史萊姆論壇

史萊姆論壇 (http://forum.slime.com.tw/)
-   一般電腦疑難討論區 (http://forum.slime.com.tw/f17.html)
-   -   "我的電腦”圖示被改了 (http://forum.slime.com.tw/thread230499.html)

connieyu 2008-05-29 02:21 PM
"我的電腦”圖示被改了
 
從前天剛始,
開了一個網頁、迅雷,cpu使用率幾乎都是100%,
以前不會這樣,
然後就找了據說可以降低迅雷cpu使用率的小程式,
結果惡夢發生了,
avast判定有毒,隔離了,
然後”我的電腦”圖變成
http://i137.photobucket.com/albums/q223/connieyu/109ce9cb.jpg
又找了kavo-killer來用,
我有關閉還原系統,殺完後再開還原系統,
結果桌面的”我的電腦”圖示正常了,
可是要下載檔案時,選擇”我的電腦”的圖示又是那個怪圖。
不敢再亂用解決的方法了。
目前的情形是cpu使用率總是100%,
我只開工作管理員、兩個網頁和skype。
煩請幫忙,謝謝。

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at PM 02:06:34, on 2008/5/29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\Explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: jkhxaklo.dll - {14698742-2059-3025-9058-954023874141} - C:\WINDOWS\system32\jkhxaklo.dll
O2 - BHO: skqnbbib.dll - {22023698-6984-8541-9654-698745012522} - C:\WINDOWS\system32\skqnbbib.dll
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll
O2 - BHO: cdwsbkop.dll - {2A095412-A568-B258-C587-D148E148F0A2} - C:\WINDOWS\system32\cdwsbkop.dll
O2 - BHO: apzhbtde.dll - {2D698451-2015-6358-9871-2015987452D2} - C:\WINDOWS\system32\apzhbtde.dll
O2 - BHO: apfobdet.dll - {2E035987-F585-68D1-AC28-98FA58E459E2} - C:\WINDOWS\system32\apfobdet.dll
O2 - BHO: apsgbjba.dll - {2FD45A54-9875-698F-E56E-65102358FDF2} - C:\WINDOWS\system32\apsgbjba.dll
O2 - BHO: oswxcttb.dll - {33512378-9874-5641-1025-985420368733} - C:\WINDOWS\system32\oswxcttb.dll
O2 - BHO: pjjxcdwd.dll - {34FAE856-AD58-20CB-A025-CD4895FA6E43} - (no file)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: mpwdcapi.dll - {35694105-5108-9405-3695-954187462153} - C:\WINDOWS\system32\mpwdcapi.dll
O2 - BHO: lofscjbo.dll - {370165F1-9F65-569F-F895-F14F58F41073} - C:\WINDOWS\system32\lofscjbo.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: zycbcime.dll - {3A698102-5904-AFD0-20DF-CD1A65829CA3} - C:\WINDOWS\system32\zycbcime.dll
O2 - BHO: mndhcdwd.dll - {3C648541-1025-9650-9057-6541258720C3} - C:\WINDOWS\system32\mndhcdwd.dll
O2 - BHO: mpmydapi.dll - {4629FF4F-ACDB-5C90-A098-FACB3456A264} - C:\WINDOWS\system32\mpmydapi.dll
O2 - BHO: ozfydbyt.dll - {4A069845-2036-6084-9054-6087502480A4} - C:\WINDOWS\system32\ozfydbyt.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: zywmeime.dll - {5319A1F1-9410-9654-3201-345FFA349135} - C:\WINDOWS\system32\zywmeime.dll
O2 - BHO: mndsesrv.dll - {57FD640A-158F-48AC-FD14-1597F14A9775} - (no file)
O2 - BHO: oohxdbyt.dll - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} - C:\WINDOWS\system32\oohxdbyt.dll
O2 - BHO: mndsfsrv.dll - {67FD640A-158F-48AC-FD14-1597F14A9776} - C:\WINDOWS\system32\mndsfsrv.dll
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - C:\WINDOWS\system32\zxmscwin.dll
O2 - BHO: mnmhfsrv.dll - {6C8D1401-A58D-A81C-CD24-A5915C4517C6} - C:\WINDOWS\system32\mnmhfsrv.dll
O2 - BHO: ypcqfhlp.dll - {70AF1289-F140-A140-D012-C1458759FC07} - C:\WINDOWS\system32\ypcqfhlp.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ypdjfbmp.dll - {81954FAC-1023-154F-895A-1458258AD818} - C:\WINDOWS\system32\ypdjfbmp.dll
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - C:\WINDOWS\system32\yxfhcjpg.dll
O2 - BHO: yzzthmsn.dll - {8490415F-65F8-B5C5-D8BA-9405FB120548} - C:\WINDOWS\system32\yzzthmsn.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - I:\CAIFODUH\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: zyzxhime.dll - {8A59145F-315D-BC23-AC1F-145DF81A34A8} - C:\WINDOWS\system32\zyzxhime.dll
O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用迅雷下載 - I:\CAIFODUH\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - I:\CAIFODUH\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {338D07FB-5B35-41CB-B696-33F24C91F201} (TWCAPI3 Class) - https://pis.wls.com.tw/TWCACAPIX.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8648 bytes

connieyu 2008-05-29 03:00 PM
引用:
作者: sob790717b (文章 1954614)
BHO 項目
有好多我看不懂的東西啊 :on_72:
經你提醒,我去看了上次的”hijack this”,
發現那時只有4個BHO的項目。
天啊!
怎麼會這樣。:on_72:

capalla626 2008-05-29 03:04 PM
試試看這個方法
 
1. 關閉系統還原後,還要進入磁碟清理,再清除一次,才會把還原檔全部清除,要不然原本的還原檔還是存在。

2. 再用你的防毒軟體掃毒一次,看看有沒有跳出什麼警示或異常的應用程式?把它貼上來給大家檢查一下。

P.S:不要隨便相信有一些能夠號稱,破解或降低效能的小程式,往往都是病毒最多的地方,如有不了解的地方,麻煩請告知一下。
:on_79::on_79::on_79::on_79::on_79::on_79::on_79:

connieyu 2008-05-29 04:49 PM
引用:
作者: capalla626 (文章 1954642)
1. 關閉系統還原後,還要進入磁碟清理,再清除一次,才會把還原檔全部清除,要不然原本的還原檔還是存在。

2. 再用你的防毒軟體掃毒一次,看看有沒有跳出什麼警示或異常的應用程式?把它貼上來給大家檢查一下。

P.S:不要隨便相信有一些能夠號稱,破解或降低效能的小程式,往往都是病毒最多的地方,如有不了解的地方,麻煩請告知一下。
:on_79::on_79::on_79::on_79::on_79::on_79::on_79:
我關閉了系統還原,磁碟也清理了,(用系統的磁碟清理和cclener)
還是一樣,而且那些多出來的BHO也清不掉。
問題仍然一樣。
還真的不能相信許多的小程式。:on_74:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at PM 04:38:59, on 2008/5/29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: jkhxaklo.dll - {14698742-2059-3025-9058-954023874141} - C:\WINDOWS\system32\jkhxaklo.dll
O2 - BHO: skqnbbib.dll - {22023698-6984-8541-9654-698745012522} - C:\WINDOWS\system32\skqnbbib.dll
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll
O2 - BHO: cdwsbkop.dll - {2A095412-A568-B258-C587-D148E148F0A2} - C:\WINDOWS\system32\cdwsbkop.dll
O2 - BHO: apzhbtde.dll - {2D698451-2015-6358-9871-2015987452D2} - C:\WINDOWS\system32\apzhbtde.dll
O2 - BHO: apfobdet.dll - {2E035987-F585-68D1-AC28-98FA58E459E2} - C:\WINDOWS\system32\apfobdet.dll
O2 - BHO: apsgbjba.dll - {2FD45A54-9875-698F-E56E-65102358FDF2} - C:\WINDOWS\system32\apsgbjba.dll
O2 - BHO: oswxcttb.dll - {33512378-9874-5641-1025-985420368733} - C:\WINDOWS\system32\oswxcttb.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: mpwdcapi.dll - {35694105-5108-9405-3695-954187462153} - C:\WINDOWS\system32\mpwdcapi.dll
O2 - BHO: lofscjbo.dll - {370165F1-9F65-569F-F895-F14F58F41073} - C:\WINDOWS\system32\lofscjbo.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: zycbcime.dll - {3A698102-5904-AFD0-20DF-CD1A65829CA3} - C:\WINDOWS\system32\zycbcime.dll
O2 - BHO: mndhcdwd.dll - {3C648541-1025-9650-9057-6541258720C3} - C:\WINDOWS\system32\mndhcdwd.dll
O2 - BHO: mpmydapi.dll - {4629FF4F-ACDB-5C90-A098-FACB3456A264} - C:\WINDOWS\system32\mpmydapi.dll
O2 - BHO: ozfydbyt.dll - {4A069845-2036-6084-9054-6087502480A4} - C:\WINDOWS\system32\ozfydbyt.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: zywmeime.dll - {5319A1F1-9410-9654-3201-345FFA349135} - C:\WINDOWS\system32\zywmeime.dll
O2 - BHO: oohxdbyt.dll - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} - C:\WINDOWS\system32\oohxdbyt.dll
O2 - BHO: mndsfsrv.dll - {67FD640A-158F-48AC-FD14-1597F14A9776} - C:\WINDOWS\system32\mndsfsrv.dll
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - C:\WINDOWS\system32\zxmscwin.dll
O2 - BHO: mnmhfsrv.dll - {6C8D1401-A58D-A81C-CD24-A5915C4517C6} - C:\WINDOWS\system32\mnmhfsrv.dll
O2 - BHO: ypcqfhlp.dll - {70AF1289-F140-A140-D012-C1458759FC07} - C:\WINDOWS\system32\ypcqfhlp.dll
O2 - BHO: ypdjfbmp.dll - {81954FAC-1023-154F-895A-1458258AD818} - C:\WINDOWS\system32\ypdjfbmp.dll
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - C:\WINDOWS\system32\yxfhcjpg.dll
O2 - BHO: yzzthmsn.dll - {8490415F-65F8-B5C5-D8BA-9405FB120548} - C:\WINDOWS\system32\yzzthmsn.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - I:\CAIFODUH\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: zyzxhime.dll - {8A59145F-315D-BC23-AC1F-145DF81A34A8} - C:\WINDOWS\system32\zyzxhime.dll
O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用迅雷下載 - I:\CAIFODUH\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - I:\CAIFODUH\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {338D07FB-5B35-41CB-B696-33F24C91F201} (TWCAPI3 Class) - https://pis.wls.com.tw/TWCACAPIX.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8027 bytes

plunderer 2008-05-29 05:49 PM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - I:\CAIFODUH\Thunder\ComDlls\xunleiBHO_Now.dll

02 項除了上面三項外其他全部勾選修復

connieyu 2008-05-29 06:27 PM
引用:
作者: plunderer (文章 1954839)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - I:\CAIFODUH\Thunder\ComDlls\xunleiBHO_Now.dll

02 項除了上面三項外其他全部勾選修復
我有這樣做,而且還是好幾次,
但是刪不掉。
還用”System Repair Eanigeer”(是由論壇聯結去下載的)。
而且明明說”已刪除”,但重開機後,
再hijack一次,還是在。

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at PM 06:33:34, on 2008/5/29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: jkhxaklo.dll - {14698742-2059-3025-9058-954023874141} - C:\WINDOWS\system32\jkhxaklo.dll
O2 - BHO: skqnbbib.dll - {22023698-6984-8541-9654-698745012522} - C:\WINDOWS\system32\skqnbbib.dll
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll
O2 - BHO: cdwsbkop.dll - {2A095412-A568-B258-C587-D148E148F0A2} - C:\WINDOWS\system32\cdwsbkop.dll
O2 - BHO: apzhbtde.dll - {2D698451-2015-6358-9871-2015987452D2} - C:\WINDOWS\system32\apzhbtde.dll
O2 - BHO: apfobdet.dll - {2E035987-F585-68D1-AC28-98FA58E459E2} - C:\WINDOWS\system32\apfobdet.dll
O2 - BHO: apsgbjba.dll - {2FD45A54-9875-698F-E56E-65102358FDF2} - C:\WINDOWS\system32\apsgbjba.dll
O2 - BHO: oswxcttb.dll - {33512378-9874-5641-1025-985420368733} - C:\WINDOWS\system32\oswxcttb.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: mpwdcapi.dll - {35694105-5108-9405-3695-954187462153} - C:\WINDOWS\system32\mpwdcapi.dll
O2 - BHO: lofscjbo.dll - {370165F1-9F65-569F-F895-F14F58F41073} - C:\WINDOWS\system32\lofscjbo.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: zycbcime.dll - {3A698102-5904-AFD0-20DF-CD1A65829CA3} - C:\WINDOWS\system32\zycbcime.dll
O2 - BHO: mndhcdwd.dll - {3C648541-1025-9650-9057-6541258720C3} - C:\WINDOWS\system32\mndhcdwd.dll
O2 - BHO: mpmydapi.dll - {4629FF4F-ACDB-5C90-A098-FACB3456A264} - C:\WINDOWS\system32\mpmydapi.dll
O2 - BHO: ozfydbyt.dll - {4A069845-2036-6084-9054-6087502480A4} - C:\WINDOWS\system32\ozfydbyt.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: zywmeime.dll - {5319A1F1-9410-9654-3201-345FFA349135} - C:\WINDOWS\system32\zywmeime.dll
O2 - BHO: oohxdbyt.dll - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} - C:\WINDOWS\system32\oohxdbyt.dll
O2 - BHO: mndsfsrv.dll - {67FD640A-158F-48AC-FD14-1597F14A9776} - C:\WINDOWS\system32\mndsfsrv.dll
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - C:\WINDOWS\system32\zxmscwin.dll
O2 - BHO: mnmhfsrv.dll - {6C8D1401-A58D-A81C-CD24-A5915C4517C6} - C:\WINDOWS\system32\mnmhfsrv.dll
O2 - BHO: ypcqfhlp.dll - {70AF1289-F140-A140-D012-C1458759FC07} - C:\WINDOWS\system32\ypcqfhlp.dll
O2 - BHO: ypdjfbmp.dll - {81954FAC-1023-154F-895A-1458258AD818} - C:\WINDOWS\system32\ypdjfbmp.dll
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - C:\WINDOWS\system32\yxfhcjpg.dll
O2 - BHO: yzzthmsn.dll - {8490415F-65F8-B5C5-D8BA-9405FB120548} - C:\WINDOWS\system32\yzzthmsn.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - I:\CAIFODUH\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: zyzxhime.dll - {8A59145F-315D-BC23-AC1F-145DF81A34A8} - C:\WINDOWS\system32\zyzxhime.dll
O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用迅雷下載 - I:\CAIFODUH\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - I:\CAIFODUH\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8157 bytes

plunderer 2008-05-29 07:53 PM
C:\WINDOWS\system32\Explorer.exe 上傳到多引擎掃描網站掃掃看
http://virusscan.jotti.org/

正常 Explorer.exe 應該在C:\WINDOWS\ 下

connieyu 2008-05-30 09:05 AM
大家早安!
經過昨晚的努力,
我終於把作業系統給弄掛了。:on_51:
我是想用手動刪除莫名其妙的dll,
它是隱藏檔,有找到卻刪不掉,
用”解鎖”也不行,
然後防毒就叫個不停,
一直說有木馬,但又不能刪、不能隔離,
只好一切重來。
現在已經format重灌了。
謝謝大家的幫忙。:on_28::on_28::on_28:

我下次不敢再亂裝”優化小程式”了。
這句話我好像講過了,
只是有時還真的不怕死,
然就就真的:on_77:

再次說聲謝謝大家!


所有時間均為台北時間。現在的時間是 07:49 PM

Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2025, Jelsoft Enterprises Ltd.

『服務條款』

* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *


SEO by vBSEO 3.6.1