|
|
Internet Explorer 问题的一般思路
Internet Explorer 问题的一般思路:
一、每次你都要做的 –> 重设Internet选项:
1. 清Internet Explorer的临时文件
2. 重设安全级别为默认级别
3. Cookie的设置也设为默认级别
4. 程序关联也重置
5. 把高级设置也重置
6. 有时候把”启用第三方浏览器扩展”禁止会解决一些问题
二、有些情况下是由于一些DLL没有被正确注册。大概可以分成以下几类:
脚本出错:
-----------------------------------
regsvr32 scrrun.dll
regsvr32 msxml.dll
regsvr32 mshtml.dll
regsvr32 msjava.dll
regsvr32 jscript.dll
连接打不开:
-----------------------------------
regsvr32 urlmon.dll
页面显示问题:
----------------------------------
regsvr32 shdocvw.dll
regsvr32 browseui.dll
安全站点打不开:
---------------------------------
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
三、如果是IE出错,大多数情况下是由于第三方Plug-in造成的。IE本身出错的情况是很少见的。
1. 去Spyware是你发现IE老是出错或者你的主页老是被改掉时第一个要用的
常用的去Spyware的免费工具:
Ad-Aware: http://www.lavasoft.de/support/download
Spybot S&D: http://beam.to/spybotsd
CWShredder: http://www.spywareinfo.com/~merijn/files/CWShredder.exe
注意在运行这些程序的时候要把IE和Explorer全部关掉,因为大多数Spyware的进程是绑定到这两个和Windows Shell有关的process上的。同时注意要注意把这些工具更新到最新的特征库。Spyware和virus一样也要更新定义库的。
另外一些传统上的防病毒软件现在也能杀一部分spyware。下面有几个免费的在线服务:
Trendmicro: http://housecall.trendmicro.com/
BitDefebder: http://www.bitdefender.com/scan/licence.php
Panda: http://www.pandasoftware.com/activescan/
2. 如果spyware不能自动去除,可能就需要你手工清除。最常用的工具有:
HijackThis: http://www.majorgeeks.com/download3155.html or http://www.spywareinfo.com/~merijn/files/HijackThis.exe
它会扫描当前的系统状态。下面是一个例子:
Running processes:
…
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://btbroadbandstart.bt.com/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-2003.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://1-se.com/home.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\homepage.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: winlink module - {6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Administrator\Application Data\winlink\winlink.dll (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [host] C:\WINNT\system32\hosts.vbs
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [ISD] C:\WINNT\ISD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [olehelp] C:\WINNT\system32\olehelp.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\wordi00026\5592687.exe -remove
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: &AroundWeb Search - res://C:\Program Files\AroundWeb\awtoolb.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Web Search - C:\WINNT\ex.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW Prefix: http://ehttp.cc?
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
….
值得注意事项的部分:
R1开头的是一些IE的设置,包括主页,搜索设置等。如果你被一些恶意的网页感染了,这里会发现一些情况。
O2很重要。很多IE的Plug-in是通过BHO来重现与Shell的绑定的。这里要注意那些可疑的第三方DLL。
O3是IE里的一些工具栏或者是其他Extension。如果不是你安装过的程序出现在这里,也可以去除。
O4是启动项。就和msconfig里看到的差不多。
还有其他的就不一一说明了。
在HijackThis里你可以把那些可疑的item打勾再点”Fix checked”。这样那些可疑的item就被自动删除了。大家有时候还可以把在自己机子上得到的HijackThis的log发到论坛上这样其他人可以帮助分析,哪些东西得删除。。。
3. 还有两个高级的工具:
Process Explorer:
http://www.sysinternals.com/ntw2k/f...e/procexp.shtml
可以帮你看到所有绑定到Explorer或者IE的进程。
Microsoft MPS reporting tool:
http://www.microsoft.com/downloads/...&displaylang=en
这个工具是Microsoft工程师的最爱。大量的信息可以在里面被找到。如果IE的一些注册表值、system information、系统目录下所有的DLL、当前运行的所有程序及绑定其上的DLL等等。 |
|
发表于 2004-11-6 00:38:04
置顶卡
变色卡
千斤顶
显身卡
发表于 2004-11-6 00:39:55