[code] OTScanIt logfile created on: 2008/4/13 下午 02:33:31 OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Documents and Settings\Allen\桌面\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000404 | Country: 台灣 | Language: CHT | Date Format: yyyy/M/d 1023.23 Mb Total Physical Memory | 560.74 Mb Available Physical Memory | 54.80% Memory free 1.66 Gb Paging File | 1.25 Gb Available in Paging File | 75.39% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.55 Gb Total Space | 44.46 Gb Free Space | 59.64% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 186.30 Gb Total Space | 38.52 Gb Free Space | 20.67% Space Free | Partition Type: NTFS Drive F: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-E138075F18 Current User Name: Allen Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2006/2/21 下午 08:39:16 | Attr = ] lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 2003/8/19 上午 12:37:10 | Attr = ] lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 2003/8/19 上午 12:32:56 | Attr = ] avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 2008/3/11 下午 05:33:08 | Attr = ] sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 2007/8/28 下午 01:16:22 | Attr = ] cmdagent.exe -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 507648 bytes | Modified Date = 2008/3/23 下午 09:52:05 | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 2006/10/19 下午 01:52:24 | Attr = ] pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 2008/2/20 下午 03:58:48 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2006/2/21 下午 08:39:16 | Attr = ] lxbkbmgr.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 2003/8/20 上午 12:33:42 | Attr = ] tppoll.exe -> %ProgramFiles%\Topro\tppoll.exe -> [Ver = | Size = 24576 bytes | Modified Date = 2006/9/10 下午 07:03:08 | Attr = ] lxbkbmon.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 2003/8/20 上午 01:00:40 | Attr = ] avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.16 | Size = 249896 bytes | Modified Date = 2008/3/11 下午 05:33:08 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3018 | Size = 180269 bytes | Modified Date = 2008/3/12 上午 07:53:19 | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2007/2/27 上午 11:39:26 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.13: 2008031114 | Size = 7660656 bytes | Modified Date = 2008/3/29 下午 03:57:36 | Attr = ] otscanit.exe -> %UserProfile%\桌面\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 2008/4/4 下午 12:24:38 | Attr = ] [Win32 Services - Non-Microsoft Only] (AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 2007/8/28 下午 01:16:22 | Attr = ] (AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 2008/3/11 下午 05:33:08 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2006/2/21 下午 08:39:16 | Attr = ] (cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 507648 bytes | Modified Date = 2008/3/23 下午 09:52:05 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 223744 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005/4/4 上午 12:41:10 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 2003/8/19 上午 12:37:10 | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 2006/10/19 下午 01:52:24 | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 2006/12/23 下午 05:54:04 | Attr = ] (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 2008/2/20 下午 03:58:48 | Attr = ] [Driver Services - Non-Microsoft Only] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6601 | Size = 1505792 bytes | Modified Date = 2006/2/21 下午 08:46:26 | Attr = ] (avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 2007/2/27 下午 03:25:10 | Attr = ] (avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.00.04 | Size = 48448 bytes | Modified Date = 2007/9/17 上午 11:25:03 | Attr = ] (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 2008/3/11 下午 05:33:09 | Attr = ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Allen\LOCALS~1\Temp\catchme.sys -> File not found (cmdGuard) COMODO Firewall Pro Sandbox Driver [File_System | System | Running] -> %SystemRoot%\system32\drivers\cmdguard.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 85752 bytes | Modified Date = 2008/3/28 上午 11:12:26 | Attr = ] (cmdHlp) COMODO Firewall Pro Helper Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 23800 bytes | Modified Date = 2008/3/23 下午 09:52:06 | Attr = ] (cmuda) C-Media WDM Audio Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\cmuda.sys -> C-Media Inc [Ver = 5.12.01.0050.1 (70) | Size = 1368000 bytes | Modified Date = 2005/12/15 下午 01:57:46 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799232 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] (dmio) 邏輯磁碟管理員驅動程式 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 151808 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] (FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 2001/8/17 下午 02:13:08 | Attr = ] (hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.0.0 | Size = 16224 bytes | Modified Date = 2007/8/24 上午 10:03:00 | Attr = ] (Inspect) COMODO Firewall Pro Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\inspect.sys -> COMODO [Ver = 3.0.14.275 | Size = 79224 bytes | Modified Date = 2008/3/28 上午 11:12:29 | Attr = ] (npkcrypt) npkcrypt [Kernel | On_Demand | Stopped] -> E:\Program Files\NCTaiwan\天堂II初幕\system\npkcrypt.sys -> INCA Internet Co., Ltd. [Ver = 2004. 12. 27. 1 | Size = 21442 bytes | Modified Date = 2007/10/11 下午 02:53:32 | Attr = ] (npkcusb) npkcusb [Kernel | On_Demand | Stopped] -> E:\Program Files\NCTaiwan\天堂II初幕\system\npkcusb.sys -> INCA Internet Co., Ltd. [Ver = 2004. 12. 27. 1 | Size = 37009 bytes | Modified Date = 2007/10/11 下午 02:53:32 | Attr = ] (Ptilink) 直接平行連接埠連結驅動程式 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 2007/3/8 上午 09:51:00 | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 2006/10/10 下午 12:53:48 | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2006/2/16 下午 04:51:08 | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2007/2/27 上午 11:39:26 | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007/11/13 下午 08:25:52 | Attr = ] (ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 2007/3/1 上午 10:34:36 | Attr = ] (tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TM_CFW.sys -> Trend Micro Inc. [Ver = 3.2.0.1024 | Size = 288848 bytes | Modified Date = 2007/2/1 下午 04:27:00 | Attr = ] (tmpreflt) tmpreflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 36112 bytes | Modified Date = 2007/6/12 下午 07:00:50 | Attr = ] (tmxpflt) tmxpflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 203024 bytes | Modified Date = 2007/6/12 下午 07:00:54 | Attr = ] (vsapint) vsapint [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1126328 bytes | Modified Date = 2007/6/12 下午 06:52:00 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2008/1/11 下午 10:16:38 | Attr = ] avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH [Ver = 7.02.00.16 | Size = 249896 bytes | Modified Date = 2008/3/11 下午 05:33:08 | Attr = ] COMODO Firewall Pro -> %ProgramFiles%\COMODO\Firewall\cfp.exe ["C:\Program Files\COMODO\Firewall\cfp.exe" -h] -> COMODO [Ver = 3.0.18.221 | Size = 1503488 bytes | Modified Date = 2008/3/23 下午 09:52:05 | Attr = ] Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe ["C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"] -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 2003/8/20 上午 12:33:42 | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 2006/1/12 下午 03:40:44 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3018 | Size = 180269 bytes | Modified Date = 2008/3/12 上午 07:53:19 | Attr = ] tppoll -> %ProgramFiles%\Topro\tppoll.exe [C:\Program Files\Topro\tppoll.exe] -> [Ver = | Size = 24576 bytes | Modified Date = 2006/9/10 下午 07:03:08 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2007/2/27 上午 11:39:26 | Attr = ] Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe [C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S] -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動 -> < Allen Startup Folder > -> C:\Documents and Settings\Allen\「開始」功能表\程式集\啟動 -> %UserProfile%\「開始」功能表\程式集\啟動\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 2005/10/20 下午 12:04:08 | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\WINDOWS\system32\guard32.dll -> %SystemRoot%\system32\guard32.dll -> [Ver = | Size = 139008 bytes | Modified Date = 2008/3/23 下午 09:52:06 | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006/12/20 下午 12:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2007/2/27 上午 11:39:26 | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 2006/2/21 下午 08:40:30 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (771 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 220.132.63.173 auth.lineage2.com.tw -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3572 domain(s) found. -> 29 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006/10/22 下午 11:08:42 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2008/2/22 上午 04:25:19 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java 主控台] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2008/2/22 上午 04:25:19 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java 主控台] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2008/2/22 上午 04:25:19 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 添加到AMV視頻轉換工具... -> E:\amv\AMVConverter\grab.htm -> File not found 添加到Media Manager工具... -> E:\amv\MediaManager\grab.htm -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0825A384-3F2E-45F9-84DA-ADF34ACDFEFF} -> (VIA Compatable Fast Ethernet Adapter) -> {83CEA883-896B-42D1-9054-F974E6D14FF4} -> () -> {9311C667-E64F-4B22-8936-6DB997371CA4} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 2007/5/28 下午 02:52:54 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {5C051655-FCD5-4969-9182-770EA5AA5565}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab[Solitaire Showdown Class] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187860269398[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188994942187[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {9122D757-5A4F-4768-82C5-B4171D8556A7}[HKEY_LOCAL_MACHINE] -> http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab[PhotoPickConvert Class] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[Minesweeper Flags Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\.Owner -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PhtPkMSN.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PhtPkMSN.dll\\.Owner -> {9122D757-5A4F-4768-82C5-B4171D8556A7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PhtPkMSN.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SolitaireShowdown.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SolitaireShowdown.dll\\.Owner -> {5C051655-FCD5-4969-9182-770EA5AA5565} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SolitaireShowdown.dll\\{5C051655-FCD5-4969-9182-770EA5AA5565} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfbmp13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfbmp13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfbmp13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfcmp13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfcmp13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfcmp13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfgif13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfgif13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfgif13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfpng13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfpng13n.dll\\.Owner -> {9122D757-5A4F-4768-82C5-B4171D8556A7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lfpng13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltdis13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltdis13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltdis13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltfil13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltfil13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltfil13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltimg13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltimg13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltimg13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltkrn13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltkrn13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ltkrn13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005/6/16 上午 03:50:16 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007/4/26 上午 12:22:29 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006/3/24 下午 02:39:45 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1080 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 171520 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 116736 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> 為您的家用網路或小型辦公室網路提供網路位址轉譯、定址及名稱解析服務和/或防止干擾的服務。 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11778 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 319488 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007/10/18 上午 11:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007/10/2 下午 05:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe -> C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe [C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed] -> [Ver = | Size = 4000458 bytes | Modified Date = 2003/10/31 下午 01:30:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 2003/8/19 上午 12:32:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rtcshare.exe -> C:\WINDOWS\system32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73728 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\tlntsvr.exe -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe:*:Enabled:Telnet] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66560 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\tftp.exe -> C:\WINDOWS\system32\tftp.exe [C:\WINDOWS\system32\tftp.exe:*:Enabled:Tftp] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16896 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Call of Duty 4 - Modern Warfare\iw3mp.exe -> E:\Call of Duty 4 - Modern Warfare\iw3mp.exe [E:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Disabled:Call of Duty(R) 4 - Modern Warfare(TM) ] -> [Ver = | Size = 3325952 bytes | Modified Date = 2008/1/23 下午 03:57:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype. Take a deep breath ] -> Skype Technologies S.A. [Ver = 3.2.0.158 | Size = 23458344 bytes | Modified Date = 2007/5/28 下午 02:52:54 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007/10/18 上午 11:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007/10/2 下午 05:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> 自動更新 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> 啟用 Windows 更新的下載及安裝。如果停用這個服務,這個電腦將無法使用自動更新功能或 Windows Update 網站。 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> 啟用遠端使用者修改這個電腦上的登錄設定。如果這個服務被停止,登錄只能由這個電腦上的使用者修改。如果這個服務被停用,任何明確依存於它的服務將無法啟動。 -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005/7/26 下午 02:39:50 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66560 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005/7/26 下午 02:39:50 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> 啟用一個遠端使用者來登入到這台電腦和執行應用程式,以及支援各種 TCP/IP Telnet 用戶端,包含以 UNIX 為基本和以 Windows 為基本的電腦。如果服務停止了,遠端使用者可能無法存取應用程式。如果服務停用了,任何明確地依存於這項服務的其他服務將會啟動失敗。 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005/7/26 下午 02:39:50 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> 於背景用戶端和伺服器之間轉移檔案。如果 BITS 被停用,Windows Update 將無法正常運作。 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll [%systemroot%\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> 為您的家用網路或小型辦公室網路提供網路位址轉譯、定址及名稱解析服務和/或防止干擾的服務。 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11778 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 319488 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007/10/18 上午 11:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007/10/2 下午 05:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe -> C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe [C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed] -> [Ver = | Size = 4000458 bytes | Modified Date = 2003/10/31 下午 01:30:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 2003/8/19 上午 12:32:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rtcshare.exe -> C:\WINDOWS\system32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73728 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\tlntsvr.exe -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe:*:Enabled:Telnet] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66560 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\tftp.exe -> C:\WINDOWS\system32\tftp.exe [C:\WINDOWS\system32\tftp.exe:*:Enabled:Tftp] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16896 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Call of Duty 4 - Modern Warfare\iw3mp.exe -> E:\Call of Duty 4 - Modern Warfare\iw3mp.exe [E:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Disabled:Call of Duty(R) 4 - Modern Warfare(TM) ] -> [Ver = | Size = 3325952 bytes | Modified Date = 2008/1/23 下午 03:57:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype. Take a deep breath ] -> Skype Technologies S.A. [Ver = 3.2.0.158 | Size = 23458344 bytes | Modified Date = 2007/5/28 下午 02:52:54 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007/10/18 上午 11:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007/10/2 下午 05:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> 自動更新 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> 啟用 Windows 更新的下載及安裝。如果停用這個服務,這個電腦將無法使用自動更新功能或 Windows Update 網站。 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004/8/4 下午 10:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> [Files/Folders - Created Within 60 days] !KillBox -> %SystemDrive%\!KillBox -> [Folder | Created Date = 2008/3/17 下午 12:49:45 | Attr = ] boot.ini.comodofirewall -> %SystemDrive%\boot.ini.comodofirewall -> [Ver = | Size = 211 bytes | Created Date = 2008/3/17 上午 09:48:32 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2008/3/16 下午 10:01:37 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008/4/4 下午 10:43:38 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 2008/4/5 下午 10:24:36 | Attr = HS] RegSearch -> %SystemDrive%\RegSearch -> [Folder | Created Date = 2008/3/19 下午 04:28:56 | Attr = ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 2008/3/29 上午 09:41:42 | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 2008/3/29 下午 10:47:46 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Created Date = 2008/4/5 下午 08:05:45 | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 2008/3/29 上午 09:41:42 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 2008/3/29 下午 10:47:46 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 2008/4/5 下午 08:05:45 | Attr = H ] Warcraft III -> %SystemDrive%\Warcraft III -> [Folder | Created Date = 2008/3/11 下午 12:43:25 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2008/3/23 上午 11:53:28 | Attr = ] avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.02 | Size = 40768 bytes | Created Date = 2008/3/11 下午 05:09:35 | Attr = ] avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.01 | Size = 21312 bytes | Created Date = 2008/3/11 下午 05:09:35 | Attr = ] avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Created Date = 2008/3/11 下午 05:09:35 | Attr = ] cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 85752 bytes | Created Date = 2008/3/23 下午 09:52:10 | Attr = ] cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 23800 bytes | Created Date = 2008/3/23 下午 09:52:10 | Attr = ] inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3.0.14.275 | Size = 79224 bytes | Created Date = 2008/3/23 下午 09:52:10 | Attr = ] PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Created Date = 2008/2/20 下午 03:59:00 | Attr = ] ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 2008/3/11 下午 05:09:35 | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 2008/3/25 下午 10:34:40 | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 2008/2/21 下午 12:04:04 | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 6, 7, 0, 1 | Size = 156992 bytes | Created Date = 2008/2/21 下午 12:03:42 | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Created Date = 2008/2/21 下午 12:03:58 | Attr = ] DivXMedia.ax -> %SystemRoot%\System32\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 2008/2/21 下午 12:03:54 | Attr = ] DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 2008/2/21 下午 12:05:52 | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> [Ver = | Size = 4816 bytes | Created Date = 2008/2/21 下午 12:05:52 | Attr = ] DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Created Date = 2008/2/21 下午 12:03:24 | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 2008/2/21 下午 12:04:04 | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 2008/2/21 下午 12:04:04 | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Created Date = 2008/2/21 下午 12:04:04 | Attr = ] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 2008/2/21 下午 12:04:16 | Attr = ] dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [Ver = | Size = 416 bytes | Created Date = 2008/2/21 下午 12:04:16 | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 2008/2/21 下午 12:04:06 | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 2008/2/21 下午 12:04:06 | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 2008/2/21 下午 12:04:08 | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 2008/2/21 下午 12:04:08 | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 2008/2/21 下午 12:04:06 | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 2008/2/21 下午 12:04:06 | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Created Date = 2008/2/21 下午 12:04:16 | Attr = ] dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [Ver = | Size = 416 bytes | Created Date = 2008/2/21 下午 12:04:16 | Attr = ] guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 139008 bytes | Created Date = 2008/3/23 下午 09:52:10 | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 2008/3/25 下午 10:35:12 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 2008/3/11 下午 05:20:48 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 2008/3/11 下午 05:20:48 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 2008/3/11 下午 05:20:48 | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 2008/2/21 下午 12:05:34 | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 2008/3/25 下午 10:35:07 | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 2008/3/12 上午 07:53:21 | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 2008/3/12 上午 07:53:22 | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 2008/3/12 上午 07:53:22 | Attr = ] PnkBstrA.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Created Date = 2008/2/20 下午 03:58:48 | Attr = ] PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Created Date = 2008/2/20 下午 03:58:57 | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 2008/2/21 下午 12:05:44 | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.1860 | Size = 176167 bytes | Created Date = 2008/3/12 上午 07:53:30 | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 2008/2/21 下午 12:05:34 | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 2008/3/25 下午 10:35:16 | Attr = ] xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [Ver = | Size = 755027 bytes | Created Date = 2008/2/26 下午 03:45:33 | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2008/4/4 下午 10:43:36 | Attr = ] ftpcache -> %SystemRoot%\ftpcache -> [Folder | Created Date = 2008/2/17 上午 02:04:58 | Attr = HS] game.ini -> %SystemRoot%\game.ini -> [Ver = | Size = 294 bytes | Created Date = 2008/2/17 上午 02:04:27 | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008/4/4 下午 10:43:36 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 2008/4/4 下午 10:43:36 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 2008/3/17 下午 12:38:29 | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008/4/4 下午 10:43:36 | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008/4/4 下午 10:43:36 | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008/4/4 下午 10:43:36 | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008/4/4 下午 10:43:36 | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 2008/4/4 下午 10:50:30 | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008/4/4 下午 10:43:36 | Attr = ] War3Unin.dat -> %SystemRoot%\War3Unin.dat -> [Ver = | Size = 76196 bytes | Created Date = 2008/3/11 下午 03:23:02 | Attr = ] War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Created Date = 2008/3/11 下午 03:23:01 | Attr = ] War3Unin.pif -> %SystemRoot%\War3Unin.pif -> [Ver = | Size = 2829 bytes | Created Date = 2008/3/11 下午 03:23:01 | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008/4/4 下午 10:43:36 | Attr = ] [Files/Folders - Modified Within 60 days] !KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 2008/3/17 下午 12:49:45 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2008/3/17 上午 09:48:32 | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2008/3/16 下午 10:01:37 | Attr = ] from JOhn -> %SystemDrive%\from JOhn -> [Folder | Modified Date = 2008/3/17 下午 01:14:29 | Attr = ] My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 2008/3/16 下午 08:58:09 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008/3/28 上午 11:21:38 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008/4/4 下午 10:50:06 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2008/4/6 下午 04:54:59 | Attr = HS] RegSearch -> %SystemDrive%\RegSearch -> [Folder | Modified Date = 2008/3/19 下午 04:31:14 | Attr = ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2008/3/29 上午 09:41:42 | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2008/3/29 下午 10:47:46 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2008/4/5 下午 08:05:45 | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2008/3/29 上午 09:41:42 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2008/3/29 下午 10:47:46 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2008/4/5 下午 08:05:45 | Attr = H ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2008/3/8 上午 10:01:04 | Attr = ] Warcraft III -> %SystemDrive%\Warcraft III -> [Folder | Modified Date = 2008/3/11 下午 12:49:13 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008/4/11 下午 11:19:14 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2008/3/23 上午 11:53:28 | Attr = ] avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 2008/3/11 下午 05:33:09 | Attr = ] cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 85752 bytes | Modified Date = 2008/3/28 上午 11:12:26 | Attr = ] cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 23800 bytes | Modified Date = 2008/3/23 下午 09:52:06 | Attr = ] inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3.0.14.275 | Size = 79224 bytes | Modified Date = 2008/3/28 上午 11:12:29 | Attr = ] PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 2008/2/20 下午 04:00:02 | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 2008/3/25 下午 10:51:17 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 2008/2/20 下午 03:55:09 | Attr = ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Modified Date = 2008/2/18 下午 04:46:33 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008/4/13 下午 02:04:29 | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 2008/2/17 下午 02:19:48 | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Modified Date = 2008/2/21 下午 12:04:04 | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 6, 7, 0, 1 | Size = 156992 bytes | Modified Date = 2008/2/21 下午 12:03:42 | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Modified Date = 2008/2/21 下午 12:03:58 | Attr = ] DivXMedia.ax -> %SystemRoot%\System32\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 2008/2/21 下午 12:03:54 | Attr = ] DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 2008/2/21 下午 12:05:52 | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> [Ver = | Size = 4816 bytes | Modified Date = 2008/2/21 下午 12:05:52 | Attr = ] DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Modified Date = 2008/2/21 下午 12:03:24 | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 2008/2/21 下午 12:04:04 | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 2008/2/21 下午 12:04:04 | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Modified Date = 2008/2/21 下午 12:04:04 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2008/3/26 下午 10:33:18 | Attr = RHS] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Modified Date = 2008/2/21 下午 12:04:16 | Attr = ] dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [Ver = | Size = 416 bytes | Modified Date = 2008/2/21 下午 12:04:16 | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 2008/2/21 下午 12:04:06 | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 2008/2/21 下午 12:04:06 | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 2008/2/21 下午 12:04:08 | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 2008/2/21 下午 12:04:08 | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 2008/2/21 下午 12:04:06 | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 2008/2/21 下午 12:04:06 | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008/4/4 下午 10:48:16 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 2008/2/28 下午 05:16:14 | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Modified Date = 2008/2/21 下午 12:04:16 | Attr = ] dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [Ver = | Size = 416 bytes | Modified Date = 2008/2/21 下午 12:04:16 | Attr = ] guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 139008 bytes | Modified Date = 2008/3/23 下午 09:52:06 | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2008/3/25 下午 10:47:52 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2008/2/22 上午 01:23:35 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2008/2/22 上午 02:33:31 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2008/2/22 上午 01:23:39 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2008/2/22 上午 02:33:32 | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 2008/2/21 下午 12:05:34 | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 2008/2/20 下午 03:58:48 | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2008/3/25 下午 10:47:52 | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 2008/3/12 上午 07:53:21 | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 2008/3/12 上午 07:53:22 | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 2008/3/12 上午 07:53:22 | Attr = ] PnkBstrA.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 2008/2/20 下午 03:58:48 | Attr = ] PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Modified Date = 2008/2/20 下午 03:59:49 | Attr = ] px.dll -> %SystemRoot%\System32\px.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 551672 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] pxafs.dll -> %SystemRoot%\System32\pxafs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 129784 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] pxcpya64.exe -> %SystemRoot%\System32\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 66296 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] pxcpyi64.exe -> %SystemRoot%\System32\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 120056 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] pxdrv.dll -> %SystemRoot%\System32\pxdrv.dll -> Sonic Solutions [Ver = 1.02.09a | Size = 518904 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] pxhpinst.exe -> %SystemRoot%\System32\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 72440 bytes | Modified Date = 2008/2/21 下午 12:05:40 | Attr = ] pxinsa64.exe -> %SystemRoot%\System32\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 64760 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] pxinsi64.exe -> %SystemRoot%\System32\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 118520 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] pxmas.dll -> %SystemRoot%\System32\pxmas.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 187128 bytes | Modified Date = 2008/2/21 下午 12:05:40 | Attr = ] pxsfs.dll -> %SystemRoot%\System32\pxsfs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 1628920 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] pxwave.dll -> %SystemRoot%\System32\pxwave.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 379640 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 2008/2/21 下午 12:05:44 | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.1860 | Size = 176167 bytes | Modified Date = 2008/3/12 上午 07:53:30 | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 2008/2/21 下午 12:05:34 | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2008/3/25 下午 10:47:52 | Attr = ] vxblock.dll -> %SystemRoot%\System32\vxblock.dll -> Sonic Solutions [Ver = 1.00.83a | Size = 88824 bytes | Modified Date = 2008/2/21 下午 12:05:38 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2008/4/8 下午 12:28:27 | Attr = ] cmicnfg.ini -> %SystemRoot%\System\cmicnfg.ini -> [Ver = | Size = 276 bytes | Modified Date = 2008/2/26 下午 10:52:54 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2008/2/17 下午 02:19:35 | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008/4/13 下午 02:26:38 | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008/3/25 下午 10:35:02 | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008/4/8 下午 01:07:25 | Attr = ] ftpcache -> %SystemRoot%\ftpcache -> [Folder | Modified Date = 2008/2/17 上午 02:04:58 | Attr = HS] game.ini -> %SystemRoot%\game.ini -> [Ver = | Size = 294 bytes | Modified Date = 2008/2/17 上午 02:04:27 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008/4/3 下午 12:59:29 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008/3/19 下午 04:18:46 | Attr = HS] lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 321 bytes | Modified Date = 2008/4/12 下午 08:18:24 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008/4/11 下午 06:13:43 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 2008/4/11 下午 12:57:26 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008/4/13 下午 02:30:27 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2008/3/17 下午 12:38:29 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2008/4/4 下午 10:49:19 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008/4/11 下午 11:19:14 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008/2/22 下午 02:45:51 | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2008/4/13 下午 02:27:20 | Attr = ] War3Unin.dat -> %SystemRoot%\War3Unin.dat -> [Ver = | Size = 76196 bytes | Modified Date = 2008/3/11 下午 03:35:29 | Attr = ] War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Modified Date = 2008/3/11 下午 03:31:51 | Attr = ] War3Unin.pif -> %SystemRoot%\War3Unin.pif -> [Ver = | Size = 2829 bytes | Modified Date = 2008/3/11 下午 03:31:51 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008/4/13 下午 02:26:55 | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 12530 bytes | Modified Date = 2008/4/13 下午 02:28:13 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 12530 bytes | Modified Date = 2008/4/13 下午 02:28:13 | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2007/8/26 下午 07:19:12 | Attr = ] rtdrvmon.exe -> C:\Documents and Settings\Allen\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2008/4/13 下午 02:33:12 | Attr = ] 5 C:\Documents and Settings\Allen\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Allen\Local Settings\Temp\*.tmp -> rtdrvmon.exe -> C:\WINDOWS\TEMP\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2008/4/13 下午 02:27:14 | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "\5}\26Y\x742b#\xe48ec\x8c66???"=str(7):"1\0" "\x77cf\x5349s^L?\xe48ec\x8c66?????"=str(7):"1\0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "\5}\26Y\x742b#\xe48ec\x8c66???"=str(7):"1\0" "\x77cf\x5349s^L?\xe48ec\x8c66?????"=str(7):"1\0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "\5}\26Y\x742b#\xe48ec\x8c66???"=str(7):"1\0" "\x77cf\x5349s^L?\xe48ec\x8c66?????"=str(7):"1\0" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes] "\x828f?}vr???"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,"" "Kb\x69d4 ?1??"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,"" "Kb\x69d4 ?2??"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,"" "P`??"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,"" "\x8e90\n?_??"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,"" "\ac\x87c3\x8dcb??"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,"" ">e'Y"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,"" "?OY?"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,"" "\x828f??r????"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\?d?[?\xe9e0\xe1e5q_\x67e3] @="{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}" "Description"="\x5982\x679c\x60a8\x8981\x89e3\x9664\x5b89\x88dd\x9019\x4e00\x7248 Windows\xff0c\x4e26\x56de\x5230\x60a8\x4e4b\x524d\x7684\x4f5c\x696d\x7cfb\x7d71\x7684\x8a71\xff0c\x60a8\x5c07\x9700\x8981\x9019\x4e9b\x6a94\x6848\x3002" "Display"="\x4e4b\x524d\x4f5c\x696d\x7cfb\x7d71\x7684\x5099\x4efd\x6a94\x6848" "IconPath"=str(2):"%SystemRoot%\system32\osuninst.EXE,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper] "0}\16f??"=dword:00008088 "\x90010}\16f???"=dword:00000088 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts] "\31jwi? ?(?T?r?u?e?T?y?p?e?)??"="KAIU.TTF" "\x5bb0?ck?? ?(?T?r?u?e?T?y?p?e?)?????"="MSJH.TTF" "\x5bb0?ck?? ?B?o?l?d? ?(?T?r?u?e?T?y?p?e?)?????"="MSJHBD.TTF" "0}\16f? ?&? ?\x90010}\16f? ?(?T?r?u?e?T?y?p?e?)????"="E:\Program Files\NCTaiwan\\x5929\x5802II\x521d\x5e55\system\mingliu.ttc" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Essentials\\x5b01wQ] "Order"=hex:08,00,00,00,02,00,00,00,2c,02,00,00,01,00,00,00,04,00,00,00,88,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PROJECT YNP\\x9001\26N] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,03,00,00,00,74,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\_U\x6090] "Order"=hex:08,00,00,00,02,00,00,00,96,00,00,00,01,00,00,00,01,00,00,00,8a,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\J?j4X] "Order"=hex:08,00,00,00,02,00,00,00,ce,06,00,00,01,00,00,00,0b,00,00,00,82,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\D\xe825\\x6c14(u\vz\17_] "Order"=hex:08,00,00,00,02,00,00,00,4a,0b,00,00,01,00,00,00,13,00,00,00,d0,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\D\xe825\\x6c14(u\vz\17_\TS\x547d\x5b01wQ] "Order"=hex:08,00,00,00,02,00,00,00,42,02,00,00,01,00,00,00,04,00,00,00,92,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\D\xe825\\x6c14(u\vz\17_\\eZ\2j] "Order"=hex:08,00,00,00,02,00,00,00,1c,01,00,00,01,00,00,00,02,00,00,00,8a,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\D\xe825\\x6c14(u\vz\17_\\xe0d9q}\x5b01wQ] "Order"=hex:08,00,00,00,02,00,00,00,e0,05,00,00,01,00,00,00,0a,00,00,00,9e,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\D\xe825\\x6c14(u\vz\17_\\32?] "Order"=hex:08,00,00,00,02,00,00,00,2a,03,00,00,01,00,00,00,05,00,00,00,aa,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups] "J?j4X?"="\x9644\x5c6c\x61c9\x7528\x7a0b\x5f0f\\x904a\x6a02\x5834" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\\xf4e8\x8b78\x258f?hV] "SaveSettings"="1" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\:O\rghV\xfe43\6t\x55ff] "SaveSettings"="1" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\O(u\5\x80\xfe43\6t\x55ff] "SaveSettings"="1" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\\x74e0\x7d88O(u\5\x80\xfe43\6t\x55ff] "SaveSettings"="1" scanning hidden files ... C:\WINDOWS\Web\printers\images\Thumbs.db:encryptable 0 bytes C:\WINDOWS\Web\Wallpaper\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 < Document and Settings folder & sub folders > detected NTDLL code modification: ZwClose scanning hidden files ... C:\Documents and Settings\Agape\Local Settings\Application Data\Microsoft\Messenger\thisisgup_gup@hotmail.com\SharingMetadata\chatwifmanda@hotmail.com\DFSR\Staging\CS{EFEF9F50-4E59-FB39-F3FC-3C8FA2B4B65B}\01\10-{EFEF9F50-4E59-FB39-F3FC-3C8FA2B4B65B}-v1-{DBFC1D07-12BE-4DBF-BCF0-01469580899B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Agape\Local Settings\Application Data\Microsoft\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Chat Logs\一月 2008\Images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Chat Logs\三月 2008\Images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Chat Logs\二月 2008\Images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Chat Logs\四月 2008\Images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Alicia Keys\As I Am\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Alicia Keys\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Alicia Keys\Unplugged\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Chris Tomlin\Arriving\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Chris Tomlin\Live from Austin Music Hall\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Chris Tomlin\See The Morning\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Chris Tomlin\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Hillsong\All of the Above\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Hillsong\Saviour King\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Hillsong\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Jaci Velasquez\On My Knees- The Best of Jaci Velasquez\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Jaci Velasquez\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Michael Jackson\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Nicole C. Mullen\Redeemer- The Best of Nicole C. Mullen\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Nicole C. Mullen\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\My Documents\My Music\Out of Eden\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\Recent\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Agape\桌面\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Music\範例音樂\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\範例圖片\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allen\Local Settings\Application Data\Microsoft\Messenger\velocityx101@hotmail.com\SharingMetadata\x0xo_x0xo@hotmail.com\DFSR\Staging\CS{E66C996F-F9E4-E421-27D9-15B97F78D628}\01\10-{E66C996F-F9E4-E421-27D9-15B97F78D628}-v1-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Allen\Local Settings\Application Data\Microsoft\Messenger\velocityx101@hotmail.com\SharingMetadata\x0xo_x0xo@hotmail.com\DFSR\Staging\CS{E66C996F-F9E4-E421-27D9-15B97F78D628}\11\12-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v11-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 47388 bytes hidden from API C:\Documents and Settings\Allen\Local Settings\Application Data\Microsoft\Messenger\velocityx101@hotmail.com\SharingMetadata\x0xo_x0xo@hotmail.com\DFSR\Staging\CS{E66C996F-F9E4-E421-27D9-15B97F78D628}\11\12-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v11-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3342 bytes hidden from API C:\Documents and Settings\Allen\Local Settings\Application Data\Microsoft\Messenger\velocityx101@hotmail.com\SharingMetadata\x0xo_x0xo@hotmail.com\DFSR\Staging\CS{E66C996F-F9E4-E421-27D9-15B97F78D628}\11\12-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v11-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5240 bytes hidden from API C:\Documents and Settings\Allen\Local Settings\Application Data\Microsoft\Messenger\velocityx101@hotmail.com\SharingMetadata\x0xo_x0xo@hotmail.com\DFSR\Staging\CS{E66C996F-F9E4-E421-27D9-15B97F78D628}\13\13-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v13-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 28272 bytes hidden from API C:\Documents and Settings\Allen\Local Settings\Application Data\Microsoft\Messenger\velocityx101@hotmail.com\SharingMetadata\x0xo_x0xo@hotmail.com\DFSR\Staging\CS{E66C996F-F9E4-E421-27D9-15B97F78D628}\13\13-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v13-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2046 bytes hidden from API C:\Documents and Settings\Allen\Local Settings\Application Data\Microsoft\Messenger\velocityx101@hotmail.com\SharingMetadata\x0xo_x0xo@hotmail.com\DFSR\Staging\CS{E66C996F-F9E4-E421-27D9-15B97F78D628}\13\13-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v13-{E3BF72D7-B657-4D82-BE2D-13861F1021E1}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3128 bytes hidden from API C:\Documents and Settings\Allen\My Documents\My Chat Logs\一月 2008\Images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allen\My Documents\My Music\iMesh\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allen\My Documents\My Music\X-Japan\Ballad Collection\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allen\My Documents\My Music\X-Japan\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allen\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allen\My Documents\My Received Files\Reunion\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allen\Recent\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allen\桌面\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allen\桌面\未使用的桌面捷徑\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Sarah\Favorites\Yahoo!奇摩.url:favicon 318 bytes scan completed successfully hidden files: 99 < End of report > [/code]