請問各位大大,當我開機時,我的fx也會自動被開啟到這個網站;http://open.369ip.com/union2.htm 有沒有辦法有效的結決這個問題呀?
麻煩你們了,謝謝
| MozTW 討論區 https://forum.moztw.org/ |
|
| firefox會被自動開啟到http://open.369ip.com/union2.htm https://forum.moztw.org/viewtopic.php?f=2&t=14623 |
第 1 頁 (共 2 頁) |
| 發表人: | rhlb1220 [ 2006-06-19, 23:50 ] |
| 文章主題 : | firefox會被自動開啟到http://open.369ip.com/union2.htm |
電腦開機後,我的firefox會被自動開啟到http://open.369ip.com/union2.htm,試過好幾種掃毒.木馬程式(包括Spybot, ad-aware)都沒有用,也試過從登錄編輯器尋找http://open.369ip.com/union2.htm,但也找不到,請問板上的前輩們有什麼方法解決? 謝謝! |
|
| 發表人: | parisian [ 2006-06-20, 00:28 ] |
| 文章主題 : | |
還要檢查幾個地方: 一、「所有程式」-->「啟動」裡面有沒有被寫入。 二、設定裡看一下「網路連線」-->「區域網路」的DNS有沒有被修改(這個很常見,被指向假的DNS)。 三、Hosts檔(沒副檔名的隱藏檔)有沒有被寫入不明IP。 查你電腦裡有沒有這個位址:85.10.194.170 試看看,我只想到這些… |
|
| 發表人: | tonyxfg [ 2006-06-20, 01:20 ] |
| 文章主題 : | |
糟糕... 火狐終於也被綁走了嗎... 這真是一個大警訊啊... |
|
| 發表人: | parisian [ 2006-06-20, 01:27 ] |
| 文章主題 : | |
tonyxfg 寫: 糟糕...
火狐終於也被綁走了嗎... 這真是一個大警訊啊... 綁的方法很多,最通用的就是修改你系統裡的DNS指向一向虛設的服務器,那個DNS Server不是真的轉譯服務器,而是不管你什麼網址丟給它轉譯,它都把你轉成特定的幾個廣告IP位址。 這種綁法關鍵不是在瀏覽器本身,是系統的DNS被改寫,我排除過的個案中,這種情況是比較多。尤其XP有Hotfix,改完馬上就能用,也不必插入光碟,也不必重啟電腦,神不知鬼不覺。 |
|
| 發表人: | rexlien [ 2006-07-03, 17:29 ] |
| 文章主題 : | |
請問各位大大,當我開機時,我的fx也會自動被開啟到這個網站;http://open.369ip.com/union2.htm 有沒有辦法有效的結決這個問題呀? 麻煩你們了,謝謝
|
|
| 發表人: | parisian [ 2006-07-03, 19:10 ] |
| 文章主題 : | |
rexlien 寫: 請問各位大大,當我開機時,我的fx也會自動被開啟到這個網站;http://open.369ip.com/union2.htm 有沒有辦法有效的結決這個問題呀?
麻煩你們了,謝謝 前面也沒反饋消息。你還是先把HijackThis貼上來大伙瞧瞧吧! |
|
| 發表人: | Amauds [ 2006-07-03, 19:10 ] |
| 文章主題 : | |
修改Hosts檔, 加入 127.0.0.1 http://open.369ip.com/union2.htm 存檔後將該檔改成唯讀。 重開機。 |
|
| 發表人: | rexlien [ 2006-07-03, 19:26 ] |
| 文章主題 : | |
Amauds 寫:
請問hosts 檔要在哪裡修改呀? 
|
|
| 發表人: | 筆筆 [ 2006-07-03, 19:56 ] |
| 文章主題 : | |
rexlien 寫:
開始 執行 %SystemRoot%\system32\drivers\etc\hosts 確定 |
|
| 發表人: | rexlien [ 2006-07-03, 20:32 ] |
| 文章主題 : | |
parisian 寫: rexlien 寫: 請問各位大大,當我開機時,我的fx也會自動被開啟到這個網站;http://open.369ip.com/union2.htm 有沒有辦法有效的結決這個問題呀? 麻煩你們了,謝謝 前面也沒反饋消息。你還是先把HijackThis貼上來大伙瞧瞧吧! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Colorful SmartVGA\Colordesk.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\LSASS.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\ASUS\Ai Booster\OverClk.exe C:\Documents and Settings\Rex\Desktop\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [colorful] C:\Program Files\Colorful SmartVGA\Colordesk.exe O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
| 發表人: | parisian [ 2006-07-03, 21:16 ] |
| 文章主題 : | |
進安全模式把這個砍掉: C:\Program Files\AlienGUIse\fastload.dll |
|
| 發表人: | rexlien [ 2006-07-04, 02:55 ] |
| 文章主題 : | |
感謝各位大大,不過以上方法都不適用,呵呵.... 我已重裝了,先謝謝了... |
|
| 發表人: | parisian [ 2006-07-04, 04:08 ] |
| 文章主題 : | |
rexlien 寫: 感謝各位大大,不過以上方法都不適用,呵呵....
我已重裝了,先謝謝了... 我沒有抓到fastload.dll的主控端執行檔吧…幸苦了! |
|
| 發表人: | getghost [ 2006-08-09, 23:39 ] |
| 文章主題 : | |
我也中了相同的木馬 
我用卡巴殺了64個木馬。 不過IE裡竟然有一個色情廣告,情況就像上方各位大大所講的差不多。我想應該也是DNS的關係(我曾經在QQ中透露了DNS  )
HijackThis Logfile of HijackThis v1.99.1 Scan saved at 下午 11:42:16, on 2006/8/9 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\VTTimer.exe D:\Program Files\Filseclab\xfilter\xfilter.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\ewido anti-spyware 4.0\guard.exe D:\Program Files\Raxco\PerfectDisk\PDSched.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\Tencent\QQ\QQ.exe D:\WINDOWS\system32\conime.exe D:\Documents and Settings\Administrator\桌面\hijackthis\HijackThis.exe F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CgaLcode Class - {8CAD8D13-4D40-3E10-03A1-D914E3494F49} - D:\WINDOWS\DOWNLO~1\rflcsez.dll (file missing) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - D:\PROGRA~1\ALiBaBar\ALiBaBar.dll O2 - BHO: Plugin369 - {F52A94F5-A3CC-40DA-BCD7-222282E01406} - D:\WINDOWS\system32\369.dll O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - D:\PROGRA~1\ALiBaBar\ALiBaBar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [XFILTER] "D:\Program Files\Filseclab\xfilter\xfilter.exe" -a O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 全部使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://D:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://D:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim O8 - Extra context menu item: 新增到QQ自定義面板 - D:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - D:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://D:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://D:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://hd.xhnet.tv/install.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D78DCE71-9609-4D0D-B7CA-4D17603D3613}: NameServer = 202.180.160.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing) O23 - Service: OPFSVC - Unknown owner - D:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe (file missing) O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Personal Firewall - Unknown owner - D:\Program Files\Omniquad Total Security\OPF\pfsvc.exe (file missing) THX!
|
|
| 發表人: | parisian [ 2006-08-10, 07:45 ] |
| 文章主題 : | |
getghost 寫: 我也中了相同的木馬 我用卡巴殺了64個木馬。 不過IE裡竟然有一個色情廣告,情況就像上方各位大大所講的差不多。我想應該也是DNS的關係(我曾經在QQ中透露了DNS )向別人透露DNS並不會怎樣的你放心,任何DNS都可以透過被木馬或病毒加以改寫讓你正常的瀏覽被轉向。倒是觀看來路不明的rm檔要小心,我是不清楚real media對於rm可以夾帶木馬和毒病的這件事解決了沒有。 getghost 寫: HijackThis
Logfile of HijackThis v1.99.1 Scan saved at 下午 11:42:16, on 2006/8/9 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\VTTimer.exe D:\Program Files\Filseclab\xfilter\xfilter.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\ewido anti-spyware 4.0\guard.exe D:\Program Files\Raxco\PerfectDisk\PDSched.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\Tencent\QQ\QQ.exe D:\WINDOWS\system32\conime.exe D:\Documents and Settings\Administrator\桌面\hijackthis\HijackThis.exe F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CgaLcode Class - {8CAD8D13-4D40-3E10-03A1-D914E3494F49} - D:\WINDOWS\DOWNLO~1\rflcsez.dll (file missing) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - D:\PROGRA~1\ALiBaBar\ALiBaBar.dll O2 - BHO: Plugin369 - {F52A94F5-A3CC-40DA-BCD7-222282E01406} - D:\WINDOWS\system32\369.dll O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - D:\PROGRA~1\ALiBaBar\ALiBaBar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [XFILTER] "D:\Program Files\Filseclab\xfilter\xfilter.exe" -a O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 全部使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://D:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://D:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim O8 - Extra context menu item: 新增到QQ自定義面板 - D:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - D:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://D:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://D:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\cn_spi.dll O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://hd.xhnet.tv/install.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D78DCE71-9609-4D0D-B7CA-4D17603D3613}: NameServer = 202.180.160.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing) O23 - Service: OPFSVC - Unknown owner - D:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe (file missing) O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Personal Firewall - Unknown owner - D:\Program Files\Omniquad Total Security\OPF\pfsvc.exe (file missing) 上面紅色那兩個是肯定要砍掉的。黃色的那個NameServer有點可疑,不清楚它是連到香港的哪一台服務器,看是不是把它單獨匯出備份後先砍掉。砍掉它可能會影響某個正常的CSS訂閱,但最好還是再重新建立一次新的訂閱會比較安全。 另外由於你的病毒被掃毒軟件砍殺過,reg裡面現在存有很多missing的連結,可以用超級兔子或是RegCleaner把它斷失的機碼做一次自動清理。 希望這樣能對你的問題有所改善。 對了…砍掉cn_spi.dll之前,建議要先在網路上找到Winsock修復器(例如WinsockXPFix),把修復器先下載下來,也把它的操作方法copy下來。cn_spi.dll被砍掉之後也有可能會造成Winsock受損無法連網。 還有一點,檢查一下你%Windir%\system32\Drivers\etc\hosts這個檔案。如果你先前有自己建立,用寫字版把它打開,看裡面除了127.0.0.1那行下面還有沒有寫上別的東西,把那些不是自己寫上的都清掉。如果你並不曾自己建立hosts檔,就把它整個砍掉,這個檔案所建立的解譯優先權,是高於DNS服務器提供的解譯。 |
|
| 第 1 頁 (共 2 頁) | 所有顯示的時間為 UTC + 8 小時 |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|