[quote]Originally posted by [i]147ak477[/i] at 2006-1-15 23:40:
(1)
by TEMP, you mean c:\ TEMP
or C:\Documents and Settings\Administrator\Local Settings\Temp?
scan log please change to .log
[[i] Last edited by 147ak477 on 2006-1-15 at 11:42 PM [/i]] [/quote]
all~~~記住連隱含嗰啲一並DEL
where is log?
**** 作者被禁止或刪除 內容自動屏蔽 ****
**** 作者被禁止或刪除 內容自動屏蔽 ****
睇過曬,問題係呢兩個,用HIJACKTHIS修復後,最後手工入去呢兩個位置(記住個路徑同啲數字),再CHECK一次,DEL lv0u09d9e.dll(唔係刪咗後入Recycled嗰種,係不可恢復),順手改返HOST
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B69C40C-4719-4BCA-85F7-49A8AFC67880}: NameServer = 205.252.144.28 218.102.23.77
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\lv0u09d9e.dll
用殺毒軟件(更新咗個病毒庫先)再全機完整掃一次(用NORTON可能未必查,可以試下其他),懷疑造成呢個問題嘅代碼嵌入咗啲程序度。
[quote]Originally posted by [i]gergermen[/i] at 2006-1-16 12:32 AM:
睇過曬,問題係呢兩個,用HIJACKTHIS... [/quote]
非常厲害的電腦博士-隱貓,小弟完全唔明,喵~~喵~~~:D
**** 作者被禁止或刪除 內容自動屏蔽 ****
咁你入SAFE MODE度再睇搞一次
HIJACKTHIS掃一次,手工CHECK一次
NORTON掃一次
開始——執行,REGSVR32 /U lv0u09d9e.dll ,再一次相同命令REGSVR32 /U <norton 掃到有問題又DEL唔到個DLL>
再手工刪一次。
[[i] Last edited by gergermen on 2006-1-16 at 10:29 AM [/i]]
用HIJACKTHIS修復以下items:
O4 - HKLM\..\Run: [MS Messenger] C:\WINDOWS\msm. exe
Delete the following files:
ssocks5.dll
%systemdir%\SSocks32.dll
Regsock32. exe
MSM. EXE
[[i] Last edited by kingwong on 2006-1-16 at 06:06 PM [/i]]
**** 作者被禁止或刪除 內容自動屏蔽 ****
**** 作者被禁止或刪除 內容自動屏蔽 ****
最好先唔好上網住,暫時關閉系統還原(若有開嘅話),開機時按“F5”,將隱含文件全部先顯示出嚟,等清完毒,再隱藏返。
1、先試下用殺毒軟件睇下可唔可以清除
殺毒軟件全機掃一次
2、上面方法唔得,再人手刪除佢
按 kingwong 講用HIJACKTHIS修復下面呢個同上面我講嗰兩個(竟然冇留意到呢項=.=)
O4 - HKLM\..\Run: [MS Messenger] C:\WINDOWS\msm. exe
跟住手工刪除下面呢啲(記得睇下HOST使唔使改)
DEL(呢幾個要徹底刪除,如果刪唔到,試下用上面講先regsvr32 /u 文件名,再刪)
C:\windows\system32\SSock32.dll
C:\WINDOWS\msm. exe
Regsock32. exe & ssocks5.dll: 一係 C:\windows\system32\,or 一係 C:\windows\
——開始——查找(或只有桌面冇打開窗口時按“F3”),輸入ssock32.*,msn.*,ssocks5.*,regsock32.*,位置選C:或所有分區(all driver)/我的電腦
del(入註冊表)
[quote]HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D2-8D96-000000000004}
HKEY_CLASSES_ROOT\HTMLEdit.SSocks32
HKEY_CLASSES_ROOT\HTMLEdit.SSocks32.1
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks32
HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks32.1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{000000000004}
HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\HTMLEdit.SSocks5
HKEY_CLASSES_ROOT\HTMLEdit.SSocks5.1
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks5
HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks5.1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\
Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}[/quote]
暫時關閉系統還原(若有開嘅話),開機時按“F5”
but still cannot enter safe mode
i use win XP
when i reboot ,, it first show toshiba , then window XP ( loading screen). then log in screen
when shall i press F5
**** 作者被禁止或刪除 內容自動屏蔽 ****
**** 作者被禁止或刪除 內容自動屏蔽 ****
sorry~~~~is press F8
As your computer restarts but before Windows launches, press F8
first show toshiba ,press F8
select safe made with network,but you no need to use network
[quote]Originally posted by [i]gergermen[/i] at 2006-1-18 12:25 AM:
sorry~~~~is press F8
As your computer restarts but before Windows launches, press F8
first show toshiba ,press F8
select safe made with network,but you no need to use network [/quote]
你好少可咁夜喎;)
**** 作者被禁止或刪除 內容自動屏蔽 ****
what method~~~~
can you tell me?:P
download a program called l2mfix, and clean up using the programme
(but i do not know what it does, i just enter the command to make it fix :-))