雲之森
   
|
分享:
▲
▼
附帶說明這是NB的 並不是個人桌上電腦 複製程式
2007-07-27,18:22:27
System Repair Engineer 2.5.16.900
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Home Edition (Build 2600) - 管理許可權用戶 - 完整功能
以下內容被選中:
所有的啟動項目(包括註冊表、開機檔案夾、服務等)
流覽器載入項
正在運行的進程(包括進程模組資訊)
文件關聯
Winsock 提供者
Autorun.inf
HOSTS 文件
進程特權掃描
啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<ccApp><C:\Program Files\Common Files\Symantec Shared\ccApp.exe> [(Verified)Symantec Corporation, L=Santa Monica, S=California, C=US]
<ccRegVfy><C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe> [(Verified)Symantec Corporation, L=Santa Monica, S=California, C=US]
<Hcontrol><C:\WINDOWS\Hcontrol.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync> [(Verified)Microsoft Corporation]
<PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync> [(Verified)Microsoft Corporation]
<ryy><C:\WINDOWS\rundl132.exe> []
<fzg><C:\WINDOWS\Config\svhost32.exe> []
<mnsa><C:\DOCUME~1\wu\LOCALS~1\Temp\mnso.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,C:\WINDOWS\$hf_mig$\svhost32.exe,C:\WINDOWS\rundl132.exe,C:\WINDOWS\Installer\services.exe,> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
==================================
開機檔案夾
[Microsoft Office OneNote 2003 快速啟動]
<C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Microsoft Office OneNote 2003 快速啟動.lnk --> C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [Microsoft Corporation]><N>
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
==================================
服務
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
<C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe><Symantec Corporation>
[Symantec Password Validation Service / ccPwdSvc][Stopped/Manual Start]
<C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Norton AntiVirus 自動防護服務 / navapsvc][Running/Auto Start]
<"C:\Program Files\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[ScriptBlocking Service / SBService][Stopped/Auto Start]
<C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation>
==================================
驅動程式
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
<System32\DRIVERS\ATKACPI.sys><ASUSTek COMPUTER INC.>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041117.006\NAVENG.Sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041117.006\NavEx15.Sys><Symantec Corporation>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
<System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT][Running/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\SAVRT.SYS><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/Auto Start]
<\??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
<System32\DRIVERS\sisnic.sys><SiS Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/Auto Start]
<\??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[kingxx / kingxx][Running/]
<2 - 系統找不到指定的檔案。
><N/A>
==================================
流覽器載入項
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[CNavExtBho Class]
{BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[參考資料(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Norton AntiVirus]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[收音機(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[ewidoOnlineScan Control]
{193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[PcubeSet Class]
{CEE326E8-7571-4086-B347-3C0ACA9A9DE8} <C:\WINDOWS\System32\P3Check.dll, (c) PeeringPortal>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[PopCapLoader Object]
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} <C:\WINDOWS\Downloaded Program Files\popcaploader.dll, N/A>
[匯出至 Microsoft Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
==================================
正在運行的進程
[PID: 460 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 548 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 592 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 604 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 772 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 844 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 972 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1036 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1200 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 1.00.37]
[C:\WINDOWS\system32\ccTrust.dll] [Symantec Corporation, 1.00.22]
[C:\WINDOWS\system32\SYMSTORE.dll] [Symantec Corporation, 4.7.1.2]
[C:\PROGRA~1\NORTON~1\NAVEvent.dll] [Symantec Corporation, 9.05.1015]
[C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvt.dll] [Symantec Corporation, 1.00.104]
[PID: 1344 / wu][C:\WINDOWS\rundl132.exe] [N/A, ]
[C:\DOCUME~1\wu\LOCALS~1\Temp\5p.dll] [N/A, ]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[PID: 1372 / wu][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[C:\DOCUME~1\wu\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Norton AntiVirus\NavShExt.dll] [Symantec Corporation, 9.05.15]
[C:\WINDOWS\System32\ccTrust.dll] [Symantec Corporation, 1.00.22]
[PID: 1524 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1656 / SYSTEM][C:\Program Files\Norton AntiVirus\navapsvc.exe] [Symantec Corporation, 9.05.1015]
[C:\Program Files\Norton AntiVirus\SavRT32.dll] [Symantec Corporation, 9.0.1.36]
[PID: 1868 / wu][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 1.00.104]
[C:\WINDOWS\System32\SYMSTORE.dll] [Symantec Corporation, 4.7.1.2]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 1.00.104]
[C:\WINDOWS\System32\SYMREDIR.dll] [Symantec Corporation, 4.7.1.2]
[C:\PROGRA~1\COMMON~1\SYMANT~1\ccErrDsp.DLL] [Symantec Corporation, 1.00.104]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DLL] [Symantec Corporation, 1.00.104]
[C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvt.DLL] [Symantec Corporation, 1.00.104]
[C:\WINDOWS\System32\ccTrust.dll] [Symantec Corporation, 1.00.22]
[C:\PROGRA~1\NORTON~1\CCIMSCAN.DLL] [Symantec Corporation, 9.05.1015]
[C:\PROGRA~1\NORTON~1\DEFALERT.DLL] [Symantec Corporation, 9.05.15]
[C:\PROGRA~1\NORTON~1\NAVAPW32.DLL] [Symantec Corporation, 9.05.1015]
[C:\WINDOWS\System32\ccPasswd.DLL] [Symantec Corporation, 1.00.104]
[C:\PROGRA~1\NORTON~1\apwutil.dll] [Symantec Corporation, 9.05.1015]
[C:\PROGRA~1\NORTON~1\SavRT32.dll] [Symantec Corporation, 9.0.1.36]
[C:\Program Files\Norton AntiVirus\apwcmdnt.dll] [Symantec Corporation, 9.05.1015]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[C:\Program Files\Norton AntiVirus\NavEmail.dll] [Symantec Corporation, 9.05.1015]
[PID: 1900 / wu][C:\WINDOWS\Hcontrol.exe] [ASUSTeK COMPUTER INC., 1043, 2, 15, 12]
[C:\WINDOWS\inter_f2.dll] [ASUSTeK, 1043, 2, 15, 12]
[C:\WINDOWS\AEIWLIOC.dll] [Actiontec Electronics, Inc, 1.07.01]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[PID: 1948 / wu][C:\WINDOWS\rundl132.exe] [N/A, ]
[C:\DOCUME~1\wu\LOCALS~1\Temp\5p.dll] [N/A, ]
[PID: 1956 / wu][C:\WINDOWS\Config\svhost32.exe] [N/A, ]
[C:\DOCUME~1\wu\LOCALS~1\Temp\iwyavan.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[PID: 1980 / wu][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[PID: 1988 / wu][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.0.0812.00]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[C:\DOCUME~1\wu\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[PID: 2016 / wu][C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE] [Microsoft Corporation, 11.0.5601]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[PID: 244 / wu][C:\WINDOWS\ATKOSD.exe] [ASUSTeK COMPUTER INC., 1043, 2, 15, 12]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[PID: 1304 / wu][C:\PN300\bin\Pn3Tel.exe] [N/A, ]
[C:\PN300\BIN\PnPrt32.dll] [N/A, ]
[C:\PN300\BIN\PnTelTw2.dll] [Pacific Data Products Inc., 3.01.950]
[C:\PN300\BIN\PNSUP.DLL] [N/A, ]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[C:\DOCUME~1\wu\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[PID: 1280 / wu][C:\PN300\BIN\Survey2.exe] [N/A, ]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[PID: 1888 / wu][C:\Documents and Settings\wu\桌面\sreng2系統檢測修復程式\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Documents and Settings\wu\桌面\sreng2系統檢測修復程式\Lang\1028.DLL] [System Repair Engineer, 2.5.16.900]
[C:\WINDOWS\System32\dlyy.dll] [N/A, ]
[C:\WINDOWS\System32\dllf.dll] [N/A, ]
[C:\DOCUME~1\wu\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[C:\Documents and Settings\wu\桌面\sreng2系統檢測修復程式\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
132.147.168.7 viphost
==================================
進程特權掃描
特殊特權被允許: SeLoadDriverPrivilege [PID = 548, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特權被允許: SeDebugPrivilege [PID = 1344, C:\WINDOWS\RUNDL132.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 1948, C:\WINDOWS\RUNDL132.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 1956, C:\WINDOWS\CONFIG\SVHOST32.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 1304, C:\PN300\BIN\PN3TEL.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 1280, C:\PN300\BIN\SURVEY2.EXE]
==================================
API HOOK
N/A
==================================
隱藏進程
N/A
==================================
問題不知出在哪? 所以來請先進們討論指教一下 初步是想說會不會是被利用到微軟的安全更新漏洞 還是有什麼東西再一直傳播@@
|
 電腦之於生活 而生活的樂趣之一在於電腦 總言之-就是興趣 |
 x0
[2 樓]
From:臺灣中華HiNet | Posted:2007-07-29 14:42 |
|
|
彗星風采
|
分享:
▲
▼
看來問題還真不少.. 請參考以下.. 需要工具..SREng..Icesword 關閉系統還原..清理所有IE暫存..進入安全模式.. SREng程式..切換至啟動專案中的註冊表分頁..找到下列.. 啟動專案 註冊表 <ryy><C:\WINDOWS\rundl132.exe> [] <fzg><C:\WINDOWS\Config\svhost32.exe> [] <mnsa><C:\DOCUME~1\wu\LOCALS~1\Temp\mnso.exe> [] 點選刪除..按下是即可刪除.. SREng程式..切換至啟動專案中的註冊表分頁..找到下列.. 啟動專案 註冊表 <Userinit><C:\WINDOWS\system32\userinit.exe, C:\Program Files\Windows Media Player\svchost.exe,C:\WINDOWS\$hf_mig$\svhost32.exe,C:\WINDOWS\rundl132.exe,C:\WINDOWS\Installer\services.exe,> [N/A]點選編輯..刪除紅字部份.. Icesword程式..切換至File模式..依路徑找到下列檔案.. C:\WINDOWS\rundl132.exe> [] C:\WINDOWS\Config\svhost32.exe> [] C:\DOCUME~1\wu\LOCALS~1\Temp\mnso.exe> C:\Program Files\Windows Media Player\svchost.exe C:\WINDOWS\$hf_mig$\svhost32.exe C:\WINDOWS\rundl132.exe C:\WINDOWS\Installer\services.exe [C:\DOCUME~1\wu\LOCALS~1\Temp\5p.dll] [N/A, ] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [C:\DOCUME~1\wu\LOCALS~1\Temp\iwyavan.dll] [N/A, ] C:\PN300\---整個資料夾... 右鍵點選Delete刪除... SREng程式..切換至系統修復中的HOSTS文件分頁..找到.. 132.147.168.7 viphost 點選編輯..IP位址輸入127..0.0.1...主機名稱輸入localhost... 另外請問樓主一點.. 流覽器載入項 [PcubeSet Class] {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} <C:\WINDOWS\System32\P3Check.dll, (c) 請問你知道是什麼嗎? 提醒您..如果您的問題已經解決..請把標題更改為已解決.. 
[ 此文章被彗星風采在2007-07-29 22:27重新編輯 ]
|
|
|
x0
[3 樓]
From:臺灣中華電信HINET | Posted:2007-07-29 18:17 |
|
|
|
