微点交流论坛

标题: 微点无法干净杀掉这个木马 [打印本页]

作者: woodbug 时间: 2007-6-22 07:48 标题: 微点无法干净杀掉这个木马

木马Trojan-PSW.win32.Delf.eae

估计是浏览网页时,中了病毒. (靠,老子再也不用baidu搜索了)

电脑启动后,被微点检测到,提示删除

但是,再次启动,又会重复出现.

用kis6.0全盘扫描,无反映.

怎么办?

作者: Legend 时间: 2007-6-22 07:50
请楼主查看微点木马日志，木马程序具体由哪个程序生成？
您可以把您的木马日志贴出来，我们会协助您进行进一步分析处理。

作者: woodbug 时间: 2007-6-22 07:53
时间处理结果木马名称木马进程名木马文件创建者
2007-06-22 06:58:28 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\52VEEA1Z\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-21 19:50:19 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2ZFSD6IF\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-21 16:34:36 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\T3P63NBZ\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-21 12:35:47 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2DC46O12\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-20 18:31:50 处理成功 Trojan.Win32.Delf.awy C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2DC46O12\UPDATE[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-20 18:31:46 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2DC46O12\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-18 19:22:40 用户取消 Trojan-Proxy.Win32.Agent.uu D:\STARCRAFT\WUJIE81\无界浏览器8.1.EXE

作者: woodbug 时间: 2007-6-22 07:53
好象比较乱啊

我直接导出的

作者: Legend 时间: 2007-6-22 08:18
根据楼主贴出来的日志进行初步分析，您那里出现的Trojan-PSW.Win32.Delf.eae和Trojan.Win32.Delf.awy都属于因IE浏览器存在有漏洞，浏览包含有恶意代码的网页时便会被自动下载木马程序。不过木马程序已经都被微点处理掉了，请您放心使用。

对此，建议楼主使用微点漏洞扫描功能，为您的Windows系统修补安全漏洞，彻底杜绝此类问题。

作者: dsl5 时间: 2007-6-22 08:19
貌似IE被挟持,从后台连接一些站点下的木马,系统内可能另外存有病毒下载器,把IE进程的模块调出来给我们看看!还有,把全机的启动项都调出来看看!

作者: woodbug 时间: 2007-6-22 08:55
用微点扫了系统漏洞,有4个,但是好象没办法下载

不过用360安装了3个,还有1个windows media player的,还是没办法下载

重起后,微点还是扫到了木马

作者: woodbug 时间: 2007-6-22 08:58
这是启动项目：

程序名称启动方式程序说明全路径启动信息

Skdaemon.exe 开始菜单启动组其他软件 C:\Program Files\LEGEND\联想标准功能键盘驱动程序安装\Skdaemon.exe C:\Documents and Settings\All Users\「开始」菜单\程序\启动\联想键盘驱动程序.lnk
Windows.hta 开始菜单启动组其他软件 C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Windows.hta C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Windows.hta
remotesetup.exe 计划任务其他软件文件不存在(C:\DOCUME~1\user\LOCALS~1\Temp\remotesetup.exe) C:\WINDOWS\Tasks\DDD_Install_Program.job
start.hta 开始菜单启动组其他软件 C:\Documents and Settings\All Users\「开始」菜单\程序\启动\start.hta C:\Documents and Settings\All Users\「开始」菜单\程序\启动\start.hta
autoexec.bat 批处理文件其他软件 C:\AUTOEXEC.BAT
crypt32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPT32CHAIN
cscdll.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CSCDLL
Fips.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fips.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FIPS
klif.sys 驱动卡巴斯基安全软件 C:\WINDOWS\system32\drivers\klif.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KLIF
dmload.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmload.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMLOAD
redbook.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\redbook.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REDBOOK
vaxDLb.sys 驱动其他软件 C:\WINDOWS\system32\drivers\vaxDLb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VAXDLB
ctfmon.exe 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CTFMON.EXE
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000012\PACKEDCATALOGITEM
ftdisk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ftdisk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTDISK
IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\ime\IMJP8_1\imjpmig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\IMJPMIG8.1
viaagp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\VIAAGP.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VIAAGP
ndpiq.sys 驱动其他软件 C:\WINDOWS\system32\drivers\ndpiq.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDPIQ
webclnt.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\webclnt.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBCLIENT
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
Mup.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mup.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MUP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000008\PACKEDCATALOGITEM
trkwks.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\trkwks.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TRKWKS
isapnp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\isapnp.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPNP
dnsrslvr.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dnsrslvr.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE
pciide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pciide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIIDE
netbt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\netbt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT
dmio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMIO
rasacd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rasacd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASACD
KSecDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ksecdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KSECDD
rsvpsp.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000005\PACKEDCATALOGITEM
mp110007.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110007.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110007
Beep.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\beep.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BEEP
rem RunDll32 advpack.dll 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\360DISABLED\TV_ENUA
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WLBALLOON
webcheck.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\WEBCHECK
mp110003.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110003.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110003
realsched.exe -osboot 注册表启动组 RealPlayer C:\Program Files\Common Files\Real\Update_OB\realsched.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\TKBELLEXE
kldriver.exe 注册表启动组第三方支持软件 C:\Program Files\LEGEND\联想键盘驱动\Kldriver.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\LEGENDKBDRIVER
MSJDrvr.sys 驱动其他软件 C:\WINDOWS\system32\drivers\MSJDrvr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSJDRVR
PCIDump.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\PCIDump.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIDUMP
ersvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\ersvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC
srsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\srsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRSERVICE
mp110013.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110013.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110013
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCSS
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000017\PACKEDCATALOGITEM
CdaC15BA.SYS 驱动其他软件 C:\WINDOWS\system32\drivers\CdaC15BA.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDAC15BA
ipsec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ipsec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPSEC
Fs_Rec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fs_rec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FS_REC
TINTSETP.EXE /IMEName 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PHIME2002A

作者: woodbug 时间: 2007-6-22 08:58
PartMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\partmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARTMGR
intelide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\intelide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELIDE
stobject.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\SYSTRAY
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000015\PACKEDCATALOGITEM
ipnathlp.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\ipnathlp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS
viaide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\viaide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VIAIDE
logon.scr 屏幕保护 Microsoft Windows XP Professional C:\WINDOWS\system32\logon.scr HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP\SCRNSAVE.EXE
lmhsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lmhsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS
rem "D:\Program Files\Thunder Network\Thunder\Thunder.exe" /s 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\THUNDER
"\Program Files\Logonui\Logonui.exe" 系统直接调用其他软件系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\UIHOST
fltMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fltMgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLTMGR
mrxsmb.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mrxsmb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXSMB
atapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\atapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATAPI
shsvcs.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\THEMES
dhcpcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dhcpcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000007\PACKEDCATALOGITEM
Cdaudio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdaudio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDAUDIO
wdfmgr.exe 服务第三方支持软件 C:\WINDOWS\system32\wdfmgr.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\UMWDF
lbrtfdc.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\lbrtfdc.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LBRTFDC
NDIS.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ndis.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDIS
aliide.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\aliide.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALIIDE
imapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\imapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPI
mp110002.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110002.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110002
WlNotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SENSLOGN
w32time.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\w32time.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\W32TIME
mp110006.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110006.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110006
afd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\afd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AFD
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG
Changer.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\Changer.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CHANGER
JAVASUP.VXD Vxd驱动其他软件 C:\WINDOWS\system32\javasup.vxd HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VXD\JAVASUP
ACPI.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\acpi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPI
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000002\PACKEDCATALOGITEM
vaxDLs.sys 驱动第三方支持软件 C:\WINDOWS\system32\drivers\vaxDLs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VAXDLS
cryptsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUGPLAY
intelppm.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\intelppm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELPPM
p2psvr.exe 服务其他软件 C:\Program Files\Common Files\Sogou PXP\p2psvr.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\P4P SERVICE
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000018\PACKEDCATALOGITEM
googletoolbar2.dll IE插件其他软件 c:\program files\Google\googletoolbar2.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
i8042prt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\i8042prt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT
fsvga.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fsvga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FSVGA
kbdhid.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\kbdhid.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDHID
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\POSTBOOTREMINDER
pci.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pci.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCI
TosIde.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\TosIde.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TOSIDE
TGENotify.dll 系统直接调用其他软件 C:\WINDOWS\system32\TGENotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ZGNOTIFY

作者: woodbug 时间: 2007-6-22 08:59
ntsd.EXE 进程关联启动 Microsoft Windows XP Professional C:\WINDOWS\system32\ntsd.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\YOUR IMAGE FILE NAME HERE WITHOUT A PATH
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000010\PACKEDCATALOGITEM
amdk7.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\amdk7.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AMDK7
WMIsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wbem\wmisvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMGMT
wzcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wzcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WZCSVC
klogon.dll 系统直接调用卡巴斯基安全软件 C:\WINDOWS\system32\klogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\KLOGON
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000006\PACKEDCATALOGITEM
cryptnet.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPTNET
rem d:\Program Files\Thunder Network\WebThunder\WebThunder.exe 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\WEBTHUNDER
WebThunderBHO_Now.dll Explorer插件迅雷 d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{00000AAA-A363-466E-BEF5-9BB68697AA7F}
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCCERTPROP
pchsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPSVC
wscsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wscsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WSCSVC
rem RunDll32 advpack.dll 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\360DISABLED\LHTTSJPJ
disk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\disk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DISK
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000014\PACKEDCATALOGITEM
serial.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\serial.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERIAL
mdmxsdk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mdmxsdk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MDMXSDK
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\TERMSRV
Explorer.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL
VolSnap.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\volsnap.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VOLSNAP
schedsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\schedsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SCHEDULE
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCHEDULE
shsvcs.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHELLHWDETECTION
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\CDBURN
sr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SR
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTEDSTORAGE
sisagp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\SISAGP.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SISAGP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000011\PACKEDCATALOGITEM
audiosrv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\audiosrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV
mp110010.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110010.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110010
mp110004.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110004.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110004
cdrom.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdrom.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDROM
StormSet.dll 注册表启动组暴风影音 D:\Program Files\StormII\StormSet.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\STORM2SET
kl1.sys 驱动卡巴斯基安全软件 C:\WINDOWS\system32\drivers\kl1.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KL1
RDPCDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rdpcdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDPCDD
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DCOMLAUNCH
rem "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\STORMCODEC_HELPER
kbdclass.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\kbdclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDCLASS

作者: woodbug 时间: 2007-6-22 09:00
mp110008.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110008.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110008
MPSVC.exe 服务微点主动防御软件 d:\Program Files\Micropoint\MPSVC.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MPSVCSERVICE
Null.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\null.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NULL
sens.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\sens.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000003\PACKEDCATALOGITEM
wmp.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmp.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
srvsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\srvsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER
sclgntfy.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCLGNTFY
mp110001.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110001.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110001
MegaIDE.sys 驱动第三方支持软件 C:\WINDOWS\system32\drivers\MegaIDE.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MEGAIDE
dll.dll 系统直接调用其他软件 C:\WINDOWS\system32\DLL.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SKWINLOGON
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000009\PACKEDCATALOGITEM
CDAC11BA.EXE 服务其他软件 C:\WINDOWS\system32\drivers\CDAC11BA.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\C-DILLACDAC11BA
dmserver.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dmserver.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER
hidserv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\hidserv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HIDSERV
Npfs.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\npfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NPFS
tcpip.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\TCPIP.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP
Sfloppy.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sfloppy.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SFLOPPY
mp110009.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110009.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110009
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000001\PACKEDCATALOGITEM
wkssvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wkssvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION
seclogon.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\seclogon.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SECLOGON
netbios.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\netbios.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS
cmdide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cmdide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CMDIDE
mp110011.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110011.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110011
shell32.dll Explorer插件 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{AEB6717E-7E19-11D0-97EE-00C04FD91972}
mouclass.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mouclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUCLASS
rem d:\Program Files\herosoft\SuperPLAY3500\SysExplr.exe 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\SYSEXPLR
Msfs.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\msfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSFS
TINTSETP.EXE /SYNC 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PHIME2002ASYNC
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000013\PACKEDCATALOGITEM
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000016\PACKEDCATALOGITEM
regsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\regsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEREGISTRY
nwlnkspx.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\nwlnkspx.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKSPX
MountMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mountmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUNTMGR
browser.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\browser.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER
wuauserv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wuauserv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SAMSS
npkcrypt.sys 驱动 QQ C:\WINDOWS\system32\qqedit\npkcrypt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NPKCRYPT
vga.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\vga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VGASAVE
mnmdd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mnmdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MNMDD
rdbss.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rdbss.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDBSS
spoolsv.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\spoolsv.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPOOLER
secdrv.sys 驱动其他软件 C:\WINDOWS\system32\drivers\secdrv.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SECDRV
i2omgmt.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\i2omgmt.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I2OMGMT
nwlnkipx.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\nwlnkipx.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKIPX
googletoolbar2.dll Explorer插件其他软件 c:\program files\Google\googletoolbar2.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AA58ED58-01DD-4D91-8333-CF10577473F7}
rsvpsp.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000004\PACKEDCATALOGITEM
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT
notepad.exe %1 文件类型关联启动 Microsoft Windows XP Professional C:\WINDOWS\NOTEPAD.EXE HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND
nwlnknb.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\nwlnknb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKNB
userinit.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\userinit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\USERINIT
ParVdm.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\parvdm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARVDM
termdd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\termdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TERMDD

作者: Legend 时间: 2007-6-22 09:03
请楼主使用微点漏洞扫描后，点击在浏览器中打开，然后选择需要下载的补丁，点击链接下载后，安装这些补丁在测试一下！

作者: woodbug 时间: 2007-6-22 09:08
我发现有两个ie进程

其中一个下栽了木马

不过不知道怎么办

作者: Legend 时间: 2007-6-22 09:11
请楼主将微点目录下的mp6文件夹辅助到桌面，然后压缩发送到support@micropoint.com.cn中，在发送的时候附带本帖链接，方便我们及时跟踪解决，谢谢

作者: tomjohnjoan 时间: 2007-10-24 08:23
我也出现了类似的情形：
微点自启动信息
PCIDump.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\PCIDump.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIDUMP
lbrtfdc.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\lbrtfdc.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LBRTFDC
i2omgmt.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\i2omgmt.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I2OMGMT
Changer.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\Changer.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CHANGER

打开OPera浏览器浏览网页，五分钟后，系统提示Opera出现错误，需要关闭；再打开，然后又如此；过了几个小时，迅雷也莫名其妙的关闭，打不开了！

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn