|
||
|
New Member
加入日期: Oct 2005
文章: 4
|
桌面會自動多出捷徑 and 會自動跳出多個英文網頁
各位大大,我電腦不知中了什麼毒,
有時候桌面會自動多出travel xxx,dating xxx,等網站的捷徑, 更嚴重的是,會不時跳出英文的網頁 大部分都是 http://www.super-coupon http://www.case-coupon http://ad.jamster http://www.searc-h.com等等系列的, 我有用ad-ware 跟 spybot掃過,可是還是治不了 我用hijack查機碼,但是我還是看不懂,想請看的懂的大大指示我要怎麼掃毒,謝謝 機碼放在下面網址.. Logfile of HijackThis v1.99.1 Scan saved at 上午 10:57:58, on 2005/11/23 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe C:\windows\adtech2005.exe C:\WINDOWS\System32\ctfmon.exe D:\帥哥宏\程式\MESSEN~1\ypager.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\PROGRA~1\NORTON~1\navw32.exe C:\PROGRA~1\NORTON~1\QServer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\KKman\kkman.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\unzipped\hijackthis\HijackThis.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] rem C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SiS KHooker] rem C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Super Rabbit SafeEdit] C:\Program Files\Super Rabbit\magicset\SRFC.EXE /Load O4 - HKLM\..\Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] D:\帥哥宏\程式\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab O16 - DPF: {3308C4F5-55A7-44CB-8211-EEF8D44A6EA7} (ERADMStart.StartControl) - http://www.im.tv/bbstart.ocx O16 - DPF: {35DC0C9A-C471-4910-8724-BA5514967E2F} (ERADMStart.StartControl) - http://www.im.tv/bbstart.ocx O16 - DPF: {3A835AF0-C223-4F83-A648-5A02F8FFEBFA} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.c...sharingctrl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com...es/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/194df2e37065c3...RdxIE601_tw.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1097600087468 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://211.79.170.21/plugin/1/AxisCamControl.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...ireShowdown.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads.../ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{74DF20CE-38C2-4C92-8F71-5373B9A943A7}: NameServer = 168.95.192.1 168.95.1.1 O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\j40s0ed7eh0.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus 自動防護服務 (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\T_ENTE~1\app\pppoeservice.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|||||||
2005-11-23, 11:17 AM
#1
|
|
|
Junior Member
  加入日期: Jun 2003 您的住址: 高雄市
文章: 945
|
先用線上掃毒看看,不行再說...
__________________
世上沒有對與錯,只是時間和空間... 緣起不滅,一切隨緣 |
||
|
2005-11-23, 11:25 AM
#2
|
|
|
New Member
加入日期: Oct 2005
文章: 4
|
你好,樓上大大
大大,我有用線上掃毒,但是掃完了以後還是一樣,
我也有用ad-ware,跟spybot 掃了n次.. 有掃到東西,也fix了... 但****網頁還是會跳出來.. 麻煩了... |
|
2005-11-23, 03:02 PM
#3
|
|
|
Regular Member
 加入日期: Nov 2005
文章: 74
|
看起來像是網頁被綁了,若不想重灌。可以先暫用另一個瀏覽器軟體(例mxie)
|
|
2005-11-23, 03:22 PM
#4
|
|
|
Junior Member
加入日期: Jun 2003 您的住址: 高雄市
文章: 945
|
是這3個嗎?
Cheap Holiday Travel Free Online Music Online Dating 軟體名稱應該是Ezula 看看工作管理員裡面,EZ開頭的程式 參考http://www.spyany.com/program/article_spw_rm_eZuLa.html 這是英文網站,有教學... 1.Go to START > Settings > Control Panel 2.Double-click Add/Remove Programs, Select TopText iLookup , Click uninstall, follow the on screen instructions. 3.Restart your computer. 4.Find the file stub.exe or ezstub.exe. Open a Dos command prompt (from Start > Program > Accessory)., type the following commands: cd %WinDir%\SYSTEM\ (Replace it with the directory stub.exe or ezstub.exe is in) stub.exe -UnregServer del stub.exe or ezstub.exe -UnregServer del ezstub.exe 5.Search the file ezulaboot.dll. You'll find it in Windows' Downloaded Programs folder. 6.Open a command prompt and go to the directory ezulaboot.dll is in, type the following command: regsvr32 -u ezulaboot.dll del ezulaboot.* eZula component is now removed from your system. Remove spyware using PestPatrol
__________________
世上沒有對與錯,只是時間和空間... 緣起不滅,一切隨緣 |
|
2005-11-23, 04:35 PM
#5
|
|
|
New Member
加入日期: Oct 2005
文章: 4
|
樓上大大.是那三個沒錯...
不過我沒看到你說的程式耶... |
|
2005-11-24, 11:24 PM
#6
|
|
|
Junior Member
加入日期: Jun 2003 您的住址: 高雄市
文章: 945
|
上面有一行是 C:\WINDOWS\System32\ezSP_Px.exe,這個比較可疑...
__________________
世上沒有對與錯,只是時間和空間... 緣起不滅,一切隨緣 |
|
2005-11-24, 11:59 PM
#7
|
|
