1. 關閉系統還原, 重新開機, 按f8進入安全模式.
2. 開啟hijackthis , 按 "do a system scan only".
3. 剔選以下項目, 按 "fix checked" , 然後關閉hijackthis.
R3 - URLSearchHook: (no name) - {2399DF90-F3B7-45F5-9FE5-86970F375E10} - C:\PROGRA~1\COMMON~1\mswiea.dll
O2 - BHO: Info cache - {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Rose\pbhealth.dll (file missing)
O2 - BHO: Info cache - {295AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\sony\baiduc.dll
O2 - BHO: (no name) - {85C59C9F-B9D6-48C0-A51F-FB3285D48910} - C:\PROGRA~1\COMMON~1\wmsieda.dll
O2 - BHO: JavaSunSurf Class - {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2012.dll (file missing)
4. 到控制台 > 資料夾選項 > 檢視 > 選「顯示所有檔案」及 不選「隱藏受保護的系統檔」,刪除C:\Documents and Settings\用戶名\Local Settings\Temp\ 及 Temporary Internet Files 入面所有的files.
刪除以下檔案及資料夾:
C:\PROGRA~1\COMMON~1\mswiea.dll
C:\WINDOWS\Rose\pbhealth.dll
C:\WINDOWS\sony\baiduc.dll
C:\PROGRA~1\COMMON~1\wmsieda.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2012.dll
5. 以附件形式附上新的hijackthis report + combofix report,以便作檢查,順便報告狀況。置頂文章有combofix 教學及下載.
