2000FUN論壇

標題: 未解決呀= =" [打印本頁]

---

作者: 影月＊    時間: 06-11-3 11:57 PM     標題: 未解決呀= ="

Logfile of HijackThis v1.99.1
Scan saved at 23:55:45, on 2006/11/3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ieupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {3441C39E-8BBE-4D9F-D681-56B2CBD1CBC2} - C:\DOCUME~1\gersang\APPLIC~1\showamen\dog four.exe (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O9 - Extra button: 浩方??平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Documents and Settings\gersang\桌面\HFGame3\GameClient.exe (file missing)
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3C46E1D-4929-4FE8-853E-5CD43938047D} - http://222.239.77.92/program/install/g2.cab
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - (no file)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ineterner Explorer Update Services (updateservice) - Unknown owner - C:\WINDOWS\system32\ieupsvc.exe


spoolsv.exe整到部機cpu使用率100%所以我關左- -"


唔該哂thx

[ 本帖最後由 影月＊ 於 2006-11-6 10:49 PM 編輯 ]

---

作者: uhthn2002    時間: 06-11-4 12:01 AM

關閉瀏覽器,開啟HijackThis 按do a system scan only勾選以下內容:
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {3441C39E-8BBE-4D9F-D681-56B2CBD1CBC2} - C:\DOCUME~1\gersang\APPLIC~1\showamen\dog four.exe (file missing)
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O9 - Extra button: 浩方平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Documents and Settings\gersang\桌面\HFGame3\GameClient.exe (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/mess ... essenger.yahoo.com/ (file missing)
O16 - DPF: {C3C46E1D-4929-4FE8-853E-5CD43938047D} - http://222.239.77.92/program/install/g2.cab
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - (no file)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ineterner Explorer Update Services (updateservice) - Unknown owner - C:\WINDOWS\system32\ieupsvc.exe
按 fix checked

刪除C:\WINDOWS\system32\ieupsvc.exe

---

作者: 影月＊    時間: 06-11-4 12:11 AM

整左啦.........仲有我唔知點解cpu使用率成日100- -"
關唔關spoolsv.exe事- -"
我開工作管理員關左就冇事- -"

---

作者: uhthn2002    時間: 06-11-4 12:24 AM

.............spoolsv.exe 染毒了嗎?
使用  Kaspersky Online Scanner :
http://www.kaspersky.com/virusscanner
1. 按 Kaspersky Online Scanner--->Accept
2. 之後 Kaspersky Online Scanner 會進行安裝及更新,完成後按 Next
3. 按 Scan Settings--->extended---> Ok
4. 按 My Computer 進行掃描.
5. 掃描結束後,按 Save Report As 儲存Kaspersky Online Scanner 掃描報告

之後貼上Kaspersky Online Scanner 掃描報告上來

---

作者: 影月＊    時間: 06-11-4 12:34 AM

找不到伺服器- -""""""

---

作者: uhthn2002    時間: 06-11-4 12:45 AM

用呢個
下載 Dr.Web CureIT!

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
---------------------------------
執行 Dr.Web CureIT!


按 Start

按確定進行 Express Scan
完成 Express Scan 後點選本機磁碟 ( C : )，然後按箭咀圖示進行掃描.
假如 Dr.Web CureIT! 發現問題，按 Yes to All
完成掃描後，關閉 Dr.Web CureIT!


注意: Dr.Web CureIT! 會將掃描記錄儲存於以下位罝:

C:\Documents and Settings\你的帳戶\DoctorWeb\CureIt.log

把CureIt.log內容全選貼上來
-------------------------------------
開始 > 執行 > 貼上以下內容 > 確定

---

作者: 影月＊    時間: 06-11-4 01:13 AM

掃左好耐- -'''''
唔好訓住-v-
fix checked之後就得?

---

作者: uhthn2002    時間: 06-11-4 01:17 AM

log 在那????

---

作者: 影月＊    時間: 06-11-4 01:17 AM

咩野log?- -"
哦- -
e家得16%- -
so叫你唔好訓住- -

---

作者: uhthn2002    時間: 06-11-4 01:21 AM

我冇咁早訓-.-""放心

---

作者: 影月＊    時間: 06-11-4 01:24 AM

@@@@@@@@@@@@@@@@@@@@@@@@@@@
宥野彈出來@@@@@"
C:\Documents and Settings\0-0\Local Settings\Temporary Internet Files\Content.IE5\K1IR8P2Z\popup[1].htm
infected with  trojan.click.1394
cure?
yes                   yes to all                          no                       no to all

---

作者: maxmaxddr    時間: 06-11-4 01:34 AM

C:\Documents and Settings\0-0\Local Settings\Temporary Internet Files\Content.IE5\K1IR8P2Z\popup[1].htm
好似係廣告個d木馬黎
之前我都中過,用卡把擋左

---

作者: uhthn2002    時間: 06-11-4 01:43 AM

YES TO ALL =-= 我上面有寫

---

作者: 影月＊    時間: 06-11-4 11:16 AM

[Scan path] C:\
C:\hiberfil.sys - read error
C:\Documents and Settings\0-0\NTUSER.DAT - read error
C:\Documents and Settings\0-0\NTUSER~1.LOG - read error
C:\Documents and Settings\0-0\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\0-0\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\0-0\Local Settings\Temporary Internet Files\Content.IE5\K1IR8P2Z\popup[1].htm infected with Trojan.Click.1394 - deleted
C:\Documents and Settings\0-0\Local Settings\Temporary Internet Files\Content.IE5\K1IR8P2Z\popup[2].htm infected with Trojan.Click.1394 - deleted
C:\Documents and Settings\0-0\Local Settings\Temporary Internet Files\Content.IE5\K1IR8P2Z\popup[3].htm infected with Trojan.Click.1394 - deleted
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5CTBJS5S\UpSchAS[1].exe infected with Trojan.DownLoader.10941 - deleted
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Program Files\GameFlier\Ghostonline\interface\Guild\01_~1.BMP - read error
C:\Program Files\GameFlier\Ghostonline\interface\Guild\01_~1.BMP - read error
>C:\Program Files\WinRAR\Dos.SFX>C:\WINDOWS\IFinst25.exe infected with BackDoor.Ifinst - deleted
C:\WINDOWS\system32\CodeLib.dll is adware program Adware.Cdn
C:\WINDOWS\system32\hookdll.dll is adware program Adware.Cdn
C:\WINDOWS\system32\nsp.dll is adware program Adware.Cdn
C:\WINDOWS\system32\system_yes.dll infected with Trojan.DownLoader.12546 - deleted
C:\WINDOWS\system32\wbapiex.dll is adware program Adware.Sinabar
C:\WINDOWS\system32\zunins.exe is adware program Adware.Cdn
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 97751
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 5
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 2
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 333 Kb/s
Scan time: 01:40:01
-----------------------------------------------------------------------------

Scanning interrupted by user! - viruses found
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 97751
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 5
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 2
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 333 Kb/s
Scan time: 01:40:01
=============================================================================

---

作者: uhthn2002    時間: 06-11-4 11:24 AM

如發現以下檔案 刪除
C:\WINDOWS\system32\CodeLib.dll
C:\WINDOWS\system32\hookdll.dll
C:\WINDOWS\system32\nsp.dll
C:\WINDOWS\system32\system_yes.dll
C:\WINDOWS\system32\wbapiex.dll
C:\WINDOWS\system32\zunins.exe

之後re機 睇下ok未

如果重係唔得既就
下載 http://www.kztechs.com/sreng/sreng2.zip
解壓並執行SREng.exe
按 Smart Scan,確認已選取所有項目,按 Scan
最後,按 Save Reports ----> 儲存到桌面, SREngLOG.log

將SREngLOG.log send,到 uhthn2002@yahoo.com.hk
標題以會員名字 顯示

---

作者: 影月＊    時間: 06-11-4 11:47 AM

SEND左比你啦-3-
你係咪冇訓過- -

---

作者: uhthn2002    時間: 06-11-4 12:27 PM

訓左一個鐘lu-.-" 算唔算訓過

1執行 SREng.exe --> Boot Items ---> Registry
逐一選取以下項目名稱 ----> 按 Delete ----> Yes

<{69B9C68D-B256-4B43-8976-AE7F53D090EC}>
<16 2 Bone Hole>
<ADScan>
<CnsMin>
<ezurl>
<G2>
<mstcenter>
<PCRPopup>
<PC_Radar>
<TITLE HECK>


2執行 SREng.exe --> Boot Items ---> Services ---> WIN32Services
Hide verified Microsoft items ---> 逐一選取以下項目名稱 ----> Delete service ----> Set ---> 按 No

[SearchAS Match Services / asksrvc]
[Ineterner Explorer Add Update Services / updatecheck]
[Ineterner Explorer Update Services / updateservice]



3執行 SREng.exe --> Boot Items ---> Services ---> Drivers
Hide verified Microsoft items ---> 逐一選取以下項目名稱 ----> Delete service ----> Set ---> 按 No

[EagleNT / EagleNT]
[Secdrv / Secdrv]


4執行 SREng.exe --> System Repair ---> Browser Add-ons
逐一選取以下項目名稱 ----> 按 Delete Selected ----> Yes

[ST]
[Little Fighter 2 Toolbar Helper]
[ICQ  Toolbar]
[ST]
[Little Fighter 2 Toolbar Helper]
[SearchAssistantOC]

--------------------------------------------------
複製以下粗黑文字

Files to delete:
C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.sys
C:\Documents and Settings\All Users\Application Data\upload bits 16 2\Trust itch.exe
C:\WINDOWS\mstcenter.exe
C:\DOCUME~1\gersang\APPLIC~1\16once\fork third.exe
C:\WINDOWS\DOWNLO~1\CnsMin.dll
C:\WINDOWS\system32\ieupsvc.exe
C:\WINDOWS\system32\drivers\EagleNT.sys
C:\Program Files\ICQToolbar\toolbaru.dll

Folders to delete:
C:\Program Files\ADScan
C:\Program Files\ezurl
C:\Program Files\G2
C:\Program Files\Little Fighter 2 Toolbar

下載 The Avenger http://swandog46.geekstogo.com/avenger.zip ,儲存到桌面並解壓出來
執行 The Avenger , 按 Input script manually 再按 放大鏡
按 Ctrl + V/右click貼上剛才複製的內容 ,按 Done ,按 綠燈 開始,當有提示彈出, 按 Yes 兩次
The Avenger 會重新啟動你的電腦大約一至兩次,如果重新啟動時有黑色視窗彈出,這是正常情況
當重新啟動後,把 C:\avenger.txt 的內容貼上來,掃個新的HijackThis上來

---

作者: 影月＊    時間: 06-11-4 12:44 PM

個記事我關左- -
邊到有得搵- -

---

作者: uhthn2002    時間: 06-11-4 12:46 PM

整完之後 你貼晒 d log上黎
我而家要出一出去  我返到黎 再跟進

---

作者: 影月＊    時間: 06-11-4 12:46 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:47:30, on 2006/11/4
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [16 2 Bone Hole] ; C:\Documents and Settings\All Users\Application Data\upload bits 16 2\Trust itch.exe
O4 - HKLM\..\Run: [ccApp] ; C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [HotKeysCmds] ; C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ICQ Lite] ; C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [IgfxTray] ; C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] ; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSPY2002] ; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NMGameX_AutoRun] ; C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] ; C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [foxy] ; "C:\Program Files\Foxy\Foxy.exe" -tray
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

---

作者: uhthn2002    時間: 06-11-4 12:47 PM

你想問咩=-=~~~ sreng???

---

作者: 影月＊    時間: 06-11-4 12:48 PM

The Avenger 彈出來個記事簿我關左,,係邊搵得返,唔係我點比你呀- -"""""

---

作者: uhthn2002    時間: 06-11-4 12:55 PM

C:\avenger.txt

---

作者: 影月＊    時間: 06-11-4 01:00 PM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cetulbkd

*******************

Script file located at: \??\C:\WINDOWS\system32\xebjarlb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.sys not found!
Deletion of file C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.sys failed!

Could not process line:
C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.sys
Status: 0xc0000034



File C:\Documents and Settings\All Users\Application Data\upload bits 16 2\Trust itch.exe not found!
Deletion of file C:\Documents and Settings\All Users\Application Data\upload bits 16 2\Trust itch.exe failed!

Could not process line:
C:\Documents and Settings\All Users\Application Data\upload bits 16 2\Trust itch.exe
Status: 0xc0000034

File C:\WINDOWS\mstcenter.exe deleted successfully.


Could not open file C:\DOCUME~1\gersang\APPLIC~1\16once\fork third.exe for deletion
Deletion of file C:\DOCUME~1\gersang\APPLIC~1\16once\fork third.exe failed!

Could not process line:
C:\DOCUME~1\gersang\APPLIC~1\16once\fork third.exe
Status: 0xc000003a



File C:\WINDOWS\DOWNLO~1\CnsMin.dll not found!
Deletion of file C:\WINDOWS\DOWNLO~1\CnsMin.dll failed!

Could not process line:
C:\WINDOWS\DOWNLO~1\CnsMin.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ieupsvc.exe not found!
Deletion of file C:\WINDOWS\system32\ieupsvc.exe failed!

Could not process line:
C:\WINDOWS\system32\ieupsvc.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\EagleNT.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\EagleNT.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\EagleNT.sys
Status: 0xc0000034



Could not open file C:\Program Files\ICQToolbar\toolbaru.dll for deletion
Deletion of file C:\Program Files\ICQToolbar\toolbaru.dll failed!

Could not process line:
C:\Program Files\ICQToolbar\toolbaru.dll
Status: 0xc000003a

Folder C:\Program Files\ADScan deleted successfully.
Folder C:\Program Files\ezurl deleted successfully.


Folder C:\Program Files\G2 not found!
Deletion of folder C:\Program Files\G2 failed!

Could not process line:
C:\Program Files\G2
Status: 0xc0000034



Folder C:\Program Files\Little Fighter 2 Toolbar not found!
Deletion of folder C:\Program Files\Little Fighter 2 Toolbar failed!

Could not process line:
C:\Program Files\Little Fighter 2 Toolbar
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.

---

作者: maxmaxddr    時間: 06-11-4 01:29 PM

佢四點鐘度返來
你出去行陣街或打陣機食下野休息下先
02版大四點回來解答你

---

作者: 影月＊    時間: 06-11-4 03:57 PM

仲未返來/.\...............

---

作者: uhthn2002    時間: 06-11-4 04:39 PM

刪除
C:\Avenger

情況如何

---

作者: 影月＊    時間: 06-11-4 04:49 PM

E家要刪左佢?
沒有變 --

---

作者: uhthn2002    時間: 06-11-4 05:20 PM

我想問 係邊個程式 100%佔用

---

作者: maxmaxddr    時間: 06-11-4 05:46 PM

用呢個看看有咩程式有問題吧～

Icesword
對岸號稱斬殺木馬的利器，在國外也是很有名的一款軟體。主要功用為結束進程、查找後門、Rookit、強制刪除登錄機碼。建議使用英文版。

下載頁面

使用木馬樣本測試，該木馬會在C:/womdows/system/ 生成service.exe


1..      使用icesword可以查看正在執行的程序。

windows自帶的工作管理員沒有顯示程序



切換到process頁面，icesword偵測到執行中隱藏的木馬程式，以紅色標示。右鍵點選此程式，選擇Terminate process可以中止此木馬程式。



2.使用icesword 觀察隱藏中毒檔案
        
即使打開windows 隱藏檔案屬性，在C:/womdows/system/，仍然沒有辦法看到service.exe這支木馬。



使用icesword 切換到File，在C:/womdows/system/，找到service.exe這支隱藏木馬，右鍵點選delete即可刪除。



3.        強制刪除登錄機碼。切換到registry，找尋欲刪除的機碼，右鍵點選delete。



4.      Sometime,我們會碰到防毒軟體警報 *dll 文件無法清除，可以使用process explorer來找出掛鉤的程序，當然如果不是系統進程，直接結束再刪掉dll 就好了，可是process explorer 往往會告訴我們寄宿的程序為svchost.exe, explorer.exe,winlogon.exe這些系統程序，此時我們可以使用icesword來卸載 dll文件。在process頁中找到系統進程，點選右鍵"Moudle Information"，查看訊息。注意有時候卸載*dll會造成系統當機，此時就必須請出system safety monitor來禁止*dll文件的載入

選擇欲卸載的*dl，點選unload卸載或是unload(force)來強制卸載。





5.     可以i監看一些隱藏服務。隱藏服務icesword會以紅色標示。

---

作者: 影月＊    時間: 06-11-4 08:51 PM

下載左之後亂碼- -

---

作者: uhthn2002    時間: 06-11-4 09:13 PM

你按 ctrl +alt+del睇下邊個佔用１００％吧

---

作者: 影月＊    時間: 06-11-4 09:15 PM

一開機的話
就得spoolsv.exe估100

---

作者: uhthn2002    時間: 06-11-4 09:24 PM

試一下咁樣
複製以下粗黑文字

Files to delete:
c:\windows32\tqppmtw.fyf

Folders to delete:
c:\windows\system32\spoolsv

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors

下載 The Avenger http://swandog46.geekstogo.com/avenger.zip ,儲存到桌面並解壓出來
執行 The Avenger , 按 Input script manually 再按 放大鏡
按 Ctrl + V/右click貼上剛才複製的內容 ,按 Done ,按 綠燈 開始,當有提示彈出, 按 Yes 兩次
The Avenger 會重新啟動你的電腦大約一至兩次,如果重新啟動時有黑色視窗彈出,這是正常情況
當重新啟動後,把 C:\avenger.txt 的內容貼上來

---

作者: kwan1987    時間: 06-11-4 09:57 PM

我個winas.exe佔成95%....點算?
我都關左spoolsv cpu佔用都係100%

[ 本帖最後由 kwan1987 於 2006-11-4 10:05 PM 編輯 ]

---

作者: kwan1987    時間: 06-11-4 09:58 PM

2006-11-04,21:53:06

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <avgnt><"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min>  [Avira GmbH]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <AlcWzrd><ALCWZRD.EXE>  [(Verified)RealTek Semicoductor Corp.]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DT Soft Ltd.]
    <ServiceHome><C:\Program Files\Besta\PSH2.0\PSH2.exe /startup>  [N/A]
    <ICQ Lite><; C:\Program Files\ICQLite\ICQLite.exe -minimize>  [ICQ Ltd.]
    <Winas><C:\WINDOWS\system32\Winas.exe>  [sinka]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{F93CB274-12A2-489E-9DB6-BAAF492448D0}><C:\WINDOWS\system32\msnfile.dll>  [N/A]

==================================
Startup Folders
N/A

==================================
Services
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler]
  <C:\Program Files\AntiVir PersonalEdition Classic\sched.exe><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService]
  <C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe><AVIRA GmbH>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Winas / Winas]
  <C:\WINDOWS\system32\Was.exe><sinka>

---

作者: 影月＊    時間: 06-11-4 11:35 PM

上面個個玩野?- -"
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\aqbxbngt

*******************

Script file located at: \??\C:\WINDOWS\oduipjbb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file c:\windows32\tqppmtw.fyf for deletion
Deletion of file c:\windows32\tqppmtw.fyf failed!

Could not process line:
c:\windows32\tqppmtw.fyf
Status: 0xc000003a



Folder c:\windows\system32\spoolsv not found!
Deletion of folder c:\windows\system32\spoolsv failed!

Could not process line:
c:\windows\system32\spoolsv
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

---

作者: uhthn2002    時間: 06-11-4 11:40 PM

情況如何-.-""""

---

作者: 影月＊    時間: 06-11-4 11:44 PM

spoolsv好似沒問題了.不過iexplore好似有問題--"
又要麻煩你了xd

---

作者: uhthn2002    時間: 06-11-5 07:45 AM

試一下咁樣
複製以下粗黑文字


Files to delete:
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\iexplore.exe
C:\WINDOWS\system\iexplore.exe
執行 The Avenger , 按 Input script manually 再按 放大鏡
按 Ctrl + V/右click貼上剛才複製的內容 ,按 Done ,按 綠燈 開始,當有提示彈出, 按 Yes 兩次
The Avenger 會重新啟動你的電腦大約一至兩次,如果重新啟動時有黑色視窗彈出,這是正常情況

打開記事本
貼上以下紅色字內容
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000001
"AutoShareServer"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"AutoShareWks"=dword:00000001
"AutoShareServer"=dword:00000001

檔案--->儲存-->選取所有檔案格式  檔案名為wormfix.reg  --->執行wormfix.reg

------------------------------------------

安裝以下任何一款防火牆(只裝一個)
ZoneAlarm (英文)
http://www.download.com/ZoneAlarm/3000-10435_4-10550364.html

Comodo Personal Firewall (英文)
http://www.personalfirewall.como ... ific&country=HK

安裝完成後re機

使用  Kaspersky Online Scanner :
http://www.kaspersky.com/virusscanner
1. 按 Kaspersky Online Scanner--->Accept
2. 之後 Kaspersky Online Scanner 會進行安裝及更新,完成後按 Next
3. 按 Scan Settings--->extended---> Ok
4. 按 My Computer 進行掃描.
5. 掃描結束後,按 Save Report As 儲存Kaspersky Online Scanner 掃描報告

之後貼上Kaspersky Online Scanner 掃描報告上來 及 說明當時情況

---

作者: 影月＊    時間: 06-11-5 01:22 PM

KASPERSKY ONLINE SCANNER REPORT  
Sunday, November 05, 2006 1:14:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/11/2006
Kaspersky Anti-Virus database records: 238362


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\  

Scan Statistics
Total number of scanned objects 32152
Number of viruses found 1
Number of infected objects 4 / 0
Number of suspicious objects 0
Duration of the scan process 01:29:29

Infected Object Name Virus Name Last Action
C:\Documents and Settings\0-0\Cookies\index.dat  Object is locked  skipped  

C:\Documents and Settings\0-0\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  

C:\Documents and Settings\0-0\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  

C:\Documents and Settings\0-0\Local Settings\History\History.IE5\index.dat  Object is locked  skipped  

C:\Documents and Settings\0-0\Local Settings\History\History.IE5\MSHist012006110520061106\index.dat  Object is locked  skipped  

C:\Documents and Settings\0-0\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  

C:\Documents and Settings\0-0\NTUSER.DAT  Object is locked  skipped  

C:\Documents and Settings\0-0\NTUSER.DAT.LOG  Object is locked  skipped  

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\2d6e4ebdf58688525af49498189f9346_e4e1e8ab-7126-4c72-ad6a-b673336b560b  Object is locked  skipped  

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\f58155b4b1d5a524ca0261c3ee99fb50_e4e1e8ab-7126-4c72-ad6a-b673336b560b  Object is locked  skipped  

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp  Object is locked  skipped  

C:\Documents and Settings\LocalService\Cookies\index.dat  Object is locked  skipped  

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat  Object is locked  skipped  

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YTF7GHR4\ieupsvc[1].exe  Infected: not-a-virus:AdWare.Win32.VB.x  skipped  

C:\Documents and Settings\LocalService\NTUSER.DAT  Object is locked  skipped  

C:\Documents and Settings\LocalService\ntuser.dat.LOG  Object is locked  skipped  

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  

C:\Documents and Settings\NetworkService\NTUSER.DAT  Object is locked  skipped  

C:\Documents and Settings\NetworkService\ntuser.dat.LOG  Object is locked  skipped  

C:\System Volume Information\MountPointManagerRemoteDatabase  Object is locked  skipped  

C:\WINDOWS\Debug\PASSWD.LOG  Object is locked  skipped  

C:\WINDOWS\Internet Logs\CHI.ldb  Object is locked  skipped  

C:\WINDOWS\Internet Logs\fwdbglog.txt  Object is locked  skipped  

C:\WINDOWS\Internet Logs\fwpktlog.txt  Object is locked  skipped  

C:\WINDOWS\Internet Logs\IAMDB.RDB  Object is locked  skipped  

C:\WINDOWS\Internet Logs\tvDebug.log  Object is locked  skipped  

C:\WINDOWS\SchedLgU.Txt  Object is locked  skipped  

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  Object is locked  skipped  

C:\WINDOWS\system32\assvc.exe  Infected: not-a-virus:AdWare.Win32.VB.x  skipped  

C:\WINDOWS\system32\CatRoot2\edb.log  Object is locked  skipped  

C:\WINDOWS\system32\CatRoot2\tmp.edb  Object is locked  skipped  

C:\WINDOWS\system32\config\AppEvent.Evt  Object is locked  skipped  

C:\WINDOWS\system32\config\default  Object is locked  skipped  

C:\WINDOWS\system32\config\default.LOG  Object is locked  skipped  

C:\WINDOWS\system32\config\SAM  Object is locked  skipped  

C:\WINDOWS\system32\config\SAM.LOG  Object is locked  skipped  

C:\WINDOWS\system32\config\SecEvent.Evt  Object is locked  skipped  

C:\WINDOWS\system32\config\SECURITY  Object is locked  skipped  

C:\WINDOWS\system32\config\SECURITY.LOG  Object is locked  skipped  

C:\WINDOWS\system32\config\software  Object is locked  skipped  

C:\WINDOWS\system32\config\software.LOG  Object is locked  skipped  

C:\WINDOWS\system32\config\SysEvent.Evt  Object is locked  skipped  

C:\WINDOWS\system32\config\system  Object is locked  skipped  

C:\WINDOWS\system32\config\system.LOG  Object is locked  skipped  

C:\WINDOWS\system32\h323log.txt  Object is locked  skipped  

C:\WINDOWS\system32\ieaus.exe  Infected: not-a-virus:AdWare.Win32.VB.x  skipped  

C:\WINDOWS\system32\ossvc.exe  Infected: not-a-virus:AdWare.Win32.VB.x  skipped  

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  Object is locked  skipped  

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  Object is locked  skipped  

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  Object is locked  skipped  

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  Object is locked  skipped  

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  Object is locked  skipped  

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  Object is locked  skipped  

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  Object is locked  skipped  

C:\WINDOWS\Temp\ZLT022d9.TMP  Object is locked  skipped  

C:\WINDOWS\Temp\ZLT022e3.TMP  Object is locked  skipped  

C:\WINDOWS\WindowsUpdate.log  Object is locked  skipped  

Scan process completed.
e家冇咩問題啦,不過explorer.exe好似有d問題,仲有網上有d圖片我睇唔到,,我用第2部又睇到

---

作者: uhthn2002    時間: 06-11-5 01:26 PM

explorer.exe有d咩問題

你睇唔到邊種格式既圖片

你用緊咩瀏覽器

---

作者: maxmaxddr    時間: 06-11-5 01:29 PM

TESTING
睇唔睇到我d千名圖片??

---

作者: 影月＊    時間: 06-11-5 07:17 PM

睇唔到呢張
我用第2部機就睇到
我用緊有個e字個個
姐係一開始比你果個

---

作者: uhthn2002    時間: 06-11-5 07:33 PM

轉用其他瀏覽器吧=-=
相信你個瀏覽器損壞左=-=

---

作者: 影月＊    時間: 06-11-5 08:29 PM

但我用慣呢個喎
有冇得dl架

---

作者: uhthn2002    時間: 06-11-5 08:38 PM

有個同 ie 好相似既 你試唔試下呢?
MAXTHON

---

作者: 影月＊    時間: 06-11-5 09:58 PM

好- -"
唔知係邊dl

---

作者: uhthn2002    時間: 06-11-5 10:43 PM

maxthon
http://maxthon.com/download.htm

繁體中文語言檔
Chinese Traditional Image

將佢解壓返去
C:\Program Files\Maxthon\Language
入面佢會自己整一個叫做
ChineseTraditional 資料夾

之後開 Maxthon
Options -> Maxthon Options
Advanced -> Language
選 Chinese Tradition | 繁體中文
OK

---

作者: 影月＊    時間: 06-11-6 07:27 PM

用左上唔到網既- -- - -

---

作者: 影月＊    時間: 06-11-6 10:03 PM

頂..我玩唔到game呀
點整返呀

---

作者: uhthn2002    時間: 06-11-6 10:05 PM

彈左d咩錯誤 訊息出黎

---

作者: 影月＊    時間: 06-11-6 10:09 PM

用你叫我用個個瀏覽器
安左之後,轉埋中文
諗住用.點知咩網都上唔到既
我用返ie又上到網
e家玩咩game都,找不到網頁

---

作者: maxmaxddr    時間: 06-11-6 10:21 PM

cap電腦福圖上來看看發生咩事幹~
http://www.imagevenue.com/
http://photobucket.com/

---

作者: maxmaxddr    時間: 06-11-6 10:26 PM

http://www.badongo.com/file/1668079
入去試下dl我呢個版本
免裝的

---

作者: 影月＊    時間: 06-11-6 10:28 PM



[ 本帖最後由 影月＊ 於 2006-11-6 10:30 PM 編輯 ]

---

作者: 影月＊    時間: 06-11-6 10:49 PM

點解冇人理我架
\口/

---

作者: uhthn2002    時間: 06-11-6 11:10 PM

=-=咁奇怪既 真係唔係好知
一係試下咁

下載 Winsock XP Fix 右鍵另存檔案 http://files.webattack.com/localdl834/WinsockxpFix.exe

執行WinsockxpFix.exe , 按 Fix,再重新開機

---

作者: maxmaxddr    時間: 06-11-7 04:58 AM

真係學巴士阿叔
未解決-.-"
去其他網搵下有無你個k屎先-.-~

---

作者: 漂流果    時間: 09-5-3 05:33 AM     標題: ntuser dat

我已經裝裝刪除咗好多次 一般格式化重裝都不能清除 呢個喺木馬程式 進攻整個

C:\WINDOWS\system32系統裝置 病毒檔不段變大 後期我發覺登錄檔都有佢份  首頁會變成空白

頁about black 以及上網都要等候理about black 完全受黑客控制 後期防毒和windons易被他

操控 因為我發覺在資料夾選項中設定顯示隱藏檔案 則出現很多間諜.db.檔 所有usb裝置都出

現此等檔案 usb手指和外置硬碟檔案不段繪出被盜及執行變慢 因大部份usb裝置都有亮燈提示

我自己覺得此手段極惡 希望有心人幫忙解決

---

歡迎光臨 2000FUN論壇 (https://www.2000fun.com/)

Powered by Discuz! X1.5.1