引用 | 編輯
雲之森
2007-07-21 00:28 |
樓主
▼ |
||
x0
在下今天借了公司某人的筆電使用有使用到需要連上線並輸入密碼的網頁 想到說那台筆電很久沒整理了就索性連上線上掃毒網站掃一下 (我是去EWIDO那掃毒的) 掃出來的項目只會讓我嚇死而已 逼近上百的蠕蟲跟木馬 其中有一項是我重覆掃了三四次都除不掉的 想說來此請教各位大大們 這個毒該怎麼解才好 只列出一個案例 因為其他的都只是數字改變 病毒名稱 trojan.magania.oh 後方的病毒位置參數 [1134] VM_00370000 像以上的這種參數項目一大堆 但是名稱都是trojan.magania.oh (我知道這是木馬 但是是哪一種類型的就沒經驗了_) 有人能指教一下這怎解決嗎? 在此先感謝了 x0
|
引用 | 編輯
雲之森
2007-07-29 14:42 |
2樓
▲ ▼ |
附帶說明這是NB的 並不是個人桌上電腦
複製程式 2007-07-27,18:22:27 System Repair Engineer 2.5.16.900 Smallfrogs ([url]http://www.KZTechs.com[/url]) Windows XP Home Edition (Build 2600) - 管理許可權用戶 - 完整功能 以下內容被選中: 所有的啟動項目(包括註冊表、開機檔案夾、服務等) 流覽器載入項 正在運行的進程(包括進程模組資訊) 文件關聯 Winsock 提供者 Autorun.inf HOSTS 文件 進程特權掃描 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher] <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher] <ccApp><C:\Program Files\Common Files\Symantec Shared\ccApp.exe> [(Verified)Symantec Corporation, L=Santa Monica, S=California, C=US] <ccRegVfy><C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe> [(Verified)Symantec Corporation, L=Santa Monica, S=California, C=US] <Hcontrol><C:\WINDOWS\Hcontrol.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""] <CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync> [(Verified)Microsoft Corporation] <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync> [(Verified)Microsoft Corporation] <ryy><C:\WINDOWS\rundl132.exe> [] <fzg><C:\WINDOWS\Config\svhost32.exe> [] <mnsa><C:\DOCUME~1\wu\LOCALS~1\Temp\mnso.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,C:\WINDOWS\$hf_mig$\svhost32.exe,C:\WINDOWS\rundl132.exe,C:\WINDOWS\Installer\services.exe,> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] <Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] ================================== 開機檔案夾 [Microsoft Office OneNote 2003 快速啟動] <C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Microsoft Office OneNote 2003 快速啟動.lnk --> C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [Microsoft Corporation]><N> [Adobe Reader Speed Launch] <C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N> ================================== 服務 [Application Management / AppMgmt][Stopped/Manual Start] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A> [Symantec Event Manager / ccEvtMgr][Running/Auto Start] <C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe><Symantec Corporation> [Symantec Password Validation Service / ccPwdSvc][Stopped/Manual Start] <C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe><Symantec Corporation> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Norton AntiVirus 自動防護服務 / navapsvc][Running/Auto Start] <"C:\Program Files\Norton AntiVirus\navapsvc.exe"><Symantec Corporation> [ScriptBlocking Service / SBService][Stopped/Auto Start] <C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation> ================================== 驅動程式 [ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start] <System32\DRIVERS\ATKACPI.sys><ASUSTek COMPUTER INC.> [NAVENG / NAVENG][Running/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041117.006\NAVENG.Sys><Symantec Corporation> [NAVEX15 / NAVEX15][Running/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041117.006\NavEx15.Sys><Symantec Corporation> [NSC Infrared Device Driver / NSCIRDA][Running/Manual Start] <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation> [直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start] <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [SAVRT / SAVRT][Running/Manual Start] <\??\C:\WINDOWS\System32\Drivers\SAVRT.SYS><Symantec Corporation> [SAVRTPEL / SAVRTPEL][Running/Auto Start] <\??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS><Symantec Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <System32\DRIVERS\secdrv.sys><N/A> [SIS AGP Bus Filter / sisagp][Running/Boot Start] <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation> [SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start] <System32\DRIVERS\sisnic.sys><SiS Corporation> [SymEvent / SymEvent][Running/Manual Start] <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation> [SYMREDRV / SYMREDRV][Running/Manual Start] <\??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS><Symantec Corporation> [SYMTDI / SYMTDI][Running/Auto Start] <\??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS><Symantec Corporation> [kingxx / kingxx][Running/] <2 - 系統找不到指定的檔案。 ><N/A> ================================== 流覽器載入項 [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [CNavExtBho Class] {BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation> [Create Mobile Favorite] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation> [Create Mobile Favorite] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation> [參考資料(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [Norton AntiVirus] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation> [收音機(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [ewidoOnlineScan Control] {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.> [PcubeSet Class] {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} <C:\WINDOWS\System32\P3Check.dll, (c) PeeringPortal> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [PopCapLoader Object] {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} <C:\WINDOWS\Downloaded Program Files\popcaploader.dll, N/A> [匯出至 Microsoft Excel(&X)] <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A> ================================== 正在運行的進程 [PID: 460 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 548 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 592 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 604 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 772 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 844 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 972 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1036 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1200 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 1.00.37] [C:\WINDOWS\system32\ccTrust.dll] [Symantec Corporation, 1.00.22] [C:\WINDOWS\system32\SYMSTORE.dll] [Symantec Corporation, 4.7.1.2] [C:\PROGRA~1\NORTON~1\NAVEvent.dll] [Symantec Corporation, 9.05.1015] [C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvt.dll] [Symantec Corporation, 1.00.104] [PID: 1344 / wu][C:\WINDOWS\rundl132.exe] [N/A, ] [C:\DOCUME~1\wu\LOCALS~1\Temp\5p.dll] [N/A, ] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [PID: 1372 / wu][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [C:\DOCUME~1\wu\LOCALS~1\Temp\mnso0.dll] [N/A, ] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\Program Files\Norton AntiVirus\NavShExt.dll] [Symantec Corporation, 9.05.15] [C:\WINDOWS\System32\ccTrust.dll] [Symantec Corporation, 1.00.22] [PID: 1524 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [PID: 1656 / SYSTEM][C:\Program Files\Norton AntiVirus\navapsvc.exe] [Symantec Corporation, 9.05.1015] [C:\Program Files\Norton AntiVirus\SavRT32.dll] [Symantec Corporation, 9.0.1.36] [PID: 1868 / wu][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 1.00.104] [C:\WINDOWS\System32\SYMSTORE.dll] [Symantec Corporation, 4.7.1.2] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 1.00.104] [C:\WINDOWS\System32\SYMREDIR.dll] [Symantec Corporation, 4.7.1.2] [C:\PROGRA~1\COMMON~1\SYMANT~1\ccErrDsp.DLL] [Symantec Corporation, 1.00.104] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DLL] [Symantec Corporation, 1.00.104] [C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvt.DLL] [Symantec Corporation, 1.00.104] [C:\WINDOWS\System32\ccTrust.dll] [Symantec Corporation, 1.00.22] [C:\PROGRA~1\NORTON~1\CCIMSCAN.DLL] [Symantec Corporation, 9.05.1015] [C:\PROGRA~1\NORTON~1\DEFALERT.DLL] [Symantec Corporation, 9.05.15] [C:\PROGRA~1\NORTON~1\NAVAPW32.DLL] [Symantec Corporation, 9.05.1015] [C:\WINDOWS\System32\ccPasswd.DLL] [Symantec Corporation, 1.00.104] [C:\PROGRA~1\NORTON~1\apwutil.dll] [Symantec Corporation, 9.05.1015] [C:\PROGRA~1\NORTON~1\SavRT32.dll] [Symantec Corporation, 9.0.1.36] [C:\Program Files\Norton AntiVirus\apwcmdnt.dll] [Symantec Corporation, 9.05.1015] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [C:\Program Files\Norton AntiVirus\NavEmail.dll] [Symantec Corporation, 9.05.1015] [PID: 1900 / wu][C:\WINDOWS\Hcontrol.exe] [ASUSTeK COMPUTER INC., 1043, 2, 15, 12] [C:\WINDOWS\inter_f2.dll] [ASUSTeK, 1043, 2, 15, 12] [C:\WINDOWS\AEIWLIOC.dll] [Actiontec Electronics, Inc, 1.07.01] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [PID: 1948 / wu][C:\WINDOWS\rundl132.exe] [N/A, ] [C:\DOCUME~1\wu\LOCALS~1\Temp\5p.dll] [N/A, ] [PID: 1956 / wu][C:\WINDOWS\Config\svhost32.exe] [N/A, ] [C:\DOCUME~1\wu\LOCALS~1\Temp\iwyavan.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [PID: 1980 / wu][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [PID: 1988 / wu][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.0.0812.00] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [C:\DOCUME~1\wu\LOCALS~1\Temp\mnso0.dll] [N/A, ] [PID: 2016 / wu][C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE] [Microsoft Corporation, 11.0.5601] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [PID: 244 / wu][C:\WINDOWS\ATKOSD.exe] [ASUSTeK COMPUTER INC., 1043, 2, 15, 12] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [PID: 1304 / wu][C:\PN300\bin\Pn3Tel.exe] [N/A, ] [C:\PN300\BIN\PnPrt32.dll] [N/A, ] [C:\PN300\BIN\PnTelTw2.dll] [Pacific Data Products Inc., 3.01.950] [C:\PN300\BIN\PNSUP.DLL] [N/A, ] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [C:\DOCUME~1\wu\LOCALS~1\Temp\mnso0.dll] [N/A, ] [PID: 1280 / wu][C:\PN300\BIN\Survey2.exe] [N/A, ] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [PID: 1888 / wu][C:\Documents and Settings\wu\桌面\sreng2系統檢測修復程式\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\Documents and Settings\wu\桌面\sreng2系統檢測修復程式\Lang\1028.DLL] [System Repair Engineer, 2.5.16.900] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [C:\DOCUME~1\wu\LOCALS~1\Temp\mnso0.dll] [N/A, ] [C:\Documents and Settings\wu\桌面\sreng2系統檢測修復程式\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 132.147.168.7 viphost ================================== 進程特權掃描 特殊特權被允許: SeLoadDriverPrivilege [PID = 548, C:\WINDOWS\SYSTEM32\WINLOGON.EXE] 特殊特權被允許: SeDebugPrivilege [PID = 1344, C:\WINDOWS\RUNDL132.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 1948, C:\WINDOWS\RUNDL132.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 1956, C:\WINDOWS\CONFIG\SVHOST32.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 1304, C:\PN300\BIN\PN3TEL.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 1280, C:\PN300\BIN\SURVEY2.EXE] ================================== API HOOK N/A ================================== 隱藏進程 N/A ================================== 問題不知出在哪? 所以來請先進們討論指教一下 初步是想說會不會是被利用到微軟的安全更新漏洞 還是有什麼東西再一直傳播@@ x0 |
引用 | 編輯
彗星風采
2007-07-29 18:17 |
3樓
▲ ▼ |
看來問題還真不少..
請參考以下.. 需要工具..SREng..Icesword 關閉系統還原..清理所有IE暫存..進入安全模式.. SREng程式..切換至啟動專案中的註冊表分頁..找到下列.. 啟動專案 註冊表 <ryy><C:\WINDOWS\rundl132.exe> [] <fzg><C:\WINDOWS\Config\svhost32.exe> [] <mnsa><C:\DOCUME~1\wu\LOCALS~1\Temp\mnso.exe> [] 點選刪除..按下是即可刪除.. SREng程式..切換至啟動專案中的註冊表分頁..找到下列.. 啟動專案 註冊表 <Userinit><C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,C:\WINDOWS\$hf_mig$\svhost32.exe,C:\WINDOWS\rundl132.exe,C:\WINDOWS\Installer\services.exe,> [N/A] 點選編輯..刪除紅字部份.. Icesword程式..切換至File模式..依路徑找到下列檔案.. C:\WINDOWS\rundl132.exe> [] C:\WINDOWS\Config\svhost32.exe> [] C:\DOCUME~1\wu\LOCALS~1\Temp\mnso.exe> C:\Program Files\Windows Media Player\svchost.exe C:\WINDOWS\$hf_mig$\svhost32.exe C:\WINDOWS\rundl132.exe C:\WINDOWS\Installer\services.exe [C:\DOCUME~1\wu\LOCALS~1\Temp\5p.dll] [N/A, ] [C:\WINDOWS\System32\dlyy.dll] [N/A, ] [C:\WINDOWS\System32\dllf.dll] [N/A, ] [C:\DOCUME~1\wu\LOCALS~1\Temp\iwyavan.dll] [N/A, ] C:\PN300\---整個資料夾... 右鍵點選Delete刪除... SREng程式..切換至系統修復中的HOSTS文件分頁..找到.. 132.147.168.7 viphost 點選編輯..IP位址輸入127..0.0.1...主機名稱輸入localhost... 另外請問樓主一點.. 流覽器載入項 [PcubeSet Class] {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} <C:\WINDOWS\System32\P3Check.dll, (c) 請問你知道是什麼嗎? 提醒您..如果您的問題已經解決..請把標題更改為已解決.. x0 |