瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 求救__在线等
yz96315 - 2007-4-14 8:44:00
昨天插了个U盘,结果我的电脑里盘里面的第一级文件夹看不到了,输如路径可以找到文件,文件夹的子文件夹正常显示.任务管理器打不开,说被管理员禁用了.用修复工具扫描说WINNT\SYSTEM\USERINI被修改...怎么办~
青林桥易 - 2007-4-14 8:51:00
用SRENG扫描传上来看一下.
yz96315 - 2007-4-14 8:57:00
【回复“青林桥易”的帖子】
[CODE]

2007-04-14,08:42:06

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Acrobat Assistant 7.0><"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,explorer.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [N/A]><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> D:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><H>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\yanzhen\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Stopped/Disabled]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[kavsvc / kavsvc][Running/Manual Start]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[Lookout Citadel Server / LkCitadelServer][Stopped/Auto Start]
  <C:\WINDOWS\system32\lkcitdl.exe><National Instruments, Inc.>
[National Instruments PSP Server Locator / lkClassAds][Running/Auto Start]
  <C:\WINDOWS\system32\lkads.exe><National Instruments, Inc.>
[National Instruments Time Synchronization / lkTimeSync][Running/Auto Start]
  <C:\WINDOWS\system32\lktsrv.exe><National Instruments, Inc.>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[National Instruments Domain Service / NIDomainService][Stopped/Auto Start]
  <"D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe"><N/A>
[NI Service Locator / niSvcLoc][Running/Auto Start]
  <C:\WINDOWS\system32\nisvcloc.exe -s><National Instruments Corp.>
[OfficeScanNT 实时扫描 / ntrtscan][Stopped/Auto Start]
  <C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe><Trend Micro Inc.>
[OfficeScanNT 个人防火墙 / OfcPfwSvc][Stopped/Auto Start]
  <C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe><Trend Micro Inc.>
[SavRoam / SavRoam][Stopped/Disabled]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><N/A>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Stopped/Disabled]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><N/A>
[OfficeScanNT 侦听程序 / tmlisten][Stopped/Auto Start]
  <><N/A>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>
孤独更可靠 - 2007-4-14 9:07:00
<Userinit><userinit.exe,explorer.exe> [(Verified)Microsoft Corporation]

这个注意下

按F3查找
explorer.exe

如果不是在C:\Windows\下的都删除...

怕误删的话,备份下

还有,被禁用的话...

在系统修复那里修复组策略..

SRENG操作方法:
http://hi.baidu.com/%B9%C2%B6%C0%B8%FC%BF%C9%BF%BF/blog/item/9025a818a7592ab44aedbc05.html
yz96315 - 2007-4-14 9:17:00
【回复“孤独更可靠”的帖子】
没有可以显示的结果呀
孤独更可靠 - 2007-4-14 9:21:00
那忽略
yz96315 - 2007-4-14 9:24:00
【回复“孤独更可靠”的帖子】
那怎么弄呀~~~救命呀~~
孤独更可靠 - 2007-4-14 9:29:00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><userinit.exe,explorer.exe> [(Verified)Microsoft Corporation]

这个编辑成:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><userinit.exe,> [(Verified)Microsoft Corporation]

注意,第一个Explorer.exe不用动它..

下面那个,吧后面的Explorer.exe去掉..同时保留userinit.exe后面的","(逗)号
编辑时候,直接输入userinit.exe,
然后点确定...

不要编辑错了..

PS:2.4的有自动修复功能
天月来了 - 2007-4-14 9:53:00
应该改为:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]

这样看着才舒服。习惯呢。
天月来了 - 2007-4-14 9:58:00
他的服务那么多,不知驱动怎样?

我看不到下面的驱动和正在运行的进程等。

日志后面部分都没看到。

难道又是卡卡的服务器忙???

1
查看完整版本: 求救__在线等
© 2000 - 2026 Rising Corp. Ltd.