|
查看: 1547|回复: 6
|
[間諜:求助] 如何刪除?
[复制链接]
|
|
|
Logfile of HijackThis v1.97.7
Scan saved at 21:52:00, on 2004-4-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\reg32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
F:\Spyware\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QT4StBtn] C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/p ... s/flash/swflash.cab
麻烦你了!! 情况是spybot无法更新(才下载不久),antivirus无法更新,IE无法进入网站。。。
还有,谁有xoftspy的crack可以分享?? |
|
|
|
|
|
|
|
|
|
|
|
发表于 20-4-2004 05:55 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 21-4-2004 12:19 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 21-4-2004 05:02 PM
|
显示全部楼层
mclee 于 19/4/2004 10:01 PM 说 :
Logfile of HijackThis v1.97.7
Scan saved at 21:52:00, on 2004-4-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS ...
打開 TaskManager (即按 CTRL-ALT-DEL)
然后按 PROCESSES TAB,關閉 (End Task) 掉:
reg32.exe
然后刪除以下的:
C:\WINDOWS\reg32.exe <- 這檔案
重新啓動電腦,看看是否解決了! |
|
|
|
|
|
|
|
|
|
|
|
发表于 8-5-2004 12:34 AM
|
显示全部楼层
我的也被http://www.15666.com/骑劫了起,请friends帮帮忙,感激不尽。
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS\INTRENAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ESSOLO.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\DUDU\DDDCLIENT\DUDUACCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\DUDU\DDDCLIENT\DUDUPROSVC.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.15666.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.15666.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.15666.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = --»¶Ó­·ÃÎÊ ibmp3.com--
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.hotmail.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.15666.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.15666.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.15666.com
R3 - URLSearchHook: BDSrchHook Class - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\DOWNLO~1\BDSRHOOK.DLL
O2 - BHO: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\DOWNLO~1\BDSRHOOK.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ESSOLO] ESSOLO.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [Intrenat] C:\WINDOWS\intrenat.exe
O4 - HKLM\..\Run: [BIE] Rundll32.exe C:\WINDOWS\DOWNLO~1\BDSRHOOK.DLL,Rundll32
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [dddclient] C:\Program Files\DuDu\DddClient\DuDuAccsvc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [W1N32] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [VidSvr]
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [Intrenat] C:\WINDOWS\intrenat.exe
O4 - HKCU\..\Run: [] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
O4 - HKLM\..\RunOnce: [W1N32] c:\windows\system32\$WIN32$\WIN32SQL.vbs
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: FOLDER.HTT
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: FOLDER.HTT
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm339
O8 - Extra context menu item: &ʹÓÃDuDu ¼ÓËÙÆ÷ÏÂÔØ - res://C:\PROGRA~1\DUDU\DDDCLI~1\DDDIEMON.DLL/202
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: °Ù¶ÈËÑË÷°é (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O11 - Options group: [!IESearch] !IESearch
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/p ... s/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsof ... AB?38011.9643171296
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbi ... -us/tools/mcfscan/1,5,0,4317/mcfscan.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} (BDSrchHook Class) - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/noc ... ialSetup1.0.0.8.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {8135EF31-FE8C-4C6E-A18A-F59944C3A488} (Spocx Class) - http://ddddl.dudu.com/ddd/channel/spockx-channel.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm2002/oneclick/TMSetup.cab
O16 - DPF: {2873FCBD-7894-4814-8502-8EF052C643D4} (TypingMaster Intra) |
|
|
|
|
|
|
|
|
|
|
|
发表于 9-5-2004 07:22 PM
|
显示全部楼层
if 于 8/5/2004 12:34 AM 说 :
我的也被http://www.15666.com/骑劫了起,请friends帮帮忙,感激不尽。
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C: ...
關閉所有程式,執行 HijackThis,掃描一次,打勾以下的,按 CHECKED FIX :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.15666.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.15666.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.15666.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.15666.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = --»¶Ó­·ÃÎÊ ibmp3.com--
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.hotmail.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.15666.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.15666.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.15666.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.15666.com
R3 - URLSearchHook: BDSrchHook Class - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\DOWNLO~1\BDSRHOOK.DLL
O2 - BHO: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\DOWNLO~1\BDSRHOOK.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL
O4 - HKLM\..\Run: [Intrenat] C:\WINDOWS\intrenat.exe
O4 - HKLM\..\Run: [BIE] Rundll32.exe C:\WINDOWS\DOWNLO~1\BDSRHOOK.DLL,Rundll32
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [dddclient] C:\Program Files\DuDu\DddClient\DuDuAccsvc.exe
O4 - HKLM\..\Run: [W1N32] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\RunServices: [Intrenat] C:\WINDOWS\intrenat.exe
O4 - HKCU\..\Run: [] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
O4 - HKLM\..\RunOnce: [W1N32] c:\windows\system32\$WIN32$\WIN32SQL.vbs
O4 - Startup: FOLDER.HTT
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: FOLDER.HTT
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm339
O8 - Extra context menu item: &ʹÓÃDuDu ¼ÓËÙÆ÷ÏÂÔØ - res://C:\PROGRA~1\DUDU\DDDCLI~1\DDDIEMON.DLL/202
O9 - Extra button: °Ù¶ÈËÑË÷°é (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O11 - Options group: [!IESearch] !IESearch
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} (BDSrchHook Class) - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/noc ... ialSetup1.0.0.8.cab
重新啓動電腦,刪除以下的:
C:\PROGRAM FILES\MYWEBSEARCH <-- 這文件夾 (Folder)
C:\Program Files\DuDu <-- 這文件夾 (Folder)
C:\PROGRAM FILES\DASHBAR <-- 這文件夾 (Folder)
C:\WINDOWS\intrenat.exe <-- 這檔案 (File)
C:\WINDOWS\DOWNLO~1 <-- 這文件夾 (Folder)
c:\windows\system32\$WIN32$ <-- 這文件夾 (Folder)
C:\Program Files\Common Files\GMT <-- 這文件夾 (Folder)
C:\Program Files\PrecisionTime <-- 這文件夾 (Folder)
C:\Program Files\Date Manager <-- 這文件夾 (Folder)
重新啓動電腦,下載并更新 SpyBot S&D,作出掃描一次。
亦更新病毒庫,作出掃描一次。
重新啓動電腦,然后回貼新的 HijackThis Log。 |
|
|
|
|
|
|
|
|
|
|
|
发表于 11-5-2004 06:40 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
2600 
58
