註冊 登入



打印

[已解決] IE 出左問題, 附 Hijackthis, 請各位幫忙

IE 出左問題, 附 Hijackthis, 請各位幫忙 E-mail 此主題給朋友

[隱藏]
希望各位大佬幫幫小弟,

IE 出左以下問題, NOD32 掃完毒無發現

1. 個網址列中只呢有三條 History:
    http://www.sina.com.cn/
    http://www.baidu.com/s?tn=openssl_dg
    http://www.taobao.com/

2. 個 Google Toolbar 裝唔到, 重裝, restart 都係唔得, 會响檢視 - 工具列中搵唔到.

3. 點樣先可以check 到頭先個 programme 幫我裝左 d 咩我可以一次過清晒佢?

[ 本帖最後由 localppl 於 2009-11-8 07:43 PM 編輯 ]



實用相關搜尋: 工具 google

回覆 引用 TOP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午11:04:13, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Tablet\TabUserW.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: BobaBHO - {0832FF2C-0867-48AC-A446-3EC50FB4CC3A} - (no file)
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Google 網頁註解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
O8 - Extra context menu item: 使用電驢下載 - C:\Program Files\easyMule\IE2EM.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.aimtech.cityu.edu.hk
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.c ... ugins
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celartem.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {47F7AB40-86FD-4385-991D-895E2E3E1255} (p2pactx Control) - http://2008.i-cable.com/webapps/live_video/p2pactx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

--
End of file - 8430 bytes

[ 本帖最後由 localppl 於 2009-11-7 02:24 PM 編輯 ]






回覆 引用 TOP

推一推先, 我用 NOD32, BitDefender Online 掃過都唔得,
用埋 Spyware Doctor 同埋 Malwarebytes' 都係搞唔掂, 希望各位幫忙






回覆 引用 TOP

引用:
1. 個網址列中只呢有三條 History:
    http://www.sina.com.cn/
    http://www.baidu.com/s?tn=openssl_dg
    http://www.taobao.com/
按之後既步驟檢查. 可能係中毒.
引用:
2. 個 Google Toolbar 裝唔到, 重裝, restart 都係唔得, 會响檢視 - 工具列中搵唔到.
試下安裝最新版本再移除,之後再重新安裝.

http://www.google.com/support/to ... =en&answer=9255
引用:
3. 點樣先可以check 到頭先個 programme 幫我裝左 d 咩我可以一次過清晒佢?
可以用 Revo Uninstaller 移除軟件,選擇 Advanced Mode,之後會顯示移除軟件後剩餘既相關檔案.

http://www.revouninstaller.com/

==========================================================

下載 System Repair Engineer

http://www.kztechs.com/eng/download.html

  • System Repair Engineer 資料夾解壓至桌面.
  • 執行 SREngLdr
  • 選擇智慧掃描,再按掃描進行掃描.
  • 完成掃描後,按 Save Reports 儲存 System Repair Engineer 掃描記錄.




下載 DDS桌面

http://download.bleepingcomputer.com/sUBs/dds.scr

  • 執行 DDS
  • DDS 會進行掃描,其間會彈出一個視窗,按確定
  • 掃描完成後會彈出兩個 DDS 記錄: DDS.txtAttach.txt
  • 用上傳空間 (例如 www.sendspace.com) 上載 DDS.txtAttach.txt




貼上 DDS.txtAttach.txtSystem Repair Engineer 記錄.






All Your Malware Are Belong To Us

Malware Fighter (Since 2006)

狀態:
ONLINE
OFFLINE <-

回覆 引用 TOP

[隱藏]
謝謝回覆, 現附上 DDS txt, Attach txt, System Repair Engineer 記錄

DDS txt: http://www.sendspace.com/file/ubbjb0
Attach txt: http://www.sendspace.com/file/mgnfir
System Repair Engineer 記錄: http://www.sendspace.com

Thanks a lot!!!

[ 本帖最後由 localppl 於 2009-11-7 02:21 PM 編輯 ]



實用相關搜尋: Spa

回覆 引用 TOP

VirusTotal 掃描以下檔案,然後貼上記錄.

C:\Windows\system32\RichTX32.dll

VirusTotal 教學:

http://discuss.com.hk/viewthread.php?tid=944141






All Your Malware Are Belong To Us

Malware Fighter (Since 2006)

狀態:
ONLINE
OFFLINE <-

回覆 引用 TOP

File 50AD853700E0879E90A6010ACB882600862F81DA.dll received on 2009.09.29 15:37:29 (UTC)
Current status: finished

Result: 0/41 (0.00%)
Compact Print results  
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.29 -
AhnLab-V3 5.0.0.2 2009.09.29 -
AntiVir 7.9.1.27 2009.09.29 -
Antiy-AVL 2.0.3.7 2009.09.29 -
Authentium 5.1.2.4 2009.09.29 -
Avast 4.8.1351.0 2009.09.28 -
AVG 8.5.0.412 2009.09.29 -
BitDefender 7.2 2009.09.29 -
CAT-QuickHeal 10.00 2009.09.29 -
ClamAV 0.94.1 2009.09.29 -
Comodo 2469 2009.09.29 -
DrWeb 5.0.0.12182 2009.09.29 -
eSafe 7.0.17.0 2009.09.29 -
eTrust-Vet 31.6.6768 2009.09.29 -
F-Prot 4.5.1.85 2009.09.29 -
F-Secure 8.0.14470.0 2009.09.29 -
Fortinet 3.120.0.0 2009.09.29 -
GData 19 2009.09.29 -
Ikarus T3.1.1.72.0 2009.09.29 -
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.856 2009.09.29 -
Kaspersky 7.0.0.125 2009.09.29 -
McAfee 5756 2009.09.29 -
McAfee+Artemis 5756 2009.09.29 -
McAfee-GW-Edition 6.8.5 2009.09.29 -
Microsoft 1.5005 2009.09.23 -
NOD32 4467 2009.09.29 -
Norman 6.01.09 2009.09.29 -
nProtect 2009.1.8.0 2009.09.29 -
Panda 10.0.2.2 2009.09.28 -
PCTools 4.4.2.0 2009.09.29 -
Prevx 3.0 2009.09.29 -
Rising 21.49.14.00 2009.09.29 -
Sophos 4.45.0 2009.09.29 -
Sunbelt 3.2.1858.2 2009.09.29 -
Symantec 1.4.4.12 2009.09.29 -
TheHacker 6.5.0.2.021 2009.09.28 -
TrendMicro 8.500.0.1002 2009.09.29 -
VBA32 3.12.10.11 2009.09.29 -
ViRobot 2009.9.29.1963 2009.09.29 -
VirusBuster 4.6.5.0 2009.09.29 -
Additional information
File size: 102400 bytes
MD5   : cdba36fb1799be001def7203f4f1018f
SHA1  : 72afb80104c8fc068e5c13dff19c886f578f1ace
SHA256: 1ddede391468f16c86e7848da002baaa6298a95b6e37a47fb1913cdfbfd41dee
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xAC95
timedatestamp.....: 0x4AB25846 (Thu Sep 17 17:39:50 2009)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xFE0E 0x10000 6.58 9f9a69c432a9196a0537d76d44b9b2eb
.rdata 0x11000 0x38A6 0x4000 4.90 2b4dd0a960fe9793142cfaafeea0669b
.data 0x15000 0x43E4 0x1000 2.24 91f17efd24fe2c9f75ec4588e0b6ae3e
.rsrc 0x1A000 0xCE8 0x1000 3.09 3982172f57918e7d8df33c21f0f432b7
.reloc 0x1B000 0x1CA8 0x2000 4.87 1d5b7dbec54c2fff3684272ad257aa3f

( 8 imports )

> advapi32.dll: RegEnumKeyExA, GetUserNameA, RegQueryInfoKeyA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA
> kernel32.dll: RaiseException, GetLastError, InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LoadResource, FindResourceA, lstrlenA, lstrcmpiA, WriteFile, ReadFile, CloseHandle, CreateFileA, GetPrivateProfileStringA, lstrcpynA, lstrlenW, IsDBCSLeadByte, LeaveCriticalSection, InterlockedIncrement, EnterCriticalSection, InterlockedDecrement, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GetModuleFileNameA, DeleteFileA, GetSystemDirectoryA, DisableThreadLibraryCalls, lstrcpyA, lstrcatA, FlushFileBuffers, SetStdHandle, LCMapStringW, LCMapStringA, SetFilePointer, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, GetStringTypeW, GetStringTypeA, IsBadCodePtr, IsBadReadPtr, LoadLibraryA, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, ExitProcess, GetSystemTimeAsFileTime, RtlUnwind, GetCurrentThreadId, GetCommandLineA, HeapCreate, VirtualFree, IsBadWritePtr, GetProcAddress, TerminateProcess, GetCurrentProcess, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, SetUnhandledExceptionFilter, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetHandleCount, UnhandledExceptionFilter
> ole32.dll: CoCreateInstance, CoTaskMemAlloc, CoTaskMemFree, CoTaskMemRealloc, StringFromGUID2
> oleaut32.dll: -, -, -, -, -, -
> shell32.dll: ShellExecuteExA
> shlwapi.dll: StrStrIA, PathFileExistsA, StrChrIA, PathFindExtensionA
> user32.dll: CharNextA
> wininet.dll: InternetCloseHandle

( 1 exports )

> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID  : File type identification
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
ssdeep: 1536:y5o7UcEojMe2VGbyS1IjjRu5dzZ5LpyMLEHdyQDKndJubgeElnJfyxX:Ko7UUMe2VGP10jIvtaM2KnjubYlnJfC
PEiD  : -
RDS   : NSRL Reference Data Set
-






回覆 引用 TOP

下載 SystemLook桌面

http://jpshortstuff.247fixes.com/SystemLook.exe

  • 執行 SystemLook
  • 於視窗內貼上以下內容,然後按 Look

    :regfind
    RichTX32.dll
    {C3238BEC-FEFC-46B7-9C86-0CD8200B4496}


  • 之後會彈出 SystemLook 記錄.
  • 貼上 SystemLook 記錄内容.






All Your Malware Are Belong To Us

Malware Fighter (Since 2006)

狀態:
ONLINE
OFFLINE <-

回覆 引用 TOP

SystemLook v1.0 by jpshortstuff (29.08.09)

========== regfind ==========

Searching for "RichTX32.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\WINDOWS\system32\RichTX32.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\WINDOWS\system32\RichTX32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\RichTX32.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3238BEC-FEFC-46B7-9C86-0CD8200B4496}\InprocServer32]
@="C:\WINDOWS\system32\RichTX32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3238BEC-FEFC-46B7-9C86-0CD8200B4496}\InprocServer32]
@="C:\WINDOWS\system32\RichTX32.dll"
[HKEY_USERS\S-1-5-21-299502267-261478967-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\WINDOWS\system32\RichTX32.dll"
[HKEY_USERS\S-1-5-21-299502267-261478967-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\WINDOWS\system32\RichTX32.dll"

Searching for "{C3238BEC-FEFC-46B7-9C86-0CD8200B4496}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3238BEC-FEFC-46B7-9C86-0CD8200B4496}]

-=End Of File=-

Thanks!

[ 本帖最後由 localppl 於 2009-11-7 03:58 PM 編輯 ]



實用相關搜尋: windows mac server Server Software Microsoft

回覆 引用 TOP

[隱藏]
下載 OTM桌面

http://oldtimer.geekstogo.com/OTM.exe

  • 執行 OTM
  • 用滑鼠複製以下粗黑色文字,於 OTM 視窗 Paste Instructions for Items to be Moved 貼上以下內容:

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\RichTX32.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3238BEC-FEFC-46B7-9C86-0CD8200B4496}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{943B0D8D-78D4-4F75-8172-838BB6697394}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RichTX32.MsHttpApp]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RichTX32.MsHttpApp.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RichTX32.MsHttpFilter]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RichTX32.MsHttpFilter.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3B}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\http]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url1"=-
    "url2"=-
    "url3"=-

    :files
    C:\WINDOWS\system32\RichTX32.dll


  • 之後按 MoveIt!
  • 重新啓動電腦.




之後睇下 IE 網址列記錄有冇正常返.



實用相關搜尋: 下載 windows mac IT Spa Software Microsoft 電腦
All Your Malware Are Belong To Us

Malware Fighter (Since 2006)

狀態:
ONLINE
OFFLINE <-

回覆 引用 TOP

得左, 無問題la!!!
謝謝幫忙, 萬分感激!!!



熱門搜尋: 手錶品牌 結婚對戒 時裝 日韓時裝 online shopping 眼鏡

回覆 引用 TOP

OK.

刪除以下惡意程式備份資料夾:

C:\_OTM

之後再用 NOD32 檢查電腦.



實用相關搜尋: 程式 檢查 電腦
All Your Malware Are Belong To Us

Malware Fighter (Since 2006)

狀態:
ONLINE
OFFLINE <-

回覆 引用 TOP

Delete 左個 file, 同埋用 NOD32 check 過無事!!
唔該晒版主!!!







回覆 引用 TOP

[按此隱藏 Google 建議的相符內容]
 





 

重要聲明:本討論區是以即時上載留言的方式運作,香港討論區對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意 見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們。香港討論區有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ), 同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權 。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。


Copyright©2003- Discuss.com.hk Limited. All Right Reserved.
版權所有,不得轉載。