[code] efix 5.3 20100105.31 - 2010-01-08 16:01:10.76 - ntfs Windows Vista (TM) Home Basic Service Pack 2 - user 執行位置: C:\Users\user\Desktop\EF2010010531.exe 系統在 2010-01-08 15:58:31.236 重新啟動 * 已建立系統還原點. 提示: 未安裝安全性更新 KB971029 ================================================================================ 使用者帳戶列表: Administrator Guest user -- Current 自定義刪除腳本報告 MOVE FILE:: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ゐ雄 Internet Explorer 銡擬ん.lnk c:\Program Files\JlingK\DeskMate.exe c:\program files\jlingk\deskmate.exe RESET REG:: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MAIN [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MAIN] MOD REG:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://tw.yahoo.com/" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo!Mini"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "QvodPlayer"=- "袤醱藝趙凅"=- [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "袤醱藝趙凅"=- REBOOT:: ================================================================================ EF刪除的檔案列表: 沒有刪除任何檔案. ================================================================================ EF修改的登錄值列表: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://tw.yahoo.com/" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo!Mini"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "QvodPlayer"=- "袤醱藝趙凅"=- [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "袤醱藝趙凅"=- ================================================================================ 各磁碟根目錄含有隱藏屬性的資料夾和檔案 : 2008-08-09 07:41:32 . 2009-04-11 01:36:36 arhs--- 333257 C:\bootmgr 2008-08-09 07:41:32 . 2009-09-20 18:54:57 --hs--- C:\Boot 2006-11-02 07:59:44 . 2006-11-02 07:59:44 --hs--- C:\Documents and Settings 2009-03-01 10:22:07 . 2009-03-01 10:22:07 -rh---- C:\MSOCache 2006-11-02 06:18:33 . 2010-01-06 01:53:27 --h---- C:\ProgramData 2009-06-28 00:49:20 . 2009-06-28 00:50:32 --hs--- D:\GVODCache ********** Created 2009-12 -- 2010-01 Files: ********** 2010-01-08 15:58:29 . 2010-01-08 15:58:30 ------- C:\Windows\System32\ef_backup 2010-01-08 15:32:40 . 2010-01-08 15:32:41 ------- C:\ComboFix 2010-01-08 12:47:05 . 2010-01-08 12:47:05 ------- C:\Qoobox 2010-01-06 01:52:28 . 2010-01-06 01:52:28 ------- C:\Program Files\Common Files\Apple 2010-01-06 01:52:07 . 2010-01-06 01:52:10 ------- C:\Program Files\Apple Software Update 2009-12-21 02:01:29 . 2010-01-06 00:49:14 a------ 56816 C:\Windows\System32\drivers\avgntflt.sys 2009-12-21 02:01:29 . 2009-03-30 09:33:07 a------ 96104 C:\Windows\System32\drivers\avipbb.sys 2009-12-21 02:01:28 . 2009-05-11 09:12:24 a------ 28520 C:\Windows\System32\drivers\ssmdrv.sys 2009-12-21 02:01:22 . 2009-12-21 02:01:22 ------- C:\Program Files\Avira 2009-12-20 17:48:27 . 2009-12-20 17:48:27 ------- C:\Users\user\AppData\Roaming\Super Rabbit 2009-12-20 17:23:31 . 2009-12-20 17:23:31 ------- C:\Windows\Minidump 2009-12-20 17:19:16 . 2009-12-20 17:19:16 ------- C:\Windows\System32\driver 2009-12-20 17:12:03 . 2009-12-20 17:20:07 ------- C:\Users\user\AppData\Roaming\Kingsoft 2009-12-20 17:10:35 . 2009-12-20 17:10:35 ------- C:\Program Files\kingsoft 2009-12-20 14:11:26 . 2009-11-02 20:42:06 ------- 195456 C:\Windows\System32\MpSigStub.exe 2009-12-20 05:20:16 . 2009-12-20 05:20:16 -rhs--- C:\Windows\System32\Autorun.inf 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\tavo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\tavo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\tavo0.0ll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\tavo.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\taso1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\taso0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\taso.exe 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\taso.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\sysutils.exe 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\p3rlud.exe 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kxvo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kxvo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kxvo.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kavo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kavo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kavo0.0ll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kavo.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jwedsfdo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jwedsfdo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jvvo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jvvo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jvvo.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\bitkv1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\bitkv0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\amvo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\amvo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\afmain1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\afmain0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\afmain.exe 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\843wee1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\843wee0.dll 2009-12-20 05:20:15 . 2008-01-20 21:34:42 a------ 134656 C:\Windows\regedit2.com 2009-12-20 05:20:14 . 2008-01-20 21:33:22 a------ 318976 C:\Windows\System32\cmd.com 2009-12-19 03:55:56 . 2009-12-20 03:50:35 a------ 495652 C:\Windows\System32\syskbds.drv 2009-12-16 03:07:07 . 2008-12-11 08:38:22 a------ 159600 C:\Windows\System32\drivers\pctgntdi.sys 2009-12-16 03:06:59 . 2009-04-03 11:18:26 a------ 130936 C:\Windows\System32\drivers\PCTCore.sys 2009-12-16 03:06:59 . 2008-12-18 12:16:56 a------ 73840 C:\Windows\System32\drivers\PCTAppEvent.sys 2009-12-16 03:06:53 . 2008-12-10 11:36:04 a------ 64392 C:\Windows\System32\drivers\pctplsg.sys 2009-12-16 03:06:49 . 2009-12-16 03:06:49 ------- C:\Users\user\AppData\Roaming\PC Tools 2009-12-10 03:08:09 . 2009-12-10 03:08:09 --hs--- C:\Windows\System32\%APPDATA% 2009-12-09 21:22:02 . 2009-08-24 06:36:45 a------ 377344 C:\Windows\System32\winhttp.dll 2009-12-09 21:21:32 . 2009-11-21 01:35:43 a------ 5940736 C:\Windows\System32\mshtml.dll 2009-12-09 21:21:31 . 2009-11-21 01:34:39 a------ 1985536 C:\Windows\System32\iertutil.dll 2009-12-09 21:21:31 . 2009-11-21 01:34:38 a------ 11069952 C:\Windows\System32\ieframe.dll 2009-12-09 21:21:30 . 2009-11-21 01:40:20 a------ 916480 C:\Windows\System32\wininet.dll 2009-12-09 21:21:30 . 2009-11-21 01:40:03 a------ 1208832 C:\Windows\System32\urlmon.dll 2009-12-09 21:21:30 . 2009-11-21 01:38:17 a------ 206848 C:\Windows\System32\occache.dll 2009-12-09 21:21:30 . 2009-11-21 01:35:38 a------ 594432 C:\Windows\System32\msfeeds.dll 2009-12-09 21:21:30 . 2009-11-21 01:35:38 a------ 55296 C:\Windows\System32\msfeedsbs.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:58 a------ 25600 C:\Windows\System32\jsproxy.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:39 a------ 71680 C:\Windows\System32\iesetup.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:39 a------ 164352 C:\Windows\System32\ieui.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:39 a------ 109056 C:\Windows\System32\iesysprep.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:38 a------ 55808 C:\Windows\System32\iernonce.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:38 a------ 184320 C:\Windows\System32\iepeers.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:33 a------ 387584 C:\Windows\System32\iedkcs32.dll 2009-12-09 21:21:30 . 2009-11-20 23:59:58 a------ 133632 C:\Windows\System32\ieUnatt.exe 2009-12-09 21:21:30 . 2009-11-20 23:59:52 a------ 173056 C:\Windows\System32\ie4uinit.exe 2009-12-09 21:21:30 . 2009-11-20 23:59:14 a------ 13312 C:\Windows\System32\msfeedssync.exe 2009-12-09 21:21:04 . 2009-11-03 16:42:10 a------ 30720 C:\Windows\System32\httpapi.dll 2009-12-09 21:21:04 . 2009-11-03 14:41:44 a------ 411648 C:\Windows\System32\drivers\http.sys 2009-12-09 21:21:03 . 2009-11-03 16:43:29 a------ 24064 C:\Windows\System32\nshhttp.dll 2009-12-09 21:20:15 . 2009-10-07 06:36:36 a------ 243712 C:\Windows\System32\rastls.dll 2009-12-09 03:22:50 . 2009-12-09 03:22:50 ------- C:\Users\user\AppData\Roaming\YoudaGames 2009-12-09 03:21:45 . 2009-12-15 23:10:28 ------- C:\Program Files\Oberon Media 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\tavo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\kxvo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\kavo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\jvvo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\j3ewro.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\amvo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\xvassdf.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\weidfsg.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\urretnd.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\uret463.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\ubs.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\rttrwq.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\olhrwef.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\kacsde.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\ierdfgh.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\huwesa.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\helpme.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\ff.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\cvsdfw.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\abs.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\a.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\tt.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\System32\revo.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\System32\ebs.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\rrd.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\rd.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\mg.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\ddr.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\2.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\1.exe 2009-12-08 12:15:30 . 2009-12-16 03:07:18 ------- C:\Program Files\Common Files\PC Tools . ********** Modified 2009-11 -- 2010-01 files: ********** 2010-01-08 15:58:29 . 2010-01-08 15:58:30 ------- C:\Windows\System32\ef_backup 2010-01-08 15:32:40 . 2010-01-08 15:32:41 ------- C:\ComboFix 2010-01-08 12:47:05 . 2010-01-08 12:47:05 ------- C:\Qoobox 2010-01-06 01:52:28 . 2010-01-06 01:52:28 ------- C:\Program Files\Common Files\Apple 2010-01-06 01:52:07 . 2010-01-06 01:52:10 ------- C:\Program Files\Apple Software Update 2009-12-21 02:01:29 . 2010-01-06 00:49:14 a------ 56816 C:\Windows\System32\drivers\avgntflt.sys 2009-12-21 02:01:22 . 2009-12-21 02:01:22 ------- C:\Program Files\Avira 2009-12-20 17:48:27 . 2009-12-20 17:48:27 ------- C:\Users\user\AppData\Roaming\Super Rabbit 2009-12-20 17:23:31 . 2009-12-20 17:23:31 ------- C:\Windows\Minidump 2009-12-20 17:19:16 . 2009-12-20 17:19:16 ------- C:\Windows\System32\driver 2009-12-20 17:12:03 . 2009-12-20 17:20:07 ------- C:\Users\user\AppData\Roaming\Kingsoft 2009-12-20 17:10:35 . 2009-12-20 17:10:35 ------- C:\Program Files\kingsoft 2009-12-20 05:20:16 . 2009-12-20 05:20:16 -rhs--- C:\Windows\System32\Autorun.inf 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\tavo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\tavo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\tavo0.0ll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\tavo.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\taso1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\taso0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\taso.exe 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\taso.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\sysutils.exe 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\p3rlud.exe 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kxvo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kxvo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kxvo.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kavo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kavo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kavo0.0ll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\kavo.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jwedsfdo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jwedsfdo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jvvo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jvvo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\jvvo.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\bitkv1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\bitkv0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\amvo1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\amvo0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\afmain1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\afmain0.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\afmain.exe 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\843wee1.dll 2009-12-20 05:20:15 . 2009-12-20 05:20:15 -rhs--- C:\Windows\System32\843wee0.dll 2009-12-19 03:55:56 . 2009-12-20 03:50:35 a------ 495652 C:\Windows\System32\syskbds.drv 2009-12-16 03:06:49 . 2009-12-16 03:06:49 ------- C:\Users\user\AppData\Roaming\PC Tools 2009-12-10 03:08:09 . 2009-12-10 03:08:09 --hs--- C:\Windows\System32\%APPDATA% 2009-12-09 21:21:32 . 2009-11-21 01:35:43 a------ 5940736 C:\Windows\System32\mshtml.dll 2009-12-09 21:21:31 . 2009-11-21 01:34:39 a------ 1985536 C:\Windows\System32\iertutil.dll 2009-12-09 21:21:31 . 2009-11-21 01:34:38 a------ 11069952 C:\Windows\System32\ieframe.dll 2009-12-09 21:21:30 . 2009-11-21 01:40:20 a------ 916480 C:\Windows\System32\wininet.dll 2009-12-09 21:21:30 . 2009-11-21 01:40:03 a------ 1208832 C:\Windows\System32\urlmon.dll 2009-12-09 21:21:30 . 2009-11-21 01:38:17 a------ 206848 C:\Windows\System32\occache.dll 2009-12-09 21:21:30 . 2009-11-21 01:35:38 a------ 594432 C:\Windows\System32\msfeeds.dll 2009-12-09 21:21:30 . 2009-11-21 01:35:38 a------ 55296 C:\Windows\System32\msfeedsbs.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:58 a------ 25600 C:\Windows\System32\jsproxy.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:39 a------ 71680 C:\Windows\System32\iesetup.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:39 a------ 164352 C:\Windows\System32\ieui.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:39 a------ 109056 C:\Windows\System32\iesysprep.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:38 a------ 55808 C:\Windows\System32\iernonce.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:38 a------ 184320 C:\Windows\System32\iepeers.dll 2009-12-09 21:21:30 . 2009-11-21 01:34:33 a------ 387584 C:\Windows\System32\iedkcs32.dll 2009-12-09 21:21:30 . 2009-11-20 23:59:58 a------ 133632 C:\Windows\System32\ieUnatt.exe 2009-12-09 21:21:30 . 2009-11-20 23:59:52 a------ 173056 C:\Windows\System32\ie4uinit.exe 2009-12-09 21:21:30 . 2009-11-20 23:59:14 a------ 13312 C:\Windows\System32\msfeedssync.exe 2009-12-09 03:22:50 . 2009-12-09 03:22:50 ------- C:\Users\user\AppData\Roaming\YoudaGames 2009-12-09 03:21:45 . 2009-12-15 23:10:28 ------- C:\Program Files\Oberon Media 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\tavo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\kxvo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\kavo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\jvvo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\j3ewro.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 -rhs--- C:\Windows\System32\amvo.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\xvassdf.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\weidfsg.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\urretnd.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\uret463.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\ubs.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\rttrwq.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\olhrwef.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\kacsde.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\ierdfgh.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\huwesa.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\helpme.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\ff.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\cvsdfw.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\abs.exe 2009-12-08 21:08:43 . 2009-12-20 05:31:54 ------- C:\Windows\System32\a.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\tt.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\System32\revo.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\System32\ebs.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\rrd.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\rd.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\mg.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\ddr.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\2.exe 2009-12-08 21:08:43 . 2009-12-08 21:08:43 ------- C:\Windows\1.exe 2009-12-08 12:15:30 . 2009-12-16 03:07:18 ------- C:\Program Files\Common Files\PC Tools 2009-11-17 02:11:32 . 2009-11-17 02:11:32 ------- C:\Program Files\Windows Portable Devices 2009-10-07 22:57:45 . 2010-01-07 22:13:02 ------- C:\Program Files\Mozilla Firefox 2009-09-14 02:12:52 . 2009-12-15 19:49:28 a------ 10 C:\Windows\popcinfo.dat 2009-07-20 07:23:28 . 2010-01-08 13:02:35 a------ 12 C:\Windows\bthservsdp.dat 2009-05-23 12:24:51 . 2009-12-09 04:05:24 ------- C:\cycgame 2009-05-17 09:23:12 . 2010-01-08 16:01:59 ------- C:\Users\user\AppData\Roaming\Skype 2009-04-23 03:50:37 . 2010-01-07 21:53:56 ------- C:\Users\user\AppData\Roaming\PPStream 2009-03-01 10:25:37 . 2009-12-20 05:20:16 ------- C:\Windows\SHELLNEW 2009-02-27 12:04:06 . 2010-01-06 01:54:48 ------- C:\Program Files\QuickTime 2009-02-19 09:58:38 . 2009-12-20 04:08:51 --hs--- C:\Users\user\AppData\Roaming\.# 2009-02-16 10:10:52 . 2010-01-08 16:01:13 ------- C:\Users\user\Tracing 2009-02-12 06:36:34 . 2010-01-08 15:54:02 -r----- C:\Users\user\Downloads 2009-02-12 06:36:34 . 2010-01-08 15:54:02 -r----- C:\Users\user\Desktop 2009-02-12 06:36:34 . 2009-12-20 18:49:20 ---s--- C:\Users\user\AppData\Roaming\Microsoft 2009-02-12 06:36:34 . 2009-12-13 22:20:46 -r----- C:\Users\user\Documents 2009-02-12 06:36:33 . 2010-01-08 16:01:54 a-hs--- 6291456 C:\Users\user\ntuser.dat 2009-02-12 06:36:33 . 2010-01-07 02:18:02 -r----- C:\Users\user\Favorites 2009-02-12 06:36:33 . 2009-12-14 01:05:39 -r----- C:\Users\user\Music 2009-02-12 06:36:33 . 2009-12-13 03:08:05 -r----- C:\Users\user\Saved Games 2009-02-12 06:36:33 . 2009-12-02 18:50:37 -r----- C:\Users\user\Pictures 2008-08-08 16:37:14 . 2009-12-15 19:51:09 ------- C:\Program Files\Common Files\Oberon Media 2008-08-08 16:37:13 . 2009-12-15 23:10:28 ------- C:\Program Files\Acer GameZone 2008-08-08 16:25:31 . 2010-01-06 09:57:49 ------- C:\Program Files\McAfee 2008-08-08 16:17:57 . 2009-12-09 00:08:22 --h---- C:\Program Files\InstallShield Installation Information 2008-08-08 15:47:45 . 2010-01-06 01:55:10 --hs--- C:\Windows\Installer 2008-08-08 15:42:21 . 2010-01-08 12:43:58 ------- C:\Windows\Prefetch 2008-01-21 00:41:40 . 2009-12-21 00:30:57 a------ 331226 C:\Windows\System32\prfh0404.dat 2008-01-21 00:41:40 . 2009-12-21 00:30:57 a------ 101932 C:\Windows\System32\prfc0404.dat 2008-01-21 00:41:01 . 2009-12-10 03:47:41 ------- C:\Windows\System32\drivers\zh-TW 2007-07-11 20:51:11 . 2010-01-08 15:59:35 ------- C:\Windows\System32 2007-07-11 20:48:01 . 2010-01-08 15:55:41 ------- C:\Windows 2006-11-02 07:53:49 . 2010-01-08 15:59:26 a--s--- 67584 C:\Windows\bootstat.dat 2006-11-02 07:44:53 . 2009-11-11 13:31:11 a------ 381632 C:\Windows\System32\FNTCACHE.DAT 2006-11-02 06:18:44 . 2010-01-08 16:01:04 ------- C:\Windows\Temp 2006-11-02 06:18:44 . 2010-01-06 01:52:56 ------- C:\Windows\winsxs 2006-11-02 06:18:44 . 2009-12-21 01:54:13 ------- C:\Windows\Tasks 2006-11-02 06:18:44 . 2009-12-20 03:50:26 ------- C:\Windows\Web 2006-11-02 06:18:43 . 2010-01-06 01:52:14 ------- C:\Windows\System32\Tasks 2006-11-02 06:18:43 . 2009-12-16 02:47:48 ------- C:\Windows\System32\WDI 2006-11-02 06:18:43 . 2009-12-10 03:47:45 ------- C:\Windows\System32\migration 2006-11-02 06:18:43 . 2009-12-10 03:47:41 ------- C:\Windows\System32\zh-TW 2006-11-02 06:18:43 . 2009-11-17 02:11:31 ------- C:\Windows\System32\wbem 2006-11-02 06:18:43 . 2009-11-17 02:11:29 ------- C:\Windows\System32\uk-UA 2006-11-02 06:18:43 . 2009-11-17 02:11:29 ------- C:\Windows\System32\pt-PT 2006-11-02 06:18:43 . 2009-11-17 02:11:29 ------- C:\Windows\System32\pt-BR 2006-11-02 06:18:43 . 2009-11-17 02:11:29 ------- C:\Windows\System32\pl-PL 2006-11-02 06:18:43 . 2009-11-17 02:11:29 ------- C:\Windows\System32\ko-KR 2006-11-02 06:18:43 . 2009-11-17 02:11:28 ------- C:\Windows\System32\zh-HK 2006-11-02 06:18:43 . 2009-11-17 02:11:28 ------- C:\Windows\System32\tr-TR 2006-11-02 06:18:43 . 2009-11-17 02:11:28 ------- C:\Windows\System32\th-TH 2006-11-02 06:18:43 . 2009-11-17 02:11:28 ------- C:\Windows\System32\sv-SE 2006-11-02 06:18:43 . 2009-11-17 02:11:28 ------- C:\Windows\System32\sr-Latn-CS 2006-11-02 06:18:43 . 2009-11-17 02:11:28 ------- C:\Windows\System32\sl-SI 2006-11-02 06:18:43 . 2009-11-17 02:11:28 ------- C:\Windows\System32\nl-NL 2006-11-02 06:18:43 . 2009-11-17 02:11:27 ------- C:\Windows\System32\zh-CN 2006-11-02 06:18:43 . 2009-11-17 02:11:27 ------- C:\Windows\System32\sk-SK 2006-11-02 06:18:43 . 2009-11-17 02:11:27 ------- C:\Windows\System32\ru-RU 2006-11-02 06:18:43 . 2009-11-17 02:11:27 ------- C:\Windows\System32\ro-RO 2006-11-02 06:18:43 . 2009-11-17 02:11:27 ------- C:\Windows\System32\nb-NO 2006-11-02 06:18:43 . 2009-11-17 02:11:27 ------- C:\Windows\System32\lv-LV 2006-11-02 06:18:43 . 2009-11-17 02:11:27 ------- C:\Windows\System32\lt-LT 2006-11-02 06:18:42 . 2009-12-10 03:47:41 ------- C:\Windows\System32\en-US 2006-11-02 06:18:42 . 2009-11-17 02:11:29 ------- C:\Windows\System32\it-IT 2006-11-02 06:18:42 . 2009-11-17 02:11:29 ------- C:\Windows\System32\he-IL 2006-11-02 06:18:42 . 2009-11-17 02:11:28 ------- C:\Windows\System32\hu-HU 2006-11-02 06:18:42 . 2009-11-17 02:11:28 ------- C:\Windows\System32\hr-HR 2006-11-02 06:18:42 . 2009-11-17 02:11:28 ------- C:\Windows\System32\fr-FR 2006-11-02 06:18:42 . 2009-11-17 02:11:28 ------- C:\Windows\System32\fi-FI 2006-11-02 06:18:42 . 2009-11-17 02:11:28 ------- C:\Windows\System32\el-GR 2006-11-02 06:18:42 . 2009-11-17 02:11:27 ------- C:\Windows\System32\ja-JP 2006-11-02 06:18:42 . 2009-11-17 02:11:27 ------- C:\Windows\System32\et-EE 2006-11-02 06:18:42 . 2009-11-17 02:11:27 ------- C:\Windows\System32\es-ES 2006-11-02 06:18:36 . 2010-01-08 12:16:02 ------- C:\Windows\System32\drivers 2006-11-02 06:18:36 . 2009-12-20 05:37:51 ------- C:\Windows\System32\catroot2 2006-11-02 06:18:36 . 2009-12-10 19:29:09 ------- C:\Windows\rescache 2006-11-02 06:18:36 . 2009-12-10 12:25:16 ------- C:\Windows\System32\catroot 2006-11-02 06:18:36 . 2009-12-09 01:05:11 ------- C:\Windows\System32\drivers\etc 2006-11-02 06:18:36 . 2009-11-17 02:12:33 ------- C:\Windows\System32\drivers\UMDF 2006-11-02 06:18:36 . 2009-11-17 02:11:29 ------- C:\Windows\System32\bg-BG 2006-11-02 06:18:36 . 2009-11-17 02:11:27 ------- C:\Windows\System32\de-DE 2006-11-02 06:18:36 . 2009-11-17 02:11:27 ------- C:\Windows\System32\da-DK 2006-11-02 06:18:36 . 2009-11-17 02:11:27 ------- C:\Windows\System32\cs-CZ 2006-11-02 06:18:36 . 2009-11-17 02:11:27 ------- C:\Windows\System32\ar-SA 2006-11-02 06:18:35 . 2009-12-20 04:16:50 ------- C:\Windows\Logs 2006-11-02 06:18:34 . 2010-01-07 02:22:07 ---s--- C:\Windows\Downloaded Program Files 2006-11-02 06:18:34 . 2009-12-21 03:47:18 ------- C:\Windows\inf 2006-11-02 06:18:34 . 2009-12-21 01:53:18 -r-s--- C:\Windows\assembly 2006-11-02 06:18:34 . 2009-12-20 18:49:19 ------- C:\Windows\AppPatch 2006-11-02 06:18:33 . 2010-01-07 21:32:51 -r----- C:\Program Files 2006-11-02 06:18:33 . 2010-01-06 01:54:50 ------- C:\Program Files\Internet Explorer 2006-11-02 06:18:33 . 2010-01-06 01:53:27 --h---- C:\ProgramData 2006-11-02 06:18:33 . 2010-01-06 01:52:28 ------- C:\Program Files\Common Files 2006-11-02 06:18:33 . 2009-12-20 05:35:09 -r----- C:\Users 2006-11-02 06:18:33 . 2009-12-10 03:47:41 ------- C:\Program Files\Windows Mail 2006-11-02 05:33:01 . 2009-12-21 00:30:57 a------ 590082 C:\Windows\System32\perfh009.dat 2006-11-02 05:33:01 . 2009-12-21 00:30:57 a------ 102094 C:\Windows\System32\perfc009.dat 2006-11-02 05:24:01 . 2009-12-01 15:06:19 a------ 25966024 C:\Windows\System32\mrt.exe . ================================================================================ 執行中的程序: [PID: 596] C:\Windows\system32\wininit.exe [ Microsoft Corporation] [PID: 652] C:\Windows\system32\lsm.exe [ Microsoft Corporation] [PID: 1048] C:\Windows\system32\Ati2evxx.exe [ ATI Technologies Inc.] [PID: 1268] C:\Windows\system32\SLsvc.exe [ Microsoft Corporation] [PID: 1600] C:\Windows\system32\Ati2evxx.exe [ ATI Technologies Inc.] [PID: 1768] C:\Windows\System32\spoolsv.exe [ Microsoft Corporation] [PID: 1816] C:\Program Files\Avira\AntiVir Desktop\sched.exe [ Avira GmbH] [PID: 1908] C:\Windows\system32\Dwm.exe [ Microsoft Corporation] [PID: 2032] C:\Windows\system32\taskeng.exe [ Microsoft Corporation] [PID: 468] C:\Windows\system32\agrsmsvc.exe [ Agere Systems] [PID: 488] C:\Program Files\Avira\AntiVir Desktop\avguard.exe [ Avira GmbH] [PID: 776] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [ NewTech Infosystems, Inc.] [PID: 1124] C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [ ] [PID: 1644] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [ Egis Incorporated] [PID: 2016] C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [ N/A] [PID: 2072] C:\Windows\system32\taskeng.exe [ Microsoft Corporation] [PID: 2236] C:\Program Files\Common Files\LightScribe\LSSrvc.exe [ Hewlett-Packard Company] [PID: 2248] C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [ McAfee, Inc.] [PID: 2296] c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [ McAfee, Inc.] [PID: 2320] C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [ McAfee, Inc.] [PID: 2344] C:\Windows\system32\rundll32.exe [ Microsoft Corporation] [PID: 2396] C:\Acer\Mobility Center\MobilityService.exe [ N/A] [PID: 2572] C:\Program Files\McAfee\MPF\MPFSrv.exe [ McAfee, Inc.] [PID: 2624] C:\Program Files\McAfee\MSK\MskSrver.exe [ McAfee, Inc.] [PID: 2652] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [ NewTech InfoSystems, Inc.] [PID: 2752] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [ N/A] [PID: 2812] C:\Program Files\Cyberlink\Shared files\RichVideo.exe [ ] [PID: 3024] C:\Windows\system32\SearchIndexer.exe [ Microsoft Corporation] [PID: 3868] C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [ McAfee, Inc.] [PID: 3948] C:\Windows\system32\wbem\unsecapp.exe [ Microsoft Corporation] [PID: 3956] C:\Windows\system32\wbem\wmiprvse.exe [ Microsoft Corporation] [PID: 2780] C:\Windows\system32\conime.exe [ Microsoft Corporation] [PID: 1240] c:\PROGRA~1\mcafee.com\agent\mcagent.exe [ McAfee, Inc.] [PID: 1076] C:\Windows\system32\wbem\wmiprvse.exe [ Microsoft Corporation] [PID: 3972] C:\Program Files\Windows Defender\MSASCui.exe [ Microsoft Corporation] [PID: 3980] C:\Windows\RtHDVCpl.exe [ Realtek Semiconductor] [PID: 3596] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [ Acer Inc.] [PID: 3632] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [ Egis Incorporated] [PID: 4092] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [ N/A] [PID: 1876] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [ Advanced Micro Devices Inc.] [PID: 4052] C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe [ Realtek Semiconductor Corp.] [PID: 4120] C:\Windows\system32\wbem\unsecapp.exe [ Microsoft Corporation] [PID: 4260] C:\Program Files\Launch Manager\LManager.exe [ Dritek System Inc.] [PID: 4292] C:\Program Files\Apoint2K\Apoint.exe [ Alps Electric Co., Ltd.] [PID: 4304] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [ CyberLink Corp.] [PID: 4320] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [ ATI Technologies Inc.] [PID: 4336] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [ CyberLink] [PID: 4380] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [ Acer Corp.] [PID: 4420] D:\Unlocker\UnlockerAssistant.exe [ N/A] [PID: 4440] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [ Avira GmbH] [PID: 4544] C:\Program Files\Windows Sidebar\sidebar.exe [ Microsoft Corporation] [PID: 4588] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ Microsoft Corporation] [PID: 4712] C:\Program Files\Apoint2K\ApMsgFwd.exe [ Alps Electric Co., Ltd.] [PID: 4760] C:\Users\user\Desktop\Skype.exe [ Skype Technologies S.A.] [PID: 4832] C:\Program Files\Acer\Acer VCM\AcerVCM.exe [ Acer Inc.] [PID: 4840] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [ Broadcom Corporation.] [PID: 4872] C:\Program Files\Apoint2K\Apntex.exe [ Alps Electric Co., Ltd.] [PID: 5128] C:\Program Files\Windows Media Player\wmpnscfg.exe [ Microsoft Corporation] [PID: 5196] C:\Program Files\Windows Media Player\wmpnetwk.exe [ Microsoft Corporation] [PID: 5576] C:\Windows\system32\wbem\wmiprvse.exe [ Microsoft Corporation] [PID: 4584] C:\Windows\system32\SearchProtocolHost.exe [ Microsoft Corporation] [PID: 4684] C:\Windows\system32\SearchFilterHost.exe [ Microsoft Corporation] [PID: 2584] C:\Program Files\Acer\Acer VCM\acp2HID.exe [ Acer Inc.] [PID: 4036] C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [ McAfee, Inc.] [PID: 5248] C:\Program Files\Windows Live\Contacts\wlcomm.exe [ Microsoft Corporation] [PID: 3476] c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [ McAfee, Inc.] 系統執行程序中沒有檔案資訊的動態連結檔: 'Dwm.exe'(1908) => D:\Unlocker\UnlockerHook.dll 'Explorer.EXE'(1980) => D:\Unlocker\UnlockerHook.dll 'LSSrvc.exe'(2236) => C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1.4.142.1 => C:\Program Files\Common Files\LightScribe\LSSProxy.dll 1.4.142.1 => C:\Program Files\Common Files\LightScribe\LSLog.dll 1.4.142.1 'MSASCui.exe'(3972) => D:\Unlocker\UnlockerHook.dll 'Apoint.exe'(4292) => D:\Unlocker\UnlockerHook.dll 'ArcadeDeluxeAgent.exe'(4304) => D:\Unlocker\UnlockerHook.dll 'CCC.exe'(4320) => D:\Unlocker\UnlockerHook.dll => C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 1.0.0.0 => C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll 1.0.0.0 => C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll 1.0.0.0 'CLMLSvc.exe'(4336) => D:\Unlocker\UnlockerHook.dll 'PMVService.exe'(4380) => D:\Unlocker\UnlockerHook.dll 'UnlockerAssistant.exe'(4420) => D:\Unlocker\UnlockerAssistant.exe => D:\Unlocker\UnlockerHook.dll 'avgnt.exe'(4440) => D:\Unlocker\UnlockerHook.dll 'sidebar.exe'(4544) => D:\Unlocker\UnlockerHook.dll 'msnmsgr.exe'(4588) => D:\Unlocker\UnlockerHook.dll 'Skype.exe'(4760) => D:\Unlocker\UnlockerHook.dll 'TeaTimer.exe'(4796) => D:\Unlocker\UnlockerHook.dll 'AcerVCM.exe'(4832) => D:\Unlocker\UnlockerHook.dll => C:\Program Files\Acer\Acer VCM\Interop.SKYPEAPILib.dll 1.0.0.0 => C:\Program Files\Acer\Acer VCM\Interop.AcerBlueToothAPILib.dll 1.0.0.0 'BTTray.exe'(4840) => D:\Unlocker\UnlockerHook.dll 'Apntex.exe'(4872) => D:\Unlocker\UnlockerHook.dll 'wmpnscfg.exe'(5128) => D:\Unlocker\UnlockerHook.dll 'acp2HID.exe'(2584) => D:\Unlocker\UnlockerHook.dll 'wlcomm.exe'(5248) => D:\Unlocker\UnlockerHook.dll ================================================================================ 登錄值列表 *** 注意 : 部分正常值不會顯示 *** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [Microsoft Corporation] "DAEMON Tools Lite"="D:\DemonTools\DAEMON Tools Lite\daemon.exe" [File Not Found.] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Microsoft Corporation] "Skype"="C:\Users\user\Desktop\Skype.exe" [Skype Technologies S.A.] "Weather"="D:\Weather\WeatherBug\Weather.exe" [File Not Found.] "SpybotSD TeaTimer"="D:\Spybot - Search & Destroy\TeaTimer.exe" [Safer-Networking Ltd.] "金山清理?家??保?"="D:\Kingsoft Antispy\monitor\kastray.exe" [File Not Found.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [Microsoft Corporation] "RtHDVCpl"="C:\Windows\RtHDVCpl.exe" [Realtek Semiconductor] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [McAfee, Inc.] "ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [Acer Inc.] "eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe" [Egis Incorporated] "BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [N/A] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" [Adobe Systems Incorporated] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [Advanced Micro Devices, Inc.] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [Dritek System Inc.] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [Alps Electric Co., Ltd.] "eRecoveryService"="" [File Not Found.] "ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [CyberLink Corp.] "CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [CyberLink] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [Acer Corp.] "UnlockerAssistant"="D:\Unlocker\UnlockerAssistant.exe" [N/A] "TempRemove"="d:\CB Predictor\terminator.exe" [File Not Found.] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [Avira GmbH] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [Apple Inc.] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [Microsoft Corporation] "WindowsWelcomeCenter"="C:\Windows\System32\oobefldr.dll" [Microsoft Corporation] [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [Microsoft Corporation] "WindowsWelcomeCenter"="C:\Windows\System32\oobefldr.dll" [Microsoft Corporation] [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 10:08 62080 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] 2009-07-08 13:48 246800 c:\PROGRA~1\McAfee\MSK\mskapbho.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2009-01-26 15:31 1879896 D:\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}] 2009-01-14 10:31 58968 D:\eRead\eREAD\WebHook.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] 2009-09-16 09:22 62784 C:\Program Files\McAfee\VirusScan\scriptsn.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] 2008-05-14 04:04 312880 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] 2009-11-23 10:26 204048 c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{D963BE1A-6B35-47DB-B002-49FAE71D85CC}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoUserNameStartMenu=0x0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] NoUserNameStartMenu=0x0 [hku\.default\software\microsoft\windows\currentversion\policies\explorer] NoDriveTypeAutoRun=0xff C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk => C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk hxxp://www.go2000.cn/?1 C:\Users\user\Desktop\Acer GameZone Console.lnk => C:\Users\user\Desktop\Acer GameZone Console.lnk C:\Users\user\Desktop\Cyberlink PowerDirector.lnk => C:\Users\user\Desktop\Cyberlink PowerDirector.lnk C:\Users\user\Desktop\CYC遊戲啟動程式.lnk => C:\Users\user\Desktop\CYC遊戲啟動程式.lnk C:\Users\user\Desktop\eREAD8.0.lnk => C:\Users\user\Desktop\eREAD8.0.lnk C:\Users\user\Desktop\Mozilla Firefox.lnk => C:\Users\user\Desktop\Mozilla Firefox.lnk C:\Users\user\Desktop\MS60.exe.lnk => C:\Users\user\Desktop\MS60.exe.lnk C:\Users\user\Desktop\PPStream.lnk => C:\Users\user\Desktop\PPStream.lnk C:\Users\user\Desktop\Spybot - Search & Destroy.lnk => C:\Users\user\Desktop\Spybot - Search & Destroy.lnk C:\Users\user\Desktop\Spyware Doctor.lnk => C:\Users\user\Desktop\Spyware Doctor.lnk C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk => C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk => C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk /prefetch:1 c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\ PPS.lnk - D:\PPStream\PPStream.exe [ 2009-11-27 03:35:56 2540424 ] c:\programdata\microsoft\windows\start menu\programs\startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [ 2007-11-13 20:41:38 1216512 ] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [ 2008-04-22 22:22:38 727592 ] Rename operations pending: 001; C:\msimg32.dll ;DELETE; 002; C:\msimg32.dll ;DELETE; 003; C:\msimg32.dll ;DELETE; 004; C:\msimg32.dll ;DELETE; 005; C:\msimg32.dll ;DELETE; "C:\Windows\system32\ipfltdrv.sys" not found. "C:\Windows\system32\appmgmts.dll" not found. ================================================================================ 服務 \ 驅動 列表: 顯示方式 : 啟動狀態 服務名稱;顯示名稱;檔案名稱 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [Avira GmbH] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [NewTech Infosystems, Inc.] S2 DNS Event Log DHCP Client;DNS Event Log DHCP Client;C:\Windows\system32\clsdsy.exe runsrv [File Not Found.] R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [N/A] S3 FontCache;Windows Font Cache Service;C:\Windows\system32\FntCache.dll [Microsoft Corporation] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe -p [File Not Found.] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [NewTech InfoSystems, Inc.] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [N/A] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [Atheros Communications, Inc.] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [ATI Technologies Inc.] S3 btwaudio;藍芽音效裝置;C:\Windows\system32\drivers\btwaudio.sys [Broadcom Corporation.] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [Broadcom Corporation.] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [Broadcom Corporation.] R3 DKbFltr;Dritek Keyboard Filter Driver;C:\Windows\system32\DRIVERS\DKbFltr.sys [Dritek System Inc.] R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [Dritek System Inc.] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [Microsoft Corporation] S3 exfat;exFAT File System Driver;C:\Windows\system32\drivers\exfat.sys [Microsoft Corporation] R2 int15;int15;C:\Windows\system32\drivers\int15.sys [Acer, Inc.] R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [JMicron Technology Corp.] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [LSI Corporation, Inc.] R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [Cyberlink Corp.] R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore.sys [PC Tools] R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [Egis Incorporated] R2 PSDNServ;PSDNServ;C:\Windows\system32\DRIVERS\PSDNServ.sys [Egis Incorporated] R2 psdvdisk;PSDVdisk;C:\Windows\system32\DRIVERS\PSDVdisk.sys [Egis Incorporated] S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [Realtek Corporation ] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys [Realtek Semiconductor Corporation ] R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [NewTech Infosystems Corporation] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [Cyberlink Corp.] ================================================================================ IPFltN;C:\Users\user\Desktop\negies157\negies\IPFltN.sys ================================================================================ 工作排程資料夾內的資料: 2009-12-15 C:\Windows\TASKS\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-09-25 11:22 223760] 2009-12-01 C:\Windows\TASKS\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-09-25 11:22 223760] IE 首頁設定: Internet Explorer Version: 8.0.6001.18865 HKLM - Local Page = hxxp://www.haokan123.com/ HKLM - Start Page = about:blank HKCU - Local Page = hxxp://www.gotoya.com HKCU - Start Page = hxxp://www.go2000.cn/?1 HKLM - Extensions: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm HKLM - Extensions: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll HKLM - Extensions: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll LSP: c:\windows\system32\wshbth.dll ================================================================================ Win32/Conficker worm has not been found active in the memory. Do you want to perform scanning and cleaning anyway? (y/n) Nothing was found. Checking for Win32/Conficker.AA files: Nothing was found. ================================================================================ C: -Local Disk- Size: 119659294720 FreeSpace: 88791199744 NTFS D: -Local Disk- Size: 119656148992 FreeSpace: 115561066496 NTFS E: -Compact Disc- No Assess 掃描結束時間: 2010-01-08 16:03:49.90 [/CODE]