改用以下腳本在跑一次,如果一樣沒解決多一份分析資料給我,不曉得惡意程式藏在哪。
複製程式
MOVE FILE::
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\雄 Internet Explorer 銡擬.lnk
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\啟動 Internet Explorer 瀏覽器.lnk
C:\Documents and Settings\user\「開始」功能表\程式集\Internet Explorer.lnk
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX1\DanSnowB7.exe
RESET REG::
[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{7ABC2DB2-42BC-71BC-1548-32DD45C6CDB5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{871C5380-42A0-1069-A2EA-08002B30309D}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
MOD REG::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{7ABC2DB2-42BC-71BC-1548-32DD45C6CDB5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{871C5380-42A0-1069-A2EA-08002B30309D}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{223bc3fe-345a-ffee-3c9e-fe12345678e1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"<沒有名稱>"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://tw.yahoo.com/"
[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
REBOOT::
如果重開機過後還是一樣,請在多一份SREng日誌一起上傳,包括本次產生的Efix Log。
SREng:
http://star000star.myweb.hin...sre.ng2.zip●執行SREng主程式,左下角選擇「智慧掃描」,不要更動任何設置開始掃描,掃描結束後將Log存檔。
