史萊姆論壇 - 查看單個文章

popfing · 2008-08-04, 01:38 PM

程式都可以使用，控制台、資料夾跟我的電腦都打不開，左鍵點兩下都沒反應
用右鍵選單->開啟也都沒反應
用執行預覽都可以使用在C、D、E槽的檔案
有用Kavo_killer 3.6掃過但還是一樣
前幾天中了木馬用線上掃毒軟體掃完刪除些檔案後就變成這樣了
麻煩各位大大幫忙看一下哪裡出問題
謝謝

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 01:25:43, on 2008/8/4
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\SCardSvr.exe
E:\Documents and Settings\All Users\Application Data\taskmgr.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\RutenAlert\RutenAlert.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Nero\Nero8\InCD\NBHGui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
E:\Program Files\Spyware Doctor\pctsTray.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDP.EXE
E:\WINDOWS\system32\conime.exe
E:\ESW\Esw.exe
E:\ESW\Master.exe
E:\WINDOWS\system32\cisvc.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\npkcmsvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\CyberLink\Shared files\RichVideo.exe
E:\Program Files\Spyware Doctor\pctsAuxs.exe
E:\Program Files\Spyware Doctor\pctsSvc.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Teleca Shared\Generic.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\NextLink\GOGOBOX\GFSCAgent.exe
E:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
E:\WINDOWS\system32\cidaemon.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Administrator\桌面\HiJackThis.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\Documents and Settings\All Users\Application Data\taskmgr.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - E:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O2 - BHO: 超級兔子上網精靈 - {FEDF637B-F631-4583-A210-33CC828D42DB} - E:\PROGRA~1\SUPERR~1\magicset\HAOKAN~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 超級兔子上網精靈 - {FEDF637B-F631-4583-A210-33CC828D42DB} - E:\PROGRA~1\SUPERR~1\magicset\HAOKAN~2.DLL
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] ; RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] ; "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] ; "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ulead AutoDetector v2] ; E:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [DeviceDiscovery] ; E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RutenAlert] E:\Program Files\RutenAlert\RutenAlert.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [FlashGet] ; "C:\Program Files\Flashget\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] ; "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] ; E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] E:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] ; E:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ClubBox] "E:\Program Files\NextLink\GOGOBOX\gogobox.exe" -l
O4 - HKLM\..\Run: [QuickTime Task] ; "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Super Rabbit SRRestore] E:\Program Files\Super Rabbit\magicset\srrest.exe /autosave
O4 - HKLM\..\Run: [ISTray] "E:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] ; E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] ; "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus CX7300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDP.EXE /FU "E:\WINDOWS\TEMP\E_S243.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Super Rabbit IEPro] E:\Program Files\Super Rabbit\magicset\SRIECLI.EXE /LOAD
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Foxy 下載 - res://C:\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://E:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://E:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://E:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://E:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: EasyATM快速啟動 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - E:\ESW\GoEzoZone.exe
O9 - Extra 'Tools' menuitem: EasyATM快速啟動 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - E:\ESW\GoEzoZone.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {014670D1-5B6D-4AB9-BA83-3903E9B18891} (NowCAFE Control) - http://www.gogobox.com.tw/neo.fld/GNowCAFE.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192718404437
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {650BBB86-3D77-49BA-A4B2-2455E44EB031} (PasswordMD5ClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...5ClientCOM.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1207584690796
O16 - DPF: {7067DEA7-8C20-4519-8615-B1829371D8B9} (CTCBWebATM Control) - https://family.chinatrust.com.tw/Web...CTCBWebATM.cab
O16 - DPF: {75A89484-8152-461B-87B0-4D253259E972} (HnBkClientATM Control) - https://www.smartatm.com.tw/eatm/com...kClientATM.cab
O16 - DPF: {7E78800E-A2D2-4F9F-A117-1A439524AFF7} (Feib Class) - https://ebank.feib.com.tw/netbank/ht...sp/FeibATM.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {9834A545-C06B-44B1-B007-18A452D37004} (First Class) - https://eatm.firstbank.com.tw/firstbankATM.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {B80CBA99-2493-4343-8A83-386E9F3CA5C2} (GetWebContent Class) - http://cnc.isoshu.com/eread/WebReadOnLine_ATL.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} (TRUSTATMPOST Control) - https://webatm.post.gov.tw/postatm/TRUSTATMPOST5.cab
O16 - DPF: {C9B6115C-DEA9-11D6-8C3C-0050BAA6346E} (CertificateDBClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...BClientCOM.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D431F24F-0D8A-43A2-AB0D-FF6F27DE95A8} (PasswordClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...dClientCOM.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://image.rohan.com.tw/Etc/Keycrypt/npkcx_inca.cab
O16 - DPF: {EA71C52E-75B1-4A60-BCB7-48E6410FDC26} (TBBICX Control) - https://eatm.tbb.com.tw/TBBICX.cab
O16 - DPF: {EB8D26BA-9A4C-444C-80D1-1B544F68D797} (XMLSignatureClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...eClientCOM.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18F1E85F-6CA9-4AC6-AF2A-10DA5C00CA7A}: NameServer = 168.95.192.1 168.95.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{18F1E85F-6CA9-4AC6-AF2A-10DA5C00CA7A}: NameServer = 168.95.192.1 168.95.1.1
O23 - Service: Aclockm - - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - E:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 15466 bytes

2008-08-04, 01:38 PM	#1
popfing 註冊會員榮譽勳章勳章總數0 UID - 306633 在線等級: 註冊日期: 2008-08-02 文章: 3 精華: 0 現金: 5 金幣資產: 5 金幣	桌面資料夾&我的電腦打不開程式都可以使用，控制台、資料夾跟我的電腦都打不開，左鍵點兩下都沒反應用右鍵選單->開啟也都沒反應用執行預覽都可以使用在C、D、E槽的檔案有用Kavo_killer 3.6掃過但還是一樣前幾天中了木馬用線上掃毒軟體掃完刪除些檔案後就變成這樣了麻煩各位大大幫忙看一下哪裡出問題謝謝 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 下午 01:25:43, on 2008/8/4 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\csrss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\System32\SCardSvr.exe E:\Documents and Settings\All Users\Application Data\taskmgr.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\WINDOWS\RTHDCPL.EXE E:\Program Files\RutenAlert\RutenAlert.exe E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\PROGRA~1\SYMANT~1\VPTray.exe E:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\Program Files\Nero\Nero8\InCD\NBHGui.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe E:\Program Files\Spyware Doctor\pctsTray.exe E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDP.EXE E:\WINDOWS\system32\conime.exe E:\ESW\Esw.exe E:\ESW\Master.exe E:\WINDOWS\system32\cisvc.exe E:\Program Files\Symantec AntiVirus\DefWatch.exe E:\Program Files\Nero\Nero8\InCD\InCDsrv.exe E:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe E:\WINDOWS\system32\npkcmsvc.exe E:\WINDOWS\system32\nvsvc32.exe E:\Program Files\CyberLink\Shared files\RichVideo.exe E:\Program Files\Spyware Doctor\pctsAuxs.exe E:\Program Files\Spyware Doctor\pctsSvc.exe E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Common Files\Teleca Shared\Generic.exe E:\Program Files\Symantec AntiVirus\Rtvscan.exe E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe E:\WINDOWS\system32\wscntfy.exe E:\WINDOWS\System32\alg.exe E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe E:\Program Files\NextLink\GOGOBOX\GFSCAgent.exe E:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe E:\WINDOWS\system32\cidaemon.exe E:\WINDOWS\system32\cidaemon.exe E:\Program Files\Internet Explorer\iexplore.exe E:\WINDOWS\system32\wuauclt.exe E:\WINDOWS\system32\wuauclt.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Documents and Settings\Administrator\桌面\HiJackThis.exe E:\WINDOWS\system32\wbem\wmiprvse.exe R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\Documents and Settings\All Users\Application Data\taskmgr.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - E:\PROGRA~1\ALiBaBar\ALiBaBar.dll O2 - BHO: 超級兔子上網精靈 - {FEDF637B-F631-4583-A210-33CC828D42DB} - E:\PROGRA~1\SUPERR~1\magicset\HAOKAN~2.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: 超級兔子上網精靈 - {FEDF637B-F631-4583-A210-33CC828D42DB} - E:\PROGRA~1\SUPERR~1\magicset\HAOKAN~2.DLL O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] ; RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ISUSPM Startup] ; "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] ; "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Ulead AutoDetector v2] ; E:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [DeviceDiscovery] ; E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [RutenAlert] E:\Program Files\RutenAlert\RutenAlert.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [FlashGet] ; "C:\Program Files\Flashget\FlashGet.exe" /min O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] ; "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] ; E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] E:\Program Files\Nero\Nero8\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] ; E:\Program Files\Nero\Nero8\InCD\InCD.exe O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ClubBox] "E:\Program Files\NextLink\GOGOBOX\gogobox.exe" -l O4 - HKLM\..\Run: [QuickTime Task] ; "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Super Rabbit SRRestore] E:\Program Files\Super Rabbit\magicset\srrest.exe /autosave O4 - HKLM\..\Run: [ISTray] "E:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] ; E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] ; "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EPSON Stylus CX7300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDP.EXE /FU "E:\WINDOWS\TEMP\E_S243.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Super Rabbit IEPro] E:\Program Files\Super Rabbit\magicset\SRIECLI.EXE /LOAD O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Foxy 下載 - res://C:\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: Foxy 搜尋 - res://C:\Foxy\Foxy.exe/search.htm O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://E:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://E:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://E:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://E:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad O9 - Extra button: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra 'Tools' menuitem: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: EasyATM快速啟動 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - E:\ESW\GoEzoZone.exe O9 - Extra 'Tools' menuitem: EasyATM快速啟動 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - E:\ESW\GoEzoZone.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {014670D1-5B6D-4AB9-BA83-3903E9B18891} (NowCAFE Control) - http://www.gogobox.com.tw/neo.fld/GNowCAFE.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192718404437 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {650BBB86-3D77-49BA-A4B2-2455E44EB031} (PasswordMD5ClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...5ClientCOM.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1207584690796 O16 - DPF: {7067DEA7-8C20-4519-8615-B1829371D8B9} (CTCBWebATM Control) - https://family.chinatrust.com.tw/Web...CTCBWebATM.cab O16 - DPF: {75A89484-8152-461B-87B0-4D253259E972} (HnBkClientATM Control) - https://www.smartatm.com.tw/eatm/com...kClientATM.cab O16 - DPF: {7E78800E-A2D2-4F9F-A117-1A439524AFF7} (Feib Class) - https://ebank.feib.com.tw/netbank/ht...sp/FeibATM.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: {9834A545-C06B-44B1-B007-18A452D37004} (First Class) - https://eatm.firstbank.com.tw/firstbankATM.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab O16 - DPF: {B80CBA99-2493-4343-8A83-386E9F3CA5C2} (GetWebContent Class) - http://cnc.isoshu.com/eread/WebReadOnLine_ATL.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} (TRUSTATMPOST Control) - https://webatm.post.gov.tw/postatm/TRUSTATMPOST5.cab O16 - DPF: {C9B6115C-DEA9-11D6-8C3C-0050BAA6346E} (CertificateDBClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...BClientCOM.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D431F24F-0D8A-43A2-AB0D-FF6F27DE95A8} (PasswordClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...dClientCOM.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://image.rohan.com.tw/Etc/Keycrypt/npkcx_inca.cab O16 - DPF: {EA71C52E-75B1-4A60-BCB7-48E6410FDC26} (TBBICX Control) - https://eatm.tbb.com.tw/TBBICX.cab O16 - DPF: {EB8D26BA-9A4C-444C-80D1-1B544F68D797} (XMLSignatureClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...eClientCOM.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{18F1E85F-6CA9-4AC6-AF2A-10DA5C00CA7A}: NameServer = 168.95.192.1 168.95.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{18F1E85F-6CA9-4AC6-AF2A-10DA5C00CA7A}: NameServer = 168.95.192.1 168.95.1.1 O23 - Service: Aclockm - - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - E:\WINDOWS\system32\npkcmsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 15466 bytes

	送花文章: 1, 收花文章: 0 篇, 收花: 0 次