打印

[求助] 開唔到Internet Explorer (附HikackThis Scanning Log)

開唔到Internet Explorer (附HikackThis Scanning Log) E-mail 此主題給朋友

[隱藏]
大家好,唔知點解今日開唔到IE
Double Click Desktop個IE icon後,
開左個視窗,
但未load到個網頁就自動關左...
請各位高手幫幫小弟....
萬二分感謝!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57, on 2009/2/13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it

<續>



實用相關搜尋: Spa Java google

TOP

<續上頁>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [IMJPMIG8.1] ; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PHIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] ; C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Windows Defender] ; "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] ; "C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [L06AXLRD_5523203] ; "C:\Program Files\Microsoft Student\Microsoft Student 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\j3ewro.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 BitComet 下載全部影片(&V) - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用 BitComet 下載全部連結(&A) - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用 BitComet 下載連結(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: 轎煤儕粗弝け閉霜釧婓盄夤艘 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 畦啪萇弝 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05BCE06B-A300-4C4E-A42F-4C04BCCDE63B} (TRLuncherROC Control) - http://weblogin.talesrunner.com.hk/TRLuncherROC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wind ... e.cab?1123610152150
O16 - DPF: {65F928C4-032E-42DD-AB17-CBD334D4CC54} - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/ ... e.cab?1206099690984
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 13197 bytes


請幫幫小弟...謝謝!!!



實用相關搜尋: Spa Java Microsoft google blog

TOP

1.關閉系統還原, 執行Hijackthis
2.按Do a system scan only,稍等一下直至  "Scan" 變成 "Save log"
3.勾選以下項目(左方方格),關閉除了Hijackthis.exe之外的其他視窗,按 "Fix checked",hijackthis會提示你重啟,如在此一步驟後,可重新啟動電腦。

O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\j3ewro.exe
O9 - Extra button: 轎煤儕粗弝ⅰ閉霜釧婓盄夤艘 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 畦啪萇弝 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab






「君不須防人不肖、眼前鬼卒皆為妖、秦王徒把長城築、禍去禍來因自招。」

勢不可去盡,話不可說盡,福不可享盡,規矩不可行盡,凡事太盡,緣分勢必早盡!

TOP

Step: Download & Run Uanish


    * 下載 Uanish及KavoAutoRunKill.USPT
     http://www.discuss.com.hk/viewthread.php?tid=8969715&amp;extra=page%3D1
     Uanish下載點:
     http://www.sendspace.com/file/58s66z
    * 解壓縮 UanishCMD.zip 到桌面
    * 將 KavoAutoRunKill.USPT 拉到 Uanish.exe 放開
    * 假如程式要求重新啟動電腦, 按 確認
    * 報告會存放於UanishCMD文件夾內report.txt



Step: Report Back


    * 貼上 以下報告
    * 如果報告太長,可以上傳到 這裡

    * Uanish 報告 {UanishSEdition文件夾內report.html}

[ 本帖最後由 無恥之徒 於 2009-2-14 12:40 AM 編輯 ]



實用相關搜尋: Spa 電腦
「君不須防人不肖、眼前鬼卒皆為妖、秦王徒把長城築、禍去禍來因自招。」

勢不可去盡,話不可說盡,福不可享盡,規矩不可行盡,凡事太盡,緣分勢必早盡!

TOP

[隱藏]
多謝你既建議~
已經跟你講既step做過,
Uanish 報告如下:

Script Name: KavoAutoRunKill.USPT
Author: uhthn2002
This script will remove the Kavo Trojan.Autorun files.


刪除檔案
[#]成功 C:\autorun.inf
[#]成功 G:\autorun.inf
[#]成功 C:\WINDOWS\system32\lhgjyit1.dll
[#]成功 C:\WINDOWS\system32\lhgjyit2.dll
[#]成功 C:\WINDOWS\system32\godert0.dll
[#]成功 C:\WINDOWS\system32\godert1.dll
[!]重啟刪除 C:\WINDOWS\system32\afmain0.dll 0x1DC0000
[#]成功 C:\WINDOWS\system32\afmain1.dll
[#]成功 C:\WINDOWS\system32\afmain2.dll
[#]成功 C:\WINDOWS\system32\afmain3.dll
[#]成功 C:\WINDOWS\system32\afmain4.dll
[#]成功 C:\WINDOWS\system32\afmain5.dll
[!]重啟刪除 C:\WINDOWS\system32\afmain0.dll 0x1DC0000
[#]成功 C:\WINDOWS\system32\mkfght0.dll
[#]成功 C:\WINDOWS\system32\mkfght1.dll
[#]成功 C:\WINDOWS\system32\haozs0.dll
[!]重啟刪除 C:\WINDOWS\system32\haozs1.dll 0x10000000
[#]成功 C:\WINDOWS\system32\haozs2.dll
[#]成功 C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf


流動功能
[#]成功 刪除臨時文件 -> SysTmp
[#]成功 刪除臨時文件 -> InternetTmp
[#]成功 刪除臨時文件 -> RecycleBin




小弟嘗試再開IE,但都係開唔到...
煩請大師繼續幫幫忙...謝謝!!!!



實用相關搜尋: Spa

TOP

下載 ComboFix 至桌面

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
    * 執行 ComboFix

      注意: 為防止保安軟件將 ComboFix 錯誤列為危險檔案. 執行 ComboFix 之前請將防毒軟件及反間諜軟件暫時關閉. 另外,ComboFix 運作其間請勿執行任何程式或用滑鼠點擊 ComboFix 視窗.

    * ComboFix 會彈出視窗,按是 (Y)
    * 假如需要安裝恢復控制台,按是 (N)
    * 程式會進行掃描,其間桌面可能會暫時消失. 完成掃描後,程式會自動關閉.
    * 完成後 ComboFix 可能會自動重新啓動電腦. 之後 ComboFix 記錄會彈出. 記錄會自動儲存於 C:\ComboFix.txt
    * 貼上 ComboFix 記錄.



實用相關搜尋: Spa 軟件 電腦
「君不須防人不肖、眼前鬼卒皆為妖、秦王徒把長城築、禍去禍來因自招。」

勢不可去盡,話不可說盡,福不可享盡,規矩不可行盡,凡事太盡,緣分勢必早盡!

TOP

謝謝您的解答
已將ComboFix既log upload左
謝謝~

http://www.sendspace.com/file/t1a36j



實用相關搜尋: Spa

TOP

樓主, 您有多少種硬碟和USB儲存裝備? 您中了Autorun病毒.

Step: CFScript


    * 開啟記事本,貼上以下內容


KILLALL::

File::
C:\dgf.exe
c:\windows\system32\lhgjyit1.dll
c:\windows\AhnRpta.exe
c:\windows\system32\kacsde.exe

Folder::
C:\Program Files\Viewpoint\

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1297499c-f050-11dd-b1a2-00148512bd9f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36c01534-032d-11db-bd6a-00148512bd9f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c45a6e8-ae54-11dd-b132-00148512bd9f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d698c5-3ef6-11dc-800a-00148512bd9f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb80d40c-bb83-11dc-811f-00148512bd9f}]


# 儲存--->存檔類型--->所有檔案-->檔名輸入為 CFScript.txt
# 把CFScript.txt 拉到 ComboxFix.exe

# ComboxFix 將會被執行
# 執行完會有報告於C:\ComboFix.txt.

Step: Report Back


    * 貼上 以下報告
    * 如果報告太長,可以上傳到 http://www.sendspace.com

    * ComboFix 掃描報告 {C:\ComboFix.txt}

[ 本帖最後由 無恥之徒 於 2009-2-15 01:17 AM 編輯 ]






「君不須防人不肖、眼前鬼卒皆為妖、秦王徒把長城築、禍去禍來因自招。」

勢不可去盡,話不可說盡,福不可享盡,規矩不可行盡,凡事太盡,緣分勢必早盡!

TOP

回覆 8# 的帖子

您好~
謝謝您的回覆

我有一個本機硬碟(C, 80GB, NTFS
同埋一個內置硬碟(G, 40GB, NTFS
唔係分partition, 而係兩舊實體上分開既HardDisk

USB方面我插左一隻眼仔

ComboFix Log:
http://www.sendspace.com/file/nksz9k

而家開到IE,唔會自動關,
但停留左晌"連線中"既畫面
如果我晌網址列打網址,
例如www.discuss.com.hk,
再按Enter,
就會成個IE關左,然後出左以下既畫面:
http://www.sendspace.com/file/99vg3r

謝謝您的幫忙!!!



實用相關搜尋: Spa

TOP

我都唔太肯定這個註冊碼係唔係有問題, 所以您先將註冊表匯出做Backup.reg

開始>>執行>>regedit

檔案>>匯出>>儲存為Backup.reg

萬一刪錯了, 匯入Backup.reg便可還原.


開啟記事本, 貼上以下文字

FileDelete()
Begin
%Alldrive%\autorun.inf
%Alldrive%\qxe.exe
%Alldrive%\9b8kmipy.com
%Alldrive%\ju.bat
%Alldrive%\il0byu3h.com
%Alldrive%\23ft.exe
End
RegKeyDelete()
Begin
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7b0fb4a-8dfd-11dc-80ba-00148512bd9f}
End
CurrentFunction()
Begin
DelTmpFile
HostsFileReset
End


儲存--->存檔類型--->所有檔案-->檔名輸入為 Fix.us
    * 把 Fix.us 拉到 Uanishc.exe 放開
    * 把 Fix.us.uspt 拉到 Uanish.exe 放開
    * 假如程式要求重新啟動電腦, 按 確認
    * 報告會存放於UanishCMD文件夾內report.txt



實用相關搜尋: Spa Software Microsoft 電腦
「君不須防人不肖、眼前鬼卒皆為妖、秦王徒把長城築、禍去禍來因自招。」

勢不可去盡,話不可說盡,福不可享盡,規矩不可行盡,凡事太盡,緣分勢必早盡!

TOP

樓主, IE8暫時不太穩定, 建議修復或重裝IE7.

Step: Uninstall ComboFix
開始>執行> 打入 combofix /u >確定

下載GooredFix存放在桌面
http://jpshortstuff.247fixes.com/GooredFix.exe
選擇2. Fix Goored, 輸入2按Enter.
Make sure all instances of Firefox are closed at this point.
輸入y按Enter.
報告GooredLog.txt將生成在桌面, 貼上報告內容.
注意: 如果GooredFix要求重新啟動修改註冊表內容.



實用相關搜尋: Spa
「君不須防人不肖、眼前鬼卒皆為妖、秦王徒把長城築、禍去禍來因自招。」

勢不可去盡,話不可說盡,福不可享盡,規矩不可行盡,凡事太盡,緣分勢必早盡!

TOP

謝謝您的回覆?
請問我應怎樣修復IE7?
我試過晌桌面既IE捷徑right click,
選"網際網路選項",但就出現以下既畫面
http://www.sendspace.com/file/kkz5br

*************************

Fix.uspt既report:

刪除注冊鍵
[#]成功 HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7b0fb4a-8dfd-11dc-80ba-00148512bd9f}

流動功能
[#]成功 刪除臨時文件 -> SysTmp
[#]成功 刪除臨時文件 -> InternetTmp
[#]成功 刪除臨時文件 -> RecycleBin
[#]成功 Hosts檔案重置

******************

GooredLog 既report:

GooredFix v1.91 by jpshortstuff
Log created at 22:23 on 15/02/2009 running Option #2 (Home)
Firefox version 3.0.6 (zh-TW)

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"



實用相關搜尋: Spa Software Java Microsoft

TOP

你現在可開回防毒軟件和系統還原.

控制台>>新增或移除程式>>新增/移除Windows元件, 應該在問您係要移除還是修復IE,有得選擇.







「君不須防人不肖、眼前鬼卒皆為妖、秦王徒把長城築、禍去禍來因自招。」

勢不可去盡,話不可說盡,福不可享盡,規矩不可行盡,凡事太盡,緣分勢必早盡!

TOP

試過重裝internet explorer,但情況一樣...剛剛試過click系統還原點知開唔到出現以下問題:http://www.sendspace.com/file/6ddsz0我係咪應該試下downgrade去IE6?但系統還原果度又點解會咁....請繼續幫幫小弟...謝謝!!!!

[ 本帖最後由 pangpcw 於 2009-2-16 01:34 AM 編輯 ]



實用相關搜尋: Spa

TOP

[隱藏]
下載iertutil dll
http://www.dll-files.com/dllindex/dll-files.shtml?iertutil
解壓去C:\windows\system32\

開始-執行-輸入regsvr32 iertutil.dll, 按[確定]

如果再唔解決唔到. 把Windows安裝光碟放入

開始-執行-輸入cmd, 按[確定]
SFC/SCANNOW



實用相關搜尋: Spa
「君不須防人不肖、眼前鬼卒皆為妖、秦王徒把長城築、禍去禍來因自招。」

勢不可去盡,話不可說盡,福不可享盡,規矩不可行盡,凡事太盡,緣分勢必早盡!

TOP

伸延閱讀
 18 12
 提示:支持鍵盤翻頁 ←左 右→ 發新話題發佈投票

重要聲明:本討論區是以即時上載留言的方式運作,香港討論區對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意 見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們。香港討論區有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ), 同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權 。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。


Copyright©2003- Discuss.com.hk Limited. All Right Reserved.
版權所有,不得轉載。