查看單個文章
舊 2006-06-19, 09:16 PM   #8 (permalink)
psac
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:
【求助】網路能PING通網關,但IE卻提示「打不開搜索而」??

系統中了病毒及廣告流氓軟件,連「我的電腦都打不開」,更不說IE了。經殺毒,可以打開「我的電腦」,但IE還是打不開網頁,提示「打不開搜索頁」,但網上的芳鄰能打開,網關也能PING通,用IE修復工具修復後也不行,請問該怎麼辦?請高手指教,謝謝!不想重裝系統。



A:


請到 這裡 下載 System Repair Engineer 。
解壓後雙擊sreng,點擊「智慧式掃瞄」——掃瞄——儲存報告——用記事本打開日誌文件SREngLOG.log,將內容複製貼上去上來。



Q:
現在問題是,網觀能ping通,局域網也通,就ie打不開,不知從何下手?



A:
可能是 winsock LSP 出現問題了

請把HijackThis或 System Repair Engineer的掃瞄報告發上來,以便分析是否適合用 Winsock XP Fix 來解決



Q:
分析報告發出來,請幫忙分析下,謝謝。
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation]這個有沒有問題?殺毒軟件報告可能染病毒。請你看看。




2006-06-19,18:07:29

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\Windows\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> []
<{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> []
<{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> []
<{213E78BD-8353-4D47-876B-E99D9C76CD66}><> []
<{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> []
<{F0248891-45C1-4559-8519-DFB07376F8D2}><> []
<{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> []
<{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> []
<{11F9D051-5E27-428D-B760-0D94A653332C}><> []
<{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> []
<{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> []
<{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> []
<{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> []
<{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> []
<{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> []
<{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> []
<{1909E461-7266-4201-8855-022294B7D164}><> []
<{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> []
<{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> []
<{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> []
<{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> []
<{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> []
<{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll> []
<{966261B0-3618-4B88-BAE1-B3086D634EB5}><> []
<{898EE642-7959-4F66-B589-B25248768EF7}><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<stdup><> []
<Vision><> []

==================================
啟動資料夾
服務
[Computer Storage / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[ewido security suite control / ewido security suite control]
<C:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
<C:\Program Files\ewido anti-malware\ewidoguard.exe><ewido networks>
[NOD32 Kernel Service / NOD32krn]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Sample NT Service / SampleService]
<C:\WINDOWS\NTService.exe><N/A>

==================================
瀏覽器載入項
[新浪UC]
{2253922F-1B26-4C74-8B57-E3AEE748DBB8} <C:\Program Files\sina\UC\uc.exe, 北京新浪訊息技術有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\F盤剩餘內容\新增資料夾\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Flash.ocx, Macromedia, Inc.>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在執行的工作行程
[PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 736][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 864][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 928][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1256][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1628][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80>
[C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A>
[PID: 1740][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30>
[PID: 1756][C:\Program Files\Eset\nod32kui.exe] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\nod32rui.dll] <N/A><N/A>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80>
[C:\Program Files\Eset\pu_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pu_dmon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_emon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_imon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_mirr.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pu_upd.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 1776][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1840][C:\Documents and Settings\wk1\桌面\SREng2-v2.021\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80>
[PID: 424][C:\Program Files\ewido anti-malware\ewidoctrl.exe] <ewido networks><3, 0, 0, 1>
[C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1>
[PID: 744][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00>
[PID: 1144][C:\Program Files\Eset\nod32krn.exe] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\nod32krr.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\ps_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\ps_dmon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_emon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_mirr.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\ps_upd.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 1380][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>

==================================
文件關聯
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================




A:


卸載騰訊地址欄搜索



再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> []
<{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> []
<{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> []
<{213E78BD-8353-4D47-876B-E99D9C76CD66}><> []
<{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> []
<{F0248891-45C1-4559-8519-DFB07376F8D2}><> []
<{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> []
<{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> []
<{11F9D051-5E27-428D-B760-0D94A653332C}><> []
<{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> []
<{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> []
<{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> []
<{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> []
<{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> []
<{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> []
<{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> []
<{1909E461-7266-4201-8855-022294B7D164}><> []
<{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> []
<{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> []
<{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> []
<{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> []
<{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> []
<{966261B0-3618-4B88-BAE1-B3086D634EB5}><> []
<{898EE642-7959-4F66-B589-B25248768EF7}><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<stdup><> []
<Vision><> []


執行 System Repair Engineer 在「啟動專案」->「服務」 中刪除下面專案

[Computer Storage / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Sample NT Service / SampleService]
<C:\WINDOWS\NTService.exe><N/A>


刪除下面文件
C:\WINDOWS\NTService.exe
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL



工作行程文件: logonui 或者 logonui.exe

工作行程名稱: Microsoft Logon User Interface

工作行程名稱: logonui.exe是一個系統工作行程,用於顯示微軟Windows XP系統用戶切換界面。這個程式對你系統的正常執行是非常重要的。



出品者: Microsoft
屬於: Microsoft Windows Operating System

系統工作行程: 是
後台程式: 是
使用網路: 否
硬體相關: 否
常見錯誤: 未知N/A
記憶體使用: 未知N/A
安全等級 (0-5): 0
間諜軟件: 否
廣告軟件: 否
Virus: 否
木馬: 否


你是不是安裝了開機畫面美化工具?

此帖於 2006-06-20 05:37 AM 被 psac 編輯.
__________________
http://bbsimg.qianlong.com/upload/01/08/29/68/1082968_1136014649812.gif
psac 目前離線  
送花文章: 3, 收花文章: 1630 篇, 收花: 3203 次