- 244  C:\sqmnoopt07.sqm
2008-09-02 08:42:28 . 2009-02-15 09:44:23 a-h---- 244  C:\sqmnoopt08.sqm
2008-09-03 22:05:53 . 2009-02-16 12:46:24 a-h---- 244  C:\sqmnoopt09.sqm
2008-09-04 23:03:45 . 2009-02-16 16:15:50 a-h---- 244  C:\sqmnoopt10.sqm
2008-09-06 21:04:41 . 2009-02-17 15:23:14 a-h---- 244  C:\sqmnoopt11.sqm
2008-09-08 14:12:08 . 2009-02-18 20:27:09 a-h---- 244  C:\sqmnoopt12.sqm
2008-09-08 19:38:40 . 2009-02-19 13:31:43 a-h---- 244  C:\sqmnoopt13.sqm
2008-09-09 06:43:41 . 2009-02-20 16:17:06 a-h---- 244  C:\sqmnoopt14.sqm
2008-09-09 20:39:40 . 2009-02-07 10:23:25 a-h---- 244  C:\sqmnoopt15.sqm
2008-09-10 06:45:06 . 2009-02-07 23:35:00 a-h---- 244  C:\sqmnoopt16.sqm
2008-09-10 08:02:22 . 2009-02-08 19:30:39 a-h---- 244  C:\sqmnoopt17.sqm
2008-09-10 21:44:31 . 2009-02-09 08:47:47 a-h---- 244  C:\sqmnoopt18.sqm
2008-09-11 19:12:33 . 2009-02-09 22:50:56 a-h---- 244  C:\sqmnoopt19.sqm
2008-01-28 23:33:31 . 2008-01-29 00:46:26 a-hs--- 23040  C:\Thumbs.db
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\0pqb6qnj.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\1.vbs
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\2g.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\2px8tdn.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\39ysi89.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\3r33c.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\3ve.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\8tss2gwq.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\alastart.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\auto.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\autorun.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\b.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\cjrp8.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\Cn911.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\ddyikr.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\dynrn6e.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\ejoq.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\explore.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\explorer.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\f2ir.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\hovrflst.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\jg6w3yx.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\kdy.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\mmtpw22.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\msdos.bat
2008-08-02 14:35:59 . 2008-08-02 14:35:59 -rh---- <DIR>  C:\MSOCache
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\ntnq.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\nw0t1l0d.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\p9.exe
2004-09-30 17:28:51 . 2009-03-09 03:41:13 --hs--- <DIR>  C:\RECYCLER
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\sal.xls.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\spkr9wou.bat
2004-09-30 16:44:24 . 2008-12-08 10:50:32 --hs--- <DIR>  C:\System Volume Information
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\temp.exe
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\tmf3w3g0.com
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\v3pif.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\vmyphd.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\wg0kpd.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\windows.scr
2007-11-27 21:42:05 . 2007-11-27 21:42:10 a-hs--- 6144  E:\Thumbs.db
2008-01-10 18:08:02 . 2008-01-10 18:08:04 a-h---- 162  E:\~$SL基本設定資料.doc
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  E:\msdos.bat
2007-10-30 20:52:41 . 2007-10-30 20:52:42 --hs--- <DIR>  E:\System Volume Information
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  E:\tmf3w3g0.com
2007-10-30 21:34:27 . 2007-10-30 21:34:28 --hs--- <DIR>  E:\Recycled
2007-08-20 23:39:01 . 2007-08-20 23:39:04 a-hs--- 3072  G:\Thumbs.db
2002-07-04 20:11:53 . 2002-07-04 20:11:54 --hs--- <DIR>  G:\_Restore
2002-07-06 09:40:33 . 2002-07-06 09:40:34 --h---- <DIR>  G:\爸比
2002-07-08 01:06:33 . 2002-07-08 01:06:34 --hs--- <DIR>  G:\Recycled
2007-07-17 19:02:50 . 2007-07-17 19:02:50 --hs--- <DIR>  G:\FOUND.000
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\msdos.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\mt0.cmd
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\tmf3w3g0.com
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\wg0kpd.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\yfmqo.cmd
2004-12-26 21:12:17 . 2004-12-26 21:12:18 --hs--- <DIR>  G:\System Volume Information
1980-01-01 . 2004-12-18 21:31:34 -rhs--- 1676  H:\MSDOS.SYS
2004-12-18 21:42:11 . 2004-12-18 21:42:12 --hs--- 7253  H:\DETLOG.OLD
1980-01-01 . 2004-07-20 23:07:40 --hs--- 22  H:\MSDOS.---
2004-12-18 21:45:57 . 2004-12-18 21:45:58 a-hs--- 7253  H:\DETLOG.TXT
1980-01-01 . 2004-12-18 21:55:46 a-hs--- 10766  H:\NETLOG.TXT
1980-01-01 . 2007-10-30 18:43:58 a-h---- 0  H:\BOOTLOG.PRV
1980-01-01 . 2007-10-30 18:48:46 a-h---- 0  H:\BOOTLOG.TXT
1980-01-01 . 2004-12-18 21:18:10 -rhs--- 1660  H:\MSDOS.BAK
1980-01-01 . 2000-06-08 17:00:00 -rhs--- 111104  H:\IO.SYS
2005-09-01 19:29:46 . 2006-08-04 12:22:48 a-hs--- 60416  H:\Thumbs.db
2007-07-17 19:02:06 . 2007-07-17 19:02:06 --hs--- <DIR>  H:\FOUND.000
2008-08-03 16:35:04 . 2008-08-03 16:35:04 --hs--- <DIR>  H:\FOUND.001
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  H:\msdos.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  H:\tmf3w3g0.com
2004-08-16 23:41:08 . 2004-08-16 23:41:10 --hs--- <DIR>  H:\Recycled
2004-12-26 21:41:12 . 2004-12-26 21:41:14 --hs--- <DIR>  H:\System Volume Information
2005-01-07 01:54:48 . 2005-01-07 01:54:50 --h---- <DIR>  H:\movie
2005-01-07 22:52:46 . 2005-01-07 22:52:48 --h---- <DIR>  H:\emule new
2005-01-07 22:53:55 . 2005-01-07 22:53:56 --h---- <DIR>  H:\emule temp
2009-06-21 00:34:48 . 2009-06-04 15:07:32 --hs--- 95816  I:\Kterne.exe
2009-06-21 00:35:20 . 2009-06-21 00:35:22 --hs--- <DIR>  I:\autorun.inf

********** Created 2009-05 -- 2009-06 Files: **********

2009-06-21 21:15:43 . 2009-06-21 21:15:44 -------  <DIR> C:\WINDOWS\system32\ef_backup
2009-06-21 21:14:47 . 2000-08-31 08:00:00 a------ 29696  C:\WINDOWS\nircmd.com
2009-06-21 08:44:53 . 2009-06-21 17:25:13 -------  <DIR> C:\WINDOWS\MAGICSET
2009-06-21 08:25:50 . 2003-01-26 13:41:24 a------ 40960  C:\WINDOWS\system32\SSubTmr6.dll
2009-06-21 08:25:45 . 2000-02-26 18:23:30 a------ 21264  C:\WINDOWS\system32\internat.exe
2009-06-21 08:24:35 . 2009-06-21 08:24:35 -------  <DIR> C:\Program Files\Super Rabbit
2009-06-10 22:57:28 . 2009-06-10 22:59:12 -------  <DIR> C:\Documents and Settings\user\My Documents\PDF 檔案
2009-06-10 22:57:06 . 2008-09-30 22:17:10 ------- 253952  C:\WINDOWS\system32\fppr332.dll
2009-06-10 22:57:06 . 2008-09-30 20:22:40 ------- 385024  C:\WINDOWS\system32\fppmon3.dll
2009-06-08 21:34:12 . 2009-06-08 21:34:12 -------  <DIR> C:\Program Files\Namo
2009-06-07 11:09:14 . 2009-06-04 15:07:32 --hs--- 95816  C:\WINDOWS\system32\Kterne.exe
2009-06-03 22:53:01 . 2002-03-17 02:00:00 a------ 7420  C:\WINDOWS\UA000106.DLL
2009-06-02 01:16:56 . 2009-06-02 01:16:56 -------  <DIR> C:\Documents and Settings\user\My Documents\Corel VideoStudio
2009-06-02 01:15:42 . 2008-04-01 21:40:42 a------ 209040  C:\WINDOWS\system32\IVIresizeW7.dll
2009-06-02 01:15:42 . 2008-04-01 21:40:40 a------ 196752  C:\WINDOWS\system32\IVIresizeP6.dll
2009-06-02 01:15:42 . 2008-04-01 21:40:40 a------ 192656  C:\WINDOWS\system32\IVIresizePX.dll
2009-06-02 01:15:41 . 2008-04-01 21:40:38 a------ 196752  C:\WINDOWS\system32\IVIresizeM6.dll
2009-06-02 01:15:41 . 2008-04-01 21:40:36 a------ 204944  C:\WINDOWS\system32\IVIresizeA6.dll
2009-06-02 01:15:41 . 2008-04-01 21:40:34 a------ 24720  C:\WINDOWS\system32\IVIresize.dll
2009-06-02 01:15:06 . 2009-06-02 01:15:06 -------  <DIR> C:\Program Files\Windows Media Components
2009-06-02 01:13:06 . 2009-06-02 01:14:07 -------  <DIR> C:\Program Files\Corel
2009-06-02 00:01:51 . 2009-06-02 00:01:51 -------  <DIR> C:\Program Files\Sony
2009-05-31 00:36:57 . 2009-06-21 18:35:20 -------  <DIR> C:\Program Files\FreeStyle2008
.
********** Modified 2009-04 -- 2009-06 files: **********

2009-06-21 21:49:30 a------ 1633997  C:\WINDOWS\WindowsUpdate.log
2009-06-21 21:48:30 a------ 159  C:\WINDOWS\wiadebug.log
2009-06-21 21:48:29 a------ 49  C:\WINDOWS\wiaservc.log
2009-06-21 21:16:05 a------ 32572  C:\WINDOWS\SchedLgU.Txt
2009-06-18 19:39:06 a------ 250710  C:\WINDOWS\setupapi.log
2009-06-12 00:49:06 a------ 839  C:\WINDOWS\win.ini
2009-06-12 00:48:15 a------ 72227  C:\WINDOWS\ocmsn.log
2009-06-12 00:48:15 a------ 611635  C:\WINDOWS\ocgen.log
2009-06-12 00:48:15 a------ 468987  C:\WINDOWS\tsoc.log
2009-06-12 00:48:15 a------ 242488  C:\WINDOWS\ntdtcsetup.log
2009-06-12 00:46:01 a------ 189226  C:\WINDOWS\updspapi.log
2009-06-07 23:25:02 a------ 4205  C:\WINDOWS\ODBCINST.INI
2009-06-07 23:24:13 a------ 48930  C:\WINDOWS\Windows Update.log
2009-06-04 15:07:32 --hs--- 95816  C:\WINDOWS\system32\Kterne.exe
2009-06-02 00:51:12 a------ 23635392  C:\WINDOWS\system32\MRT.exe
2009-05-07 23:32:00 a------ 340992  C:\WINDOWS\system32\localspl.dll
2009-05-01 23:04:43 a------ 183244  C:\WINDOWS\setupact.log
2009-04-30 21:06:48 a------ 298104  C:\WINDOWS\system32\imon.dll
2009-04-29 12:42:05 a------ 1159680  C:\WINDOWS\system32\urlmon.dll
2009-04-29 12:42:04 a------ 105984  C:\WINDOWS\system32\url.dll
2009-04-29 12:42:00 ------- 27648  C:\WINDOWS\system32\jsproxy.dll
2009-04-29 12:42:00 ------- 1830912  C:\WINDOWS\system32\inetcpl.cpl
2009-04-29 12:41:59 a------ 6066176  C:\WINDOWS\system32\ieframe.dll
2009-04-29 12:41:59 a------ 268288  C:\WINDOWS\system32\iertutil.dll
2009-04-29 12:41:59 ------- 44544  C:\WINDOWS\system32\iernonce.dll
2009-04-29 12:41:57 a------ 78336  C:\WINDOWS\system32\ieencode.dll
2009-04-29 12:41:57 ------- 385024  C:\WINDOWS\system32\iedkcs32.dll
2009-04-29 12:41:56 a------ 383488  C:\WINDOWS\system32\ieapfltr.dll
2009-04-29 12:41:56 ------- 230400  C:\WINDOWS\system32\ieaksie.dll
2009-04-29 12:41:56 ------- 153088  C:\WINDOWS\system32\ieakeng.dll
2009-04-29 12:41:55 a------ 63488  C:\WINDOWS\system32\icardie.dll
2009-04-29 12:41:55 ------- 133120  C:\WINDOWS\system32\extmgr.dll
2009-04-28 17:04:20 a------ 389120  C:\WINDOWS\system32\html.iec
2009-04-28 17:04:02 a------ 13824  C:\WINDOWS\system32\ieudinit.exe
2009-04-28 17:04:02 ------- 70656  C:\WINDOWS\system32\ie4uinit.exe
2009-04-25 13:26:23 ------- 161792  C:\WINDOWS\system32\ieakui.dll
.
================================================================================
執行中的程序:

[PID: 960] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [RealNetworks, Inc.]
[PID: 688] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [Hewlett-Packard]
[PID: 6508] C:\WINDOWS\system32\wbem\wmiprvse.exe [Microsoft Corporation]
[PID: 6452] C:\WINDOWS\system32\wbem\wmiprvse.exe [Microsoft Corporation]
[PID: 5280] C:\WINDOWS\system32\wuauclt.exe [Microsoft Corporation]
[PID: 3332] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [Yahoo! Inc.]
[PID: 3264] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [Ulead Systems, Inc.]
[PID: 3212] C:\Program Files\CyberLink\Shared files\RichVideo.exe [N/A]
[PID: 3008] C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation]
[PID: 2956] C:\Program Files\Eset\nod32krn.exe [Eset ]
[PID: 2836] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [Microsoft Corporation]
[PID: 2132] C:\WINDOWS\System32\alg.exe [Microsoft Corporation]
[PID: 1924] C:\WINDOWS\system32\conime.exe [Microsoft Corporation]
[PID: 1812] C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe [N/A]
[PID: 1688] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [Logitech]
[PID: 1636] c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [Logitech Inc.]
[PID: 1592] C:\WINDOWS\system32\spoolsv.exe [Microsoft Corporation]
[PID: 1364] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [Google Inc.]
[PID: 1352] C:\WINDOWS\system32\ctfmon.exe [Microsoft Corporation]
[PID: 1168] C:\Program Files\Eset\nod32kui.exe [Eset ]
[PID: 1156] C:\WINDOWS\system32\ElkCtrl.exe [Logitech Inc.]
[PID: 1124] C:\Program Files\Logitech\Video\CameraAssistant.exe [Logitech Inc.]
[PID: 1116] C:\WINDOWS\system32\LVCOMSX.EXE [Logitech Inc.]
[PID: 1016] C:\WINDOWS\ALCWZRD.EXE [RealTek Semicoductor Corp.]
[PID: 1008] C:\WINDOWS\SOUNDMAN.EXE [Realtek Semiconductor Corp.]

系統執行程序中沒有檔案資訊的動態連結檔:

lsass.exe PID: (824)
=> C:\Program Files\Eset\pr_imon.dll

explorer.exe PID: (4804)
=> C:\Program Files\Eset\pr_imon.dll

svchost.exe PID: (1060)
=> C:\Program Files\Eset\pr_imon.dll

svchost.exe PID: (1216)
=> C:\Program Files\Eset\pr_imon.dll

svchost.exe PID: (1356)
=> C:\Program Files\Eset\pr_imon.dll

svchost.exe PID: (3220)
=> C:\Program Files\Eset\pr_imon.dll

================================================================================

登錄值列表 *** 注意 : 部分正常值不會顯示 ***

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]
"foxy"="C:\Program Files\Foxy\Foxy.exe"  [File Not Found.]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"  [Google Inc.]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe"  [Microsoft Corporation]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe"  [Skype Technologies S.A.]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"  [Logitech]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"  [Yahoo! Inc.]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio 屬性頁捷徑"="C:\WINDOWS\system32\Hdaudpropshortcut.exe"  [Windows (R) Server 2003 DDK provider]
"NvCplDaemon"="C:\WINDOWS\system32\nvcpl.dll"  [NVIDIA Corporation]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"  [N/A]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"  [Hewlett-Packard]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe"  [Adobe Systems Incorporated]
"Flashget"="C:\Program Files\FlashGet\flashget.exe"  [FlashGet.com]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe"  [Apple Computer, Inc.]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE"  [Microsoft Corp.]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE"  [Microsoft Corp.]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  [RealNetworks, Inc.]
"High Definition Audio Property Page Shortcut"="C:\WINDOWS\system32\HdAShCut.exe"  [Windows (R) Server 2003 DDK provider]
"SoundMan"="C:\WINDOWS\SoundMan.exe"  [Realtek Semiconductor Corp.]
"AlcWzrd"="C:\WINDOWS\alcwzrd.exe"  [RealTek Semicoductor Corp.]
"Alcmtr"="C:\WINDOWS\Alcmtr.exe"  [Realtek Semiconductor Corp.]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"  [Logitech Inc.]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe"  [Logitech Inc.]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe"  [Logitech Inc.]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe"  [Logitech Inc.]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe"  [Eset ]
"UVS12 Preload"="C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe"  [Ulead Systems, Inc.]
"kterne"="C:\WINDOWS\system32\Kterne.exe"  [N/A]
"pdfFactory Pro 分派器 v3"="C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe"  [FinePrint Software, LLC]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" - 2006-10-18 21:47 133632 C:\WINDOWS\system32\WPDShServiceObj.dll

[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2009-03-14 06:18 908528 C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2009-03-14 06:18 165616 C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\CJIMETIPSYNC]
"command"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE"  [Microsoft Corp.]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\IMJPMIG8.1]
"command"="C:\WINDOWS\ime\IMJP8_1\imjpmig.exe"  [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\iTunesHelper]
"command"="C:\Program Files\iTunes\iTunesHelper.exe"  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\kava]
"command"="C:\WINDOWS\system32\kavo.exe"  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\NeroFilterCheck]
"command"="C:\WINDOWS\system32\NeroCheck.exe"  [Ahead Software Gmbh]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\NvMediaCenter]
"command"="C:\WINDOWS\system32\nvmctray.dll"  [NVIDIA Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\NVRTCLK]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\nwiz]
"command"="C:\WINDOWS\system32\nwiz.exe"  [NVIDIA Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\QuickTime Task]
"command"="C:\Program Files\QuickTime\qttask.exe"  [Apple Computer, Inc.]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\SoundMan]
"command"="C:\WINDOWS\SoundMan.exe"  [Realtek Semiconductor Corp.]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Reader Speed Launch.lnk]
"command"="C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE"  [Adobe Systems Incorporated]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Reader Synchronizer.lnk]
"command"="C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE"  [Adobe Systems Incorporated]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\services]
iPodService=0x3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
HonorAutoRunSetting=0x1

C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe  [ 2008-10-18 16:57:30 450560 ]

沒有數位簽章的系統檔案

2008-06-20 19:51 361600 C:\WINDOWS\system32\DRIVERS\TCPIP.SYS [Microsoft Corporation]

  --> 2006-04-20 20:18 360576 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys [Sigcheck failed.]
  --> 2007-10-31 00:53 360832 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [Sigcheck failed.]
  --> 2008-06-20 18:44 360960 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 19:51 361600 C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 19:59 361600 C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 18:45 360320 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [Sigcheck failed.]
  --> 2004-08-26 20:00 359040 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys [Sigcheck ok.]
  --> 2006-04-20 19:51 359808 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys [Sigcheck failed.]
  --> 2008-04-14 03:20 361344 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [Sigcheck ok.]
  --> 2007-10-31 01:20 360064 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys [Sigcheck failed.]
  --> 2008-04-14 03:20 361344 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 19:51 361600 C:\WINDOWS\system32\dllcache\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 19:51 361600 C:\WINDOWS\system32\drivers\tcpip.sys [Sigcheck failed.]

================================================================================

服務 \ 驅動 列表:
顯示方式 :  啟動狀態  服務名稱;顯示名稱;檔案名稱

S3  napagent;Network Access Protection Agent;C:\WINDOWS\System32\qagentrt.dll  [Microsoft Corporation]
S2  ProStorageDM;Protected Storage Driver Metd;C:\WINDOWS\System32\intersy.exe  [Microsoft Corporation]
R2  YahooAUService;Yahoo! Updater;C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe  [Yahoo! Inc.]
R2  AMON;AMON;C:\WINDOWS\system32\drivers\amon.sys  [Eset ]
S3  dump_wmimmc;dump_wmimmc;C:\Documents and Settings\All Users\Documents\歌詞\GameGuard\dump_wmimmc.sys  [File Not Found.]
S3  GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys  [N/A]
R3  LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys  [N/A]
R2  {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl  [Cyberlink Corp.]

================================================================================

[HKLM\System\CurrentControlSet\Services\FontCache3.0.0.0]
ImagePath = c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [Microsoft Corporation]

[HKLM\System\CurrentControlSet\Services\Lvckap]
ImagePath = C:\WINDOWS\system32\drivers\Lvckap.sys  [N/A]

[HKLM\System\CurrentControlSet\Services\lvmvdrv]
ImagePath = C:\WINDOWS\system32\drivers\lvmvdrv.sys  [N/A]

[HKLM\System\CurrentControlSet\Services\Tcpip]
ImagePath = C:\WINDOWS\system32\DRIVERS\tcpip.sys [Microsoft Corporation]

================================================================================
工作排程資料夾內的資料:

2009-06-21 C:\WINDOWS\TASKS\查看 Windows Live Toolbar 的更新資訊.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE  [2007-10-19 11:20 99856]

IE 首頁設定:

Internet Explorer Version: 7.0.5730.11
HKLM - Search Page = hxxp://tw.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://tw.search.yahoo.com
HKLM - Local Page = about:blank
HKLM - Start Page = hxxp://tw.yahoo.com
HKCU - Local Page = about:blank
HKCU - Search Page = hxxp://tw.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://tw.search.yahoo.com
HKCU - Start Page = hxxp://tw.yahoo.com
HKCU - Extra menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
HKCU - Extra menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
HKLM - Extensions: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
HKLM - Extensions: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

LSP: c:\windows\system32\imon.dll

================================================================================

Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.

================================================================================

A:   -Removable Disk-        No Assess
C:   -Local Disk-        Size: 66912616448  FreeSpace: 7834759168  NTFS
D:   -Compact Disc-        No Assess
E:   -Local Disk-        Size: 10476945408  FreeSpace: 6356221952  FAT32
F:   -Compact Disc-        No Assess
G:   -Local Disk-        Size: 30731026432  FreeSpace: 9481535488  FAT32
H:   -Local Disk-        Size: 30731026432  FreeSpace: 11027251200  FAT32
I:   -Removable Disk-        Size: 2052059136  FreeSpace: 616812544  FAT32
K:   -Removable Disk-        No Assess
L:   -Removable Disk-        No Assess
M:   -Removable Disk-        No Assess
N:   -Removable Disk-        No Assess

掃描結束時間: 2009-06-21 21:55:02.01[/code]

garybed 2009-6-22 10:10 PM

Keterne.exe可能是最新的惡意程式,
請參考以下網址:
(1) [url]http://www.incodesolutions.com/threats3/System32Rootkterneexe.php[/url]
(2) DOS殺檔案方法: cmd-->I: 按enter(I:指隨身碟的槽,若隨身碟是G槽,請將I:全改成G:))
(3) I:\>dir/ah按enter.
(4) I:\>attrib -s -h -r Keterne*.*按enter(注意-s空格-h空格-r空格Keterne*.*)
(5) I:\>del Keterne*.*
(6) I:\dir/ah (再確認Keterne.exe是否已不見了)
PS:確定已刪除後,建議線上掃毒(至少找2家信任的online scan做確認)|y23| |y23| |y23|

semtex 2009-6-23 02:31 AM

Kterne.exe
類別:PSW Win32/Gamania.gen ! D (間諜軟體)
文件MD5辨識碼 : 0xC99D36BFF1ADA640C619C9D9601953FE
提報日期:2009年6月8日, 11時17分52秒
威脅等級:LV1
執行動作:
1.要求從互聯網下載軟件
2.建立網路連結通道
服務器名稱:xzpz01.3322.org
服務器端口:80
連接用戶:(空)
連接密碼:(空)
來源:黑心大陸

解除方法:

開始 >> 執行 >> MRT(請先更新) >> 完整掃描

MRT 載點 BY微軟 定義檔6月9號

[url=http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=zh-tw]Microsoft® Windows® 惡意軟體移除工具 (KB890830) XP VISTA 32位元[/url]

[url=http://www.microsoft.com/downloads/details.aspx?displaylang=zh-tw&FamilyID=585d2bde-367f-495e-94e7-6349f4effc74]Microsoft® Windows® 惡意軟體移除工具 (KB890830) XP VISTA 64位元[/url]

jolan 2009-6-23 08:40 AM

安全模式下砍殺!
I:\Kterne.exe
C:\WINDOWS\system32\Kterne.exe
使用過iclean吧?擋不了又增加辨識困難度...

sylovanas 2009-6-23 09:16 AM

複製底下的藍色文字

[color=Blue]MOVE FILE::
I:\Kterne.exe
C:\WINDOWS\system32\Kterne.exe
C:\WINDOWS\UA000106.DLL

mod REG::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kterne"=-[/color]

然後執行EF.exe
依照底下的圖解指示動作
[img]http://sylovanas.myweb.hinet.net/EF/EF.jpg[/img]

跑完之後將桌面上產生的log文字報告貼上來

hhd0907 2009-6-26 12:18 AM

EF最新掃描

[code]script code: 23464

efix 5.2 20090619.16 -  2009-06-26  0:15:19.21  -  ntfs
Microsoft Windows XP Service Pack 3 - user
執行位置: C:\工具\電腦防駭\EF.exe
AV: ESET NOD32防毒系統 2.70 (ESET, spol. s r.o.) True - Enabled

自定義刪除腳本報告

MOVE FILE::
I:\Kterne.exe
C:\WINDOWS\system32\Kterne.exe
C:\WINDOWS\UA000106.DLL

mod REG::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kterne"=-

================================================================================
EF刪除的檔案列表:

i:\kterne.exe"

================================================================================
EF修改的登錄值列表:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kterne"=-

================================================================================
EF刪除的檔案備份位置列表:

c:\WINDOWS\UA000106.DLL => C:\ef_backup\backup\c\WINDOWS\UA000106.DLL.vir
c:\WINDOWS\system32\inteltrv.exe => C:\ef_backup\backup\c\WINDOWS\system32\inteltrv.exe.vir
c:\WINDOWS\system32\Kterne.exe => C:\ef_backup\backup\c\WINDOWS\system32\Kterne.exe.Zip
I:\Kterne.exe => C:\ef_backup\backup\I\Kterne.exe.vir
================================================================================
AUTORUN.INF:

<資料夾> C:\autorun.inf

<資料夾> E:\autorun.inf

<資料夾> G:\autorun.inf

<資料夾> H:\autorun.inf

<資料夾> I:\autorun.inf
================================================================================
各磁碟根目錄含有隱藏屬性的資料夾和檔案 :

2004-10-01 00:43:37 . 2007-10-30 21:35:49 a-hs--- 210  C:\boot.ini
2004-08-26 20:00:00 . 2004-08-26 20:00:00 arhs--- 213830  C:\bootfont.bin
2004-09-30 16:55:12 . 2004-09-30 16:55:12 arhs--- 0  C:\IO.SYS
2004-09-30 16:55:12 . 2004-09-30 16:55:12 arhs--- 0  C:\MSDOS.SYS
2004-08-26 20:00:00 . 2004-08-26 20:00:00 arhs--- 47564  C:\NTDETECT.COM
2004-08-26 20:00:00 . 2008-08-30 21:21:41 arhs--- 257728  C:\ntldr
2004-10-01 00:37:56 . 2007-10-30 20:50:09 a-hs--- 1609797632  C:\pagefile.sys
2008-08-30 20:17:12 . 2009-02-10 00:59:40 a-h---- 268  C:\sqmdata00.sqm
2008-08-30 20:26:19 . 2009-02-10 11:11:07 a-h---- 268  C:\sqmdata01.sqm
2008-08-30 20:41:17 . 2009-02-11 16:21:16 a-h---- 268  C:\sqmdata02.sqm
2008-08-30 20:52:21 . 2009-02-12 12:54:34 a-h---- 268  C:\sqmdata03.sqm
2008-08-30 21:00:20 . 2009-02-13 07:17:14 a-h---- 268  C:\sqmdata04.sqm
2008-08-30 21:33:45 . 2009-02-13 16:46:56 a-h---- 268  C:\sqmdata05.sqm
2008-08-31 12:44:54 . 2009-02-13 21:35:05 a-h---- 268  C:\sqmdata06.sqm
2008-09-01 21:04:39 . 2009-02-14 09:46:57 a-h---- 268  C:\sqmdata07.sqm
2008-09-02 08:42:28 . 2009-02-15 09:44:23 a-h---- 268  C:\sqmdata08.sqm
2008-09-03 22:05:53 . 2009-02-16 12:46:24 a-h---- 268  C:\sqmdata09.sqm
2008-09-04 23:03:45 . 2009-02-16 16:15:50 a-h---- 268  C:\sqmdata10.sqm
2008-09-06 21:04:41 . 2009-02-17 15:23:14 a-h---- 268  C:\sqmdata11.sqm
2008-09-08 14:12:19 . 2009-02-18 20:27:09 a-h---- 268  C:\sqmdata12.sqm
2008-09-08 19:38:40 . 2009-02-19 13:31:43 a-h---- 268  C:\sqmdata13.sqm
2008-09-09 06:43:41 . 2009-02-20 16:17:06 a-h---- 268  C:\sqmdata14.sqm
2008-09-09 20:39:41 . 2009-06-25 17:51:04 a-h---- 268  C:\sqmdata15.sqm
2008-09-10 06:45:06 . 2009-06-25 21:38:20 a-h---- 268  C:\sqmdata16.sqm
2008-09-10 08:02:22 . 2009-06-25 23:48:00 a-h---- 268  C:\sqmdata17.sqm
2008-09-10 21:44:32 . 2009-06-26 00:07:14 a-h---- 268  C:\sqmdata18.sqm
2008-09-11 19:12:34 . 2009-02-09 22:50:56 a-h---- 268  C:\sqmdata19.sqm
2008-08-30 20:17:12 . 2009-02-10 00:59:40 a-h---- 244  C:\sqmnoopt00.sqm
2008-08-30 20:26:19 . 2009-02-10 11:11:07 a-h---- 244  C:\sqmnoopt01.sqm
2008-08-30 20:41:17 . 2009-02-11 16:21:16 a-h---- 244  C:\sqmnoopt02.sqm
2008-08-30 20:52:21 . 2009-02-12 12:54:34 a-h---- 244  C:\sqmnoopt03.sqm
2008-08-30 21:00:20 . 2009-02-13 07:17:13 a-h---- 244  C:\sqmnoopt04.sqm
2008-08-30 21:33:45 . 2009-02-13 16:46:56 a-h---- 244  C:\sqmnoopt05.sqm
2008-08-31 12:44:54 . 2009-02-13 21:35:05 a-h---- 244  C:\sqmnoopt06.sqm
2008-09-01 21:04:39 . 2009-02-14 09:46:56 a-h---- 244  C:\sqmnoopt07.sqm
2008-09-02 08:42:28 . 2009-02-15 09:44:23 a-h---- 244  C:\sqmnoopt08.sqm
2008-09-03 22:05:53 . 2009-02-16 12:46:24 a-h---- 244  C:\sqmnoopt09.sqm
2008-09-04 23:03:45 . 2009-02-16 16:15:50 a-h---- 244  C:\sqmnoopt10.sqm
2008-09-06 21:04:41 . 2009-02-17 15:23:14 a-h---- 244  C:\sqmnoopt11.sqm
2008-09-08 14:12:08 . 2009-02-18 20:27:09 a-h---- 244  C:\sqmnoopt12.sqm
2008-09-08 19:38:40 . 2009-02-19 13:31:43 a-h---- 244  C:\sqmnoopt13.sqm
2008-09-09 06:43:41 . 2009-02-20 16:17:06 a-h---- 244  C:\sqmnoopt14.sqm
2008-09-09 20:39:40 . 2009-06-25 17:51:04 a-h---- 244  C:\sqmnoopt15.sqm
2008-09-10 06:45:06 . 2009-06-25 21:38:20 a-h---- 244  C:\sqmnoopt16.sqm
2008-09-10 08:02:22 . 2009-06-25 23:47:59 a-h---- 244  C:\sqmnoopt17.sqm
2008-09-10 21:44:31 . 2009-06-26 00:07:14 a-h---- 244  C:\sqmnoopt18.sqm
2008-09-11 19:12:33 . 2009-02-09 22:50:56 a-h---- 244  C:\sqmnoopt19.sqm
2008-01-28 23:33:31 . 2008-01-29 00:46:26 a-hs--- 23040  C:\Thumbs.db
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\0pqb6qnj.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\1.vbs
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\2g.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\2px8tdn.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\39ysi89.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\3r33c.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\3ve.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\8tss2gwq.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\alastart.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\auto.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\autorun.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\b.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\cjrp8.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\Cn911.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\ddyikr.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\dynrn6e.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\ejoq.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\explore.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\explorer.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\f2ir.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\hovrflst.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\jg6w3yx.com
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\kdy.cmd
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\mmtpw22.bat
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\msdos.bat
2008-08-02 14:35:59 . 2008-08-02 14:35:59 -rh---- <DIR>  C:\MSOCache
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\ntnq.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\nw0t1l0d.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\p9.exe
2004-09-30 17:28:51 . 2009-03-09 03:41:13 --hs--- <DIR>  C:\RECYCLER
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\sal.xls.exe
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\spkr9wou.bat
2004-09-30 16:44:24 . 2008-12-08 10:50:32 --hs--- <DIR>  C:\System Volume Information
2008-12-08 01:08:21 . 2008-12-08 01:08:21 arh---- <DIR>  C:\temp.exe
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\tmf3w3g0.com
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\v3pif.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\vmyphd.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\wg0kpd.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:22 arh---- <DIR>  C:\windows.scr
2007-11-27 21:42:05 . 2007-11-27 21:42:10 a-hs--- 6144  E:\Thumbs.db
2008-01-10 18:08:02 . 2008-01-10 18:08:04 a-h---- 162  E:\~$SL基本設定資料.doc
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  E:\msdos.bat
2007-10-30 20:52:41 . 2007-10-30 20:52:42 --hs--- <DIR>  E:\System Volume Information
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  E:\tmf3w3g0.com
2007-10-30 21:34:27 . 2007-10-30 21:34:28 --hs--- <DIR>  E:\Recycled
2007-08-20 23:39:01 . 2007-08-20 23:39:04 a-hs--- 3072  G:\Thumbs.db
2002-07-04 20:11:53 . 2002-07-04 20:11:54 --hs--- <DIR>  G:\_Restore
2002-07-06 09:40:33 . 2002-07-06 09:40:34 --h---- <DIR>  G:\爸比
2002-07-08 01:06:33 . 2002-07-08 01:06:34 --hs--- <DIR>  G:\Recycled
2007-07-17 19:02:50 . 2007-07-17 19:02:50 --hs--- <DIR>  G:\FOUND.000
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\msdos.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\mt0.cmd
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\tmf3w3g0.com
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\wg0kpd.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  G:\yfmqo.cmd
2004-12-26 21:12:17 . 2004-12-26 21:12:18 --hs--- <DIR>  G:\System Volume Information
1980-01-01 . 2004-12-18 21:31:34 -rhs--- 1676  H:\MSDOS.SYS
2004-12-18 21:42:11 . 2004-12-18 21:42:12 --hs--- 7253  H:\DETLOG.OLD
1980-01-01 . 2004-07-20 23:07:40 --hs--- 22  H:\MSDOS.---
2004-12-18 21:45:57 . 2004-12-18 21:45:58 a-hs--- 7253  H:\DETLOG.TXT
1980-01-01 . 2004-12-18 21:55:46 a-hs--- 10766  H:\NETLOG.TXT
1980-01-01 . 2007-10-30 18:43:58 a-h---- 0  H:\BOOTLOG.PRV
1980-01-01 . 2007-10-30 18:48:46 a-h---- 0  H:\BOOTLOG.TXT
1980-01-01 . 2004-12-18 21:18:10 -rhs--- 1660  H:\MSDOS.BAK
1980-01-01 . 2000-06-08 17:00:00 -rhs--- 111104  H:\IO.SYS
2005-09-01 19:29:46 . 2006-08-04 12:22:48 a-hs--- 60416  H:\Thumbs.db
2007-07-17 19:02:06 . 2007-07-17 19:02:06 --hs--- <DIR>  H:\FOUND.000
2008-08-03 16:35:04 . 2008-08-03 16:35:04 --hs--- <DIR>  H:\FOUND.001
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  H:\msdos.bat
2008-12-08 01:08:22 . 2008-12-08 01:08:24 arh---- <DIR>  H:\tmf3w3g0.com
2004-08-16 23:41:08 . 2004-08-16 23:41:10 --hs--- <DIR>  H:\Recycled
2004-12-26 21:41:12 . 2004-12-26 21:41:14 --hs--- <DIR>  H:\System Volume Information
2005-01-07 01:54:48 . 2005-01-07 01:54:50 --h---- <DIR>  H:\movie
2005-01-07 22:52:46 . 2005-01-07 22:52:48 --h---- <DIR>  H:\emule new
2005-01-07 22:53:55 . 2005-01-07 22:53:56 --h---- <DIR>  H:\emule temp
2009-06-21 00:35:20 . 2009-06-21 00:35:22 --hs--- <DIR>  I:\autorun.inf
2009-04-27 16:24:07 . 2009-04-27 16:24:08 a-h---- 162  P:\~$工程股份有限公司  函.doc
2008-11-21 11:40:14 . 2009-05-09 02:06:02 --h---- 290304  P:\~WRL1833.tmp
2008-11-21 11:40:14 . 2009-05-31 22:11:38 --h---- 309248  P:\~WRL0253.tmp
2008-10-17 12:16:41 . 2008-10-17 12:16:42 --hs--- <DIR>  P:\Recycled
2009-03-05 07:59:53 . 2009-03-05 07:59:54 --hs--- <DIR>  P:\System Volume Information

********** Created 2009-05 -- 2009-06 Files: **********

2009-06-23 17:39:59 . 2009-06-23 17:39:59 -------  <DIR> C:\Documents and Settings\user\My Documents\My Games
2009-06-23 17:38:22 . 2009-06-23 17:38:22 -------  <DIR> C:\Program Files\Microsoft Games
2009-06-21 21:15:43 . 2009-06-21 21:15:44 -------  <DIR> C:\WINDOWS\system32\ef_backup
2009-06-21 21:14:47 . 2000-08-31 08:00:00 a------ 29696  C:\WINDOWS\nircmd.com
2009-06-21 08:44:53 . 2009-06-21 17:25:13 -------  <DIR> C:\WINDOWS\MAGICSET
2009-06-21 08:25:50 . 2003-01-26 13:41:24 a------ 40960  C:\WINDOWS\system32\SSubTmr6.dll
2009-06-21 08:25:45 . 2000-02-26 18:23:30 a------ 21264  C:\WINDOWS\system32\internat.exe
2009-06-21 08:24:35 . 2009-06-21 08:24:35 -------  <DIR> C:\Program Files\Super Rabbit
2009-06-10 22:57:28 . 2009-06-10 22:59:12 -------  <DIR> C:\Documents and Settings\user\My Documents\PDF 檔案
2009-06-10 22:57:06 . 2008-09-30 22:17:10 ------- 253952  C:\WINDOWS\system32\fppr332.dll
2009-06-10 22:57:06 . 2008-09-30 20:22:40 ------- 385024  C:\WINDOWS\system32\fppmon3.dll
2009-06-08 21:34:12 . 2009-06-08 21:34:12 -------  <DIR> C:\Program Files\Namo
2009-06-02 01:16:56 . 2009-06-02 01:16:56 -------  <DIR> C:\Documents and Settings\user\My Documents\Corel VideoStudio
2009-06-02 01:15:42 . 2008-04-01 21:40:42 a------ 209040  C:\WINDOWS\system32\IVIresizeW7.dll
2009-06-02 01:15:42 . 2008-04-01 21:40:40 a------ 196752  C:\WINDOWS\system32\IVIresizeP6.dll
2009-06-02 01:15:42 . 2008-04-01 21:40:40 a------ 192656  C:\WINDOWS\system32\IVIresizePX.dll
2009-06-02 01:15:41 . 2008-04-01 21:40:38 a------ 196752  C:\WINDOWS\system32\IVIresizeM6.dll
2009-06-02 01:15:41 . 2008-04-01 21:40:36 a------ 204944  C:\WINDOWS\system32\IVIresizeA6.dll
2009-06-02 01:15:41 . 2008-04-01 21:40:34 a------ 24720  C:\WINDOWS\system32\IVIresize.dll
2009-06-02 01:15:06 . 2009-06-02 01:15:06 -------  <DIR> C:\Program Files\Windows Media Components
2009-06-02 01:13:06 . 2009-06-02 01:14:07 -------  <DIR> C:\Program Files\Corel
2009-06-02 00:01:51 . 2009-06-02 00:01:51 -------  <DIR> C:\Program Files\Sony
2009-05-31 00:36:57 . 2009-06-21 18:35:20 -------  <DIR> C:\Program Files\FreeStyle2008
.
********** Modified 2009-04 -- 2009-06 files: **********

2009-06-26 00:06:48 a------ 157  C:\WINDOWS\wiadebug.log
2009-06-26 00:06:46 a------ 49  C:\WINDOWS\wiaservc.log
2009-06-25 23:55:33 a------ 32572  C:\WINDOWS\SchedLgU.Txt
2009-06-25 23:55:33 a------ 1871579  C:\WINDOWS\WindowsUpdate.log
2009-06-23 17:35:56 a------ 255410  C:\WINDOWS\setupapi.log
2009-06-12 00:49:06 a------ 839  C:\WINDOWS\win.ini
2009-06-12 00:48:15 a------ 72227  C:\WINDOWS\ocmsn.log
2009-06-12 00:48:15 a------ 611635  C:\WINDOWS\ocgen.log
2009-06-12 00:48:15 a------ 468987  C:\WINDOWS\tsoc.log
2009-06-12 00:48:15 a------ 242488  C:\WINDOWS\ntdtcsetup.log
2009-06-12 00:46:01 a------ 189226  C:\WINDOWS\updspapi.log
2009-06-07 23:25:02 a------ 4205  C:\WINDOWS\ODBCINST.INI
2009-06-07 23:24:13 a------ 48930  C:\WINDOWS\Windows Update.log
2009-06-02 00:51:12 a------ 23635392  C:\WINDOWS\system32\MRT.exe
2009-05-07 23:32:00 a------ 340992  C:\WINDOWS\system32\localspl.dll
2009-05-01 23:04:43 a------ 183244  C:\WINDOWS\setupact.log
2009-04-30 21:06:48 a------ 298104  C:\WINDOWS\system32\imon.dll
2009-04-29 12:42:05 a------ 1159680  C:\WINDOWS\system32\urlmon.dll
2009-04-29 12:42:04 a------ 105984  C:\WINDOWS\system32\url.dll
2009-04-29 12:42:00 ------- 27648  C:\WINDOWS\system32\jsproxy.dll
2009-04-29 12:42:00 ------- 1830912  C:\WINDOWS\system32\inetcpl.cpl
2009-04-29 12:41:59 a------ 6066176  C:\WINDOWS\system32\ieframe.dll
2009-04-29 12:41:59 a------ 268288  C:\WINDOWS\system32\iertutil.dll
2009-04-29 12:41:59 ------- 44544  C:\WINDOWS\system32\iernonce.dll
2009-04-29 12:41:57 a------ 78336  C:\WINDOWS\system32\ieencode.dll
2009-04-29 12:41:57 ------- 385024  C:\WINDOWS\system32\iedkcs32.dll
2009-04-29 12:41:56 a------ 383488  C:\WINDOWS\system32\ieapfltr.dll
2009-04-29 12:41:56 ------- 230400  C:\WINDOWS\system32\ieaksie.dll
2009-04-29 12:41:56 ------- 153088  C:\WINDOWS\system32\ieakeng.dll
2009-04-29 12:41:55 a------ 63488  C:\WINDOWS\system32\icardie.dll
2009-04-29 12:41:55 ------- 133120  C:\WINDOWS\system32\extmgr.dll
2009-04-28 17:04:20 a------ 389120  C:\WINDOWS\system32\html.iec
2009-04-28 17:04:02 a------ 13824  C:\WINDOWS\system32\ieudinit.exe
2009-04-28 17:04:02 ------- 70656  C:\WINDOWS\system32\ie4uinit.exe
.
================================================================================
執行中的程序:

[PID: 896] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [RealNetworks, Inc.]
[PID: 8140] C:\WINDOWS\system32\wbem\wmiprvse.exe [Microsoft Corporation]
[PID: 728] C:\Program Files\QuickTime\qttask.exe [Apple Computer, Inc.]
[PID: 688] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [Hewlett-Packard]
[PID: 4596] C:\WINDOWS\system32\wbem\wmiprvse.exe [Microsoft Corporation]
[PID: 3768] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [Yahoo! Inc.]
[PID: 3724] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [Ulead Systems, Inc.]
[PID: 3656] C:\Program Files\CyberLink\Shared files\RichVideo.exe [N/A]
[PID: 3520] C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation]
[PID: 3468] C:\Program Files\Eset\nod32krn.exe [Eset ]
[PID: 3320] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [Microsoft Corporation]
[PID: 2792] C:\WINDOWS\System32\alg.exe [Microsoft Corporation]
[PID: 1928] C:\WINDOWS\system32\conime.exe [Microsoft Corporation]
[PID: 1640] c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [Logitech Inc.]
[PID: 1576] C:\WINDOWS\system32\spoolsv.exe [Microsoft Corporation]
[PID: 1420] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [Logitech]
[PID: 1384] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [Google Inc.]
[PID: 1344] C:\WINDOWS\system32\ctfmon.exe [Microsoft Corporation]
[PID: 1188] C:\Program Files\Eset\nod32kui.exe [Eset ]
[PID: 1176] C:\WINDOWS\system32\ElkCtrl.exe [Logitech Inc.]
[PID: 1168] C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe [N/A]
[PID: 1132] C:\Program Files\Logitech\Video\CameraAssistant.exe [Logitech Inc.]
[PID: 1124] C:\WINDOWS\system32\LVCOMSX.EXE [Logitech Inc.]
[PID: 1028] C:\WINDOWS\ALCWZRD.EXE [RealTek Semicoductor Corp.]
[PID: 1020] C:\WINDOWS\SOUNDMAN.EXE [Realtek Semiconductor Corp.]

系統執行程序中沒有檔案資訊的動態連結檔:

lsass.exe PID: (824)
=> C:\Program Files\Eset\pr_imon.dll

explorer.exe PID: (7136)
=> C:\Program Files\Eset\pr_imon.dll

svchost.exe PID: (1064)
=> C:\Program Files\Eset\pr_imon.dll

svchost.exe PID: (1220)
=> C:\Program Files\Eset\pr_imon.dll

svchost.exe PID: (1304)
=> C:\Program Files\Eset\pr_imon.dll

svchost.exe PID: (1428)
=> C:\Program Files\Eset\pr_imon.dll

svchost.exe PID: (3664)
=> C:\Program Files\Eset\pr_imon.dll

================================================================================

登錄值列表 *** 注意 : 部分正常值不會顯示 ***

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]
"foxy"="C:\Program Files\Foxy\Foxy.exe"  [File Not Found.]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"  [Google Inc.]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe"  [Microsoft Corporation]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe"  [Skype Technologies S.A.]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"  [Logitech]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"  [Yahoo! Inc.]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio 屬性頁捷徑"="C:\WINDOWS\system32\Hdaudpropshortcut.exe"  [Windows (R) Server 2003 DDK provider]
"NvCplDaemon"="C:\WINDOWS\system32\nvcpl.dll"  [NVIDIA Corporation]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"  [N/A]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"  [Hewlett-Packard]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe"  [Adobe Systems Incorporated]
"Flashget"="C:\Program Files\FlashGet\flashget.exe"  [FlashGet.com]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe"  [Apple Computer, Inc.]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE"  [Microsoft Corp.]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE"  [Microsoft Corp.]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  [RealNetworks, Inc.]
"High Definition Audio Property Page Shortcut"="C:\WINDOWS\system32\HdAShCut.exe"  [Windows (R) Server 2003 DDK provider]
"SoundMan"="C:\WINDOWS\SoundMan.exe"  [Realtek Semiconductor Corp.]
"AlcWzrd"="C:\WINDOWS\alcwzrd.exe"  [RealTek Semicoductor Corp.]
"Alcmtr"="C:\WINDOWS\Alcmtr.exe"  [Realtek Semiconductor Corp.]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"  [Logitech Inc.]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe"  [Logitech Inc.]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe"  [Logitech Inc.]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe"  [Logitech Inc.]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe"  [Eset ]
"UVS12 Preload"="C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe"  [Ulead Systems, Inc.]
"pdfFactory Pro 分派器 v3"="C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe"  [FinePrint Software, LLC]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" - 2006-10-18 21:47 133632 C:\WINDOWS\system32\WPDShServiceObj.dll

[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2009-03-14 06:18 908528 C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2009-03-14 06:18 165616 C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\CJIMETIPSYNC]
"command"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE"  [Microsoft Corp.]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\IMJPMIG8.1]
"command"="C:\WINDOWS\ime\IMJP8_1\imjpmig.exe"  [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\iTunesHelper]
"command"="C:\Program Files\iTunes\iTunesHelper.exe"  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\kava]
"command"="C:\WINDOWS\system32\kavo.exe"  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\NeroFilterCheck]
"command"="C:\WINDOWS\system32\NeroCheck.exe"  [Ahead Software Gmbh]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\NvMediaCenter]
"command"="C:\WINDOWS\system32\nvmctray.dll"  [NVIDIA Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\NVRTCLK]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\nwiz]
"command"="C:\WINDOWS\system32\nwiz.exe"  [NVIDIA Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\QuickTime Task]
"command"="C:\Program Files\QuickTime\qttask.exe"  [Apple Computer, Inc.]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\startupreg\SoundMan]
"command"="C:\WINDOWS\SoundMan.exe"  [Realtek Semiconductor Corp.]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Reader Speed Launch.lnk]
"command"="C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE"  [Adobe Systems Incorporated]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Reader Synchronizer.lnk]
"command"="C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE"  [Adobe Systems Incorporated]

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SHARED TOOLS\MSCONFIG\services]
iPodService=0x3

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
NoDriveTypeAutoRun=0x9d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
HonorAutoRunSetting=0x1

C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe  [ 2008-10-18 16:57:30 450560 ]

沒有數位簽章的系統檔案

2008-06-20 19:51 361600 C:\WINDOWS\system32\DRIVERS\TCPIP.SYS [Microsoft Corporation]

  --> 2006-04-20 20:18 360576 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys [Sigcheck failed.]
  --> 2007-10-31 00:53 360832 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [Sigcheck failed.]
  --> 2008-06-20 18:44 360960 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 19:51 361600 C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 19:59 361600 C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 18:45 360320 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [Sigcheck failed.]
  --> 2004-08-26 20:00 359040 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys [Sigcheck ok.]
  --> 2006-04-20 19:51 359808 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys [Sigcheck failed.]
  --> 2008-04-14 03:20 361344 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [Sigcheck ok.]
  --> 2007-10-31 01:20 360064 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys [Sigcheck failed.]
  --> 2008-04-14 03:20 361344 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 19:51 361600 C:\WINDOWS\system32\dllcache\tcpip.sys [Sigcheck ok.]
  --> 2008-06-20 19:51 361600 C:\WINDOWS\system32\drivers\tcpip.sys [Sigcheck failed.]

================================================================================

服務 \ 驅動 列表:
顯示方式 :  啟動狀態  服務名稱;顯示名稱;檔案名稱

S3  napagent;Network Access Protection Agent;C:\WINDOWS\System32\qagentrt.dll  [Microsoft Corporation]
S2  ProStorageDM;Protected Storage Driver Metd;C:\WINDOWS\System32\intersy.exe  [Microsoft Corporation]
R2  YahooAUService;Yahoo! Updater;C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe  [Yahoo! Inc.]
R2  AMON;AMON;C:\WINDOWS\system32\drivers\amon.sys  [Eset ]
S3  dump_wmimmc;dump_wmimmc;C:\Documents and Settings\All Users\Documents\歌詞\GameGuard\dump_wmimmc.sys  [File Not Found.]
S3  GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys  [N/A]
R3  LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys  [N/A]
R2  {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl  [Cyberlink Corp.]

================================================================================

[HKLM\System\CurrentControlSet\Services\FontCache3.0.0.0]
ImagePath = c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [Microsoft Corporation]

[HKLM\System\CurrentControlSet\Services\Lvckap]
ImagePath = C:\WINDOWS\system32\drivers\Lvckap.sys  [N/A]

[HKLM\System\CurrentControlSet\Services\lvmvdrv]
ImagePath = C:\WINDOWS\system32\drivers\lvmvdrv.sys  [N/A]

[HKLM\System\CurrentControlSet\Services\Tcpip]
ImagePath = C:\WINDOWS\system32\DRIVERS\tcpip.sys [Microsoft Corporation]

================================================================================
工作排程資料夾內的資料:

IE 首頁設定:

Internet Explorer Version: 7.0.5730.11
HKLM - Search Page = hxxp://tw.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://tw.search.yahoo.com
HKLM - Local Page = about:blank
HKLM - Start Page = hxxp://tw.yahoo.com
HKCU - Local Page = about:blank
HKCU - Search Page = hxxp://tw.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://tw.search.yahoo.com
HKCU - Start Page = hxxp://tw.yahoo.com
HKCU - Extra menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
HKCU - Extra menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
HKLM - Extensions: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
HKLM - Extensions: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

LSP: c:\windows\system32\imon.dll
DNS: {B11AEC51-3E24-4D1A-9AB0-B2C9E5B62804} - 168.95.192.1 168.95.1.1

================================================================================

Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.

================================================================================

A:   -Removable Disk-        No Assess
C:   -Local Disk-        Size: 66912616448  FreeSpace: 7612215296  NTFS
D:   -Compact Disc-        No Assess
E:   -Local Disk-        Size: 10476945408  FreeSpace: 6356221952  FAT32
F:   -Compact Disc-        No Assess
G:   -Local Disk-        Size: 30731026432  FreeSpace: 9481535488  FAT32
H:   -Local Disk-        Size: 30731026432  FreeSpace: 11029938176  FAT32
I:   -Removable Disk-        Size: 2052059136  FreeSpace: 616910848  FAT32
K:   -Removable Disk-        No Assess
L:   -Removable Disk-        No Assess
M:   -Removable Disk-        No Assess
N:   -Removable Disk-        No Assess
P:   -Local Disk-        Size: 249998278656  FreeSpace: 32114081792  FAT32

掃描結束時間: 2009-06-26  0:16:10.76[/code]

sylovanas 2009-6-26 01:13 AM

恩好了這樣應該就已經刪除了

再來是隨身碟內容看不到...看您要不要先到資料夾選項中將副檔名顯示和隱藏windows所知的系統檔案關閉
這樣看會不會正常出現.

hhd0907 2009-6-26 07:11 AM

已經解決了Kterne.exe惡毒程式

感謝樓上各位大大提供的方法
雖然資料夾內容可能遺失了(不過可以重存)
不過,終於解決了那條毒蟲
溫馨感謝的心情,真是一言難盡
仍還是一句謝謝您,各位大大們還有微風無私的奉獻|y40| |y38|
頁: [1]
查看完整版本: 隨身碟內容看不見