唔该各位兄弟帮下手。。。

Maxson85

今日开机唔知点解无喇喇弹出以下匿d视窗出黎，
有咩办法搞番掂它？
我唔想format架机，因为电脑度有好多野。。。

cgdmzlam

近排有無去dl 咸野呢???

Maxson85

梗系无喇！！

gergermen

有冇殺過毒呀~
似係某種毒整花咗個註冊表~
試下殺毒後恢復個註冊表到出事前嗰日~

Maxson85

点样恢復個註冊表？

gergermen

Originally posted by Maxson85 at 2006-7-20 03:35 PM:
点样恢復個註冊表？

註冊表恢復其中一方法：開始——>執行，輸入scanreg，會自動掃描並備份，若有損壞，並會自動恢復及重新啟動電腦~
或加參數：scanreg /restore ，自己選擇要還原嘅備份日期~


啱先喺網上搜咗下~
發現都有人有呢種情況出現~（中咗毒/木馬——>curvisfilter-031 )
你有冇殺過毒（殺唔殺到）？
1
查找圖中文件：curvis*.*，可能會揾到一啲相關文件~
2
開始——>執行，輸入regedit，查找curvis相關嘅內容，刪咗佢~
開始——>啟動，DEL同CURVIS相關嘅嘢~（係唔可以喺Recycle度恢復返）
3
用HIJACKTHIS掃一掃~等佢嚟搞掂~

[ Last edited by gergermen on 2006-7-20 at 04:53 PM ]

Maxson85

老细，系得哦！！唔该晒哦阿gergerman！！
果d 视窗无再弹出黎。。。
不过每次开机都 scan 到有毒，就算洗倒，
但重启电脑后一样 scan 到有毒。。。。
好似系咩 “svchostfilter-031”。。。

请问有咩办法可以搞掂个毒咧？

同埋我用 HijackThis Scan 过一轮，
请阿gergerman 或各位高人帮下手睇下有咩问题，
同埋点样搞番掂我部机。。。

系度再次唔该各位先！！！


===============================================

Logfile of HijackThis v1.99.0
Scan saved at 11:13:02 PM, on 7/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smssfilter-031
C:\WINDOWS\system32\winlogonfilter-031
C:\WINDOWS\system32\servicesfilter-031
C:\WINDOWS\system32\lsassfilter-031
C:\WINDOWS\system32\Ati2evxxfilter-031
C:\WINDOWS\system32\svchostfilter-031
C:\WINDOWS\System32\svchostfilter-031
C:\WINDOWS\system32\spoolsvfilter-031
C:\WINDOWS\system32\Ati2evxxfilter-031
C:\WINDOWS\Explorerfilter-031
C:\WINDOWS\system32\rundll32filter-031
C:\Program Files\Common Files\Real\Update_OB\realschedfilter-031
C:\Program Files\iTunes\iTunesHelperfilter-031
C:\Program Files\CyberLink\PowerDVD\PDVDServfilter-031
C:\WINDOWS\system32\ctfmonfilter-031
C:\Program Files\Internet Download Manager\IDManfilter-031
C:\WINDOWS\system32\Kerne0223filter-031
C:\Program Files\MSNShell\BIN\MSNShellfilter-031
C:\Program Files\DLink\Bluetooth Software\BTTrayfilter-031
C:\Program Files\DLink\Bluetooth Software\bin\btwdinsfilter-031
C:\Program Files\iPod\bin\iPodServicefilter-031
C:\Program Files\Internet Explorer\IEXPLOREfilter-031
C:\Program Files\MSN Messenger\msnmsgrfilter-031
C:\Program Files\Internet Explorer\IEXPLOREfilter-031
C:\Documents and Settings\Maxson\Desktop\HijackThisfilter-031

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AlxTB BHO Class - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32filter-031 bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIGfilter-031" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETPfilter-031 /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETPfilter-031 /IMEName
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavfilter-031" /minimize
O4 - HKLM\..\Run: [SoundMan] SOUNDMANfilter-031
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realschedfilter-031"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheckfilter-031
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelperfilter-031"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttaskfilter-031" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServfilter-031"
O4 - HKLM\..\Run: [fzg] C:\WINDOWS\Config\svhost32filter-031
O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\kingsoft\KSG\clientfilter-031
O4 - HKCU\..\Run: [CTFMONfilter-031] C:\WINDOWS\system32\ctfmonfilter-031
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgrfilter-031" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDManfilter-031 /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypagerfilter-031 -quiet
O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\system32\Kerne0223filter-031
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShellfilter-031 autorun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loaderfilter-031
O4 - Global Startup: 蓝牙控制盘.lnk = ?
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCELfilter-031/3000
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - Extra context menu item: 使用 IDM 下载 - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: 使用 IDM 下载所有链接 - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: 发送到 Bluetooth(&B) - C:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgsfilter-031
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgsfilter-031
O10 - Unknown file in Winsock LSP: c:\windows\system32\mshlpxb64.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mshlpxb64.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxxfilter-031
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgagfilter-031
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth Software\bin\btwdinsfilter-031
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverTfilter-031
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodServicefilter-031
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvcfilter-031

[ Last edited by Maxson85 on 2006-7-20 at 11:20 PM ]

Maxson85

重启电脑后一样 scan 到有毒既文件系 “svchost32.*x*”

gergermen

最好先入安全模式

入註冊表刪咗呢項~
O4 - HKLM\..\Run: [fzg] C:\WINDOWS\Config\svhost32.e x e
再喺註冊表搜埋關於msdll.dll嘅相關內容
清埋開始——啟動
跟手刪 svhost32.e x e + msdll.dll
睇下揾唔揾到呢個~
C:\tt.txt
你可以打開睇下 /  刪埋佢~

最後再用你個Kaspersky掃一次（更新病毒庫先）部機先再開機~

ps:有冇玩天堂??（搜過，呢個係天堂木馬專盜帳號）
裝咗alexa tool bar??

Maxson85

请问点入安全模式？
我好惊洗错野，因为以前濑过野，
洗错野，搞到要 format 架机。。。

ps : 天堂系咪 online game?
我无搞开 online game 架。。。
我裝 alexa tool bar 系因为要 download 野。。。。