2010-06-11, 08:20 AM | #1 |
註冊會員
|
求助 - 開機後會自動打開"我的文件"資料夾
我的XP每當開機後會自動打開"我的文件"資料夾
用CCleaner並未抓出問題 底下是用HijackThis的結果, 請各位大大先過目再指示問題所在, 謝謝. ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:13:48 上午, on 2010/6/11 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avast4 Pro\aswUpdSv.exe C:\Program Files\Avast4 Pro\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVAST4~1\ashDisp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe D:\Downloads\HiJackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe, O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 173.232.108.157 www.google.com O1 - Hosts: 173.232.108.157 google.com O1 - Hosts: 173.232.108.157 google.com.au O1 - Hosts: 173.232.108.157 www.google.com.au O1 - Hosts: 173.232.108.157 google.be O1 - Hosts: 173.232.108.157 www.google.be O1 - Hosts: 173.232.108.157 google.com.br O1 - Hosts: 173.232.108.157 www.google.com.br O1 - Hosts: 173.232.108.157 google.ca O1 - Hosts: 173.232.108.157 www.google.ca O1 - Hosts: 173.232.108.157 google.ch O1 - Hosts: 173.232.108.157 www.google.ch O1 - Hosts: 173.232.108.157 google.de O1 - Hosts: 173.232.108.157 www.google.de O1 - Hosts: 173.232.108.157 google.dk O1 - Hosts: 173.232.108.157 www.google.dk O1 - Hosts: 173.232.108.157 google.fr O1 - Hosts: 173.232.108.157 www.google.fr O1 - Hosts: 173.232.108.157 google.ie O1 - Hosts: 173.232.108.157 www.google.ie O1 - Hosts: 173.232.108.157 google.it O1 - Hosts: 173.232.108.157 www.google.it O1 - Hosts: 173.232.108.157 google.co.jp O1 - Hosts: 173.232.108.157 www.google.co.jp O1 - Hosts: 173.232.108.157 google.nl O1 - Hosts: 173.232.108.157 www.google.nl O1 - Hosts: 173.232.108.157 google.no O1 - Hosts: 173.232.108.157 www.google.no O1 - Hosts: 173.232.108.157 google.co.nz O1 - Hosts: 173.232.108.157 www.google.co.nz O1 - Hosts: 173.232.108.157 google.pl O1 - Hosts: 173.232.108.157 www.google.pl O1 - Hosts: 173.232.108.157 google.se O1 - Hosts: 173.232.108.157 www.google.se O1 - Hosts: 173.232.108.157 google.co.uk O1 - Hosts: 173.232.108.157 www.google.co.uk O1 - Hosts: 173.232.108.157 google.co.za O1 - Hosts: 173.232.108.157 www.google.co.za O1 - Hosts: 173.232.108.157 www.google-analytics.com O1 - Hosts: 173.232.108.157 www.bing.com O1 - Hosts: 173.232.108.157 search.yahoo.com O1 - Hosts: 173.232.108.157 www.search.yahoo.com O1 - Hosts: 173.232.108.157 uk.search.yahoo.com O1 - Hosts: 173.232.108.157 ca.search.yahoo.com O1 - Hosts: 173.232.108.157 de.search.yahoo.com O1 - Hosts: 173.232.108.157 fr.search.yahoo.com O1 - Hosts: 173.232.108.157 au.search.yahoo.com O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll O3 - Toolbar: MajiToolbar - {DF76A633-1E37-4A16-A943-0938402FFA8B} - C:\Program Files\MyMaji\MajiToolbar\MajiToolbar.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunServices: [win] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wocualts.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\ComDlls\Bholink.htm O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\ComDlls\Bhoall.htm O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} (MegaICBC XCsp) - https://netbank.megabank.com.tw/natm/MEGAATM.CAB O16 - DPF: {2B38E40E-977D-4767-919C-2AA29C041618} (BOT Class) - https://ebank.bot.com.tw/NNBank/NN/FCardS.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {2CFB9D51-2B41-4A5E-BAC1-87ADB3E071CC} (Npcms Control) - https://210.241.69.188/moica/npcms.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {7067DEA7-8C20-4519-8615-B1829371D8B9} (CTCBWebATM Control) - https://family.chinatrust.com.tw/Web...CTCBWebATM.cab O16 - DPF: {8E1D16E3-37B1-48B8-862E-9D646FC0C8FF} (TFBWebATM Control) - https://ebank.taipeifubon.com.tw/iba.../TFBWebATM.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O16 - DPF: {D5B4A34D-38B0-40E5-BC6B-CF5F00EC4514} (AuthClient Class) - https://456.cht.com.tw/Authenticatio...authclient.cab O16 - DPF: {F0754118-706B-4E14-8ED9-96E7A18DB894} (XCSP Class) - https://netbank.esunbank.com.tw/webatm/cabs/esuncsp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{178641AB-27A7-4654-8FCC-40B72CBBE40A}: NameServer = 61.31.233.1,61.31.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{545AC835-F74F-4E59-BA39-78E596343507}: NameServer = 61.31.1.1 61.31.233.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{178641AB-27A7-4654-8FCC-40B72CBBE40A}: NameServer = 61.31.233.1,61.31.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{178641AB-27A7-4654-8FCC-40B72CBBE40A}: NameServer = 61.31.233.1,61.31.1.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{178641AB-27A7-4654-8FCC-40B72CBBE40A}: NameServer = 61.31.233.1,61.31.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\swprv32.dll O20 - Winlogon Notify: cryptnet32 - C:\WINDOWS\SYSTEM32\cryptnet32.dll O20 - Winlogon Notify: d2f09e9912 - C:\WINDOWS\system32\swprv32.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4 Pro\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4 Pro\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4 Pro\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4 Pro\ashWebSv.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Network Security Services Base Service (NSSBS) - Unknown owner - nssbsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 11817 bytes |
送花文章: 41,
|
2010-06-11, 08:54 AM | #2 (permalink) |
論壇主管
|
開機進入XP後,都會自動開啟我的文件
這情形有可能是啟動資料夾裡有放置您的文件,而「啟動」這個資料夾在開機時就會啟動,也就出現一開機就打開您的某一個文件。 您可以檢查一下「開始」、「程式集」、「啟動」,檢查裡面是否有這一個文件。有的話將它刪除就可以了。 另外您也可以依照如下的方式來查看︰ 請照以下步驟試看看: 開始\執行\regedit 找出以下機碼位置 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit 編輯內容(工具列)為:C:\WINDOWS\SYSTEM32\USERINIT.EXE, 再重新開機即可 |
__________________ 不飛的不飛 ... 因為曾經端座在雲霄之上 ... 所以不飛 , 因為期待您能與不飛抬頭共列翱翔天昊 ... 所以更是不飛 ! 不飛不想飛 ... 畢竟殘破雙翼在苔階沾濕 ... 所以低頭 , 只好安靜地蹲在這練習 ... 學習要如何才能飛的更高更遠 ! 不飛不曾飛 ... 終於知道青澀期代表蒼狗 ... 所以情殤 , 一甲子的意境等於六十年的期盼的凝固 ... 所以就此棲巢 ! |
|
送花文章: 959,
|
2010-06-18, 01:19 PM | #4 (permalink) | |
長老會員
|
引用:
基本上只要你的電腦是XP都應該要找得到這個註冊碼位置 目前遇到過幾台開機就會開啟我的文件之CASE 不外乎以下兩種狀況 ----------------------------------------------------------------------------- 按 "開始" → "執行" → "輸入regedit" → "確定" → 找到下面機碼位置 →HKEY_LOCAL_MACHINE/ SOFTWARE/ Microsoft/ WindowsNT/ CurrentVersion/ Winlogon/ 找到Userinit 看看裡面數值是不是 C:\WINDOWS\system32\userinit.exe, (逗號也要) 如果不是就按右鍵修改 再重新開機就ok了 ---------------------------------------------------------------------------- 按「開始」 → 「執行」 → 輸入「msconfig」,會跳出一個「系統公用程式」, 在裡面可以查看各選項中是否有您的文件夾置放其中,特別是在「啟動」部份, 請檢查一下,如果看見EXPLORER.EXE,將旁邊有個方框中有打勾的部份取消即可。 |
|
__________________ 幸福背後要付出的代價是非常非常大的 但人們往往只看到幸福的假象 卻沒想著該付出的努力代價 本是浮雲隨風飄 落下凡塵惹塵埃 我究竟還要走多遠的路才能獲得別人的認同 |
||
送花文章: 37553,
|
2010-06-20, 07:30 PM | #8 (permalink) |
註冊會員
|
下載 startup.exe 。這個軟體可找出一開機進入 Windows 的各項程式來編輯或刪除。
http://www.faqdiy.cn/N_Files/Startup.zip 你說﹕[還有就是, 進入桌面後會無端出現"系統公用程式"的框框] 這是正常的。只要改過一次﹐下次開機就會出現。只要你在對話方格裡面的空格打勾﹐下次開機就不會出現。 |
送花文章: 10,
|
2010-06-20, 11:22 PM | #10 (permalink) |
註冊會員
|
看樣子你的電腦是慘遭流氓軟體的毒手了 ﹕
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe, O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.co O1 - Hosts: 74.125.45.100 www.secure-plus-payments.co O1 - Hosts: 74.125.45.100 www.getavplusnow.co O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.co O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com 請參考﹕ http://www.bleepingcomputer.com/viru...s-system-suite http://www.myantispyware.com/2009/08...-instructions/ 或者在 google 輸入 74.125.45.100 等關鍵字來查詢 (請小心﹐hijackthis 顯示的這些網站千萬別點選﹐可能會被強制安裝流氓軟體﹐我把這些網站的 com 改成 co 。特此聲明。) |
送花文章: 10,
|
有 4 位會員向 hawlan 送花:
|
2010-06-21, 01:03 PM | #12 (permalink) |
註冊會員
|
http://www.bleepingcomputer.com/viru...em-suite#files
請仔細閱讀以上解救方法。 那邊有提供一個軟體來解救﹕Malwarebytes' Anti-Malware -------------- 你一定是進去我介紹的第一個網頁﹐看到 spyware doctor ﹐就去下載﹐是不是﹖ 那個是廣告來的。真正解救軟體在下面... |
送花文章: 10,
|
2010-06-21, 04:07 PM | #14 (permalink) |
註冊會員
|
基本法﹕
http://tw.myblog.yahoo.com/austinlin...next=-2&page=1 進階法﹕ http://leavedcorn.pixnet.net/blog/post/22163291 google關鍵字﹕ 虛擬記憶體 裡面有非常多的講解。 |
送花文章: 10,
|
|
|
相似的主題 | ||||
主題 | 主題作者 | 討論區 | 回覆 | 最後發表 |
如何大量自動改"資料夾"名. | iwillkiss | 軟體應用問題討論區 | 1 | 2003-08-14 07:48 AM |
我的電腦當機以後,就出現"CG Cache"的資料夾 | penny50514 | 軟體應用問題討論區 | 2 | 2003-05-06 12:09 AM |
為什麼我的共用文件資料夾變成英文了? | tokyojoe | 軟體應用問題討論區 | 3 | 2003-04-22 09:29 AM |
我的最愛一直出現"連結"這個資料夾 | 蘇總統 | 一般電腦疑難討論區 | 2 | 2003-02-16 04:52 AM |
如何將XP中的"我的文件"folder 設定成直接連結其他自訂的檔案夾? | zenoline | 軟體應用問題討論區 | 1 | 2003-01-06 08:20 AM |