改用以下脚本在跑一次,如果一样没解决多一份分析资料给我,不晓得恶意程式藏在哪。
复制程式
MOVE FILE::
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\雄 Internet Explorer 銡拟.lnk
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk
C:\Documents and Settings\user\「开始」功能表\程式集\Internet Explorer.lnk
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX1\DanSnowB7.exe
RESET REG::
[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{7ABC2DB2-42BC-71BC-1548-32DD45C6CDB5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{871C5380-42A0-1069-A2EA-08002B30309D}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
MOD REG::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{7ABC2DB2-42BC-71BC-1548-32DD45C6CDB5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{871C5380-42A0-1069-A2EA-08002B30309D}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{223bc3fe-345a-ffee-3c9e-fe12345678e1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"<没有名称>"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://tw.yahoo.com/"
[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
REBOOT::
如果重开机过后还是一样,请在多一份SREng日志一起上传,包括本次产生的Efix Log。
SREng:
http://star000star.myweb.hin...sre.ng2.zip●执行SREng主程式,左下角选择「智慧扫描」,不要更动任何设置开始扫描,扫描结束后将Log存档。
