微点交流论坛

标题: 加载DLL文件出错,是否病毒???? [打印本页]

作者: king-yn 时间: 2007-11-5 21:42 标题: 加载DLL文件出错,是否病毒????

如标题,电脑每次开机都会出现这个东东,而且一定要回车才能进入windows桌面
请大家帮帮忙,图片可能看不见,有附件

[ Last edited by king-yn on 2007-11-5 at 21:44 ]

附件 1: 444.jpg (2007-11-5 21:44, 13.31 K,下载次数： 66)

作者: Legend 时间: 2007-11-5 21:51
楼主可以在微点系统自启动信息中查找 el8rchkd.dll 的启动项，使用右键菜单将其清除即可。

作者: king-yn 时间: 2007-11-5 21:53
可是找不到呀,用了开机跳出广告也没去掉,用了冰刃,SERNG都没找到这个启动点在哪里

作者: Legend 时间: 2007-11-5 21:56
楼主可以把您的微点系统自启动信息导出，发到论坛上，我们协助您进行具体分析。

作者: king-yn 时间: 2007-11-5 21:57
好的,明白,

作者: king-yn 时间: 2007-11-18 21:34
程序名称启动方式程序说明全路径启动信息

crypt32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPT32CHAIN
cscdll.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CSCDLL
Fips.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fips.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FIPS
dmload.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmload.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMLOAD
7m00btku.sys 驱动其他软件 C:\WINDOWS\system32\drivers\7m00btku.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\7M00BTKU
redbook.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\redbook.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REDBOOK
ctfmon.exe 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CTFMON.EXE
ftdisk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ftdisk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTDISK
TDAtOnce_Now.dll Explorer插件迅雷 C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
bhoCATCH.dll Explorer插件其他软件文件不存在(C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll) HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}
safemon.dll Explorer插件 360安全卫士 C:\Program Files\360safe\safemon\safemon.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}
webclnt.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\webclnt.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBCLIENT
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
Mup.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mup.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MUP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000008\PACKEDCATALOGITEM
trkwks.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\trkwks.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TRKWKS
Flpydisk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\flpydisk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLPYDISK
isapnp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\isapnp.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPNP
dnsrslvr.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dnsrslvr.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE
pciide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pciide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIIDE
WPDShServiceObj.dll 系统直接调用微软 C:\WINDOWS\system32\WPDShServiceObj.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\WPDSHSERVICEOBJ
netbt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\netbt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT
dmio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMIO
rasacd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rasacd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASACD
KSecDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ksecdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KSECDD
rsvpsp.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000005\PACKEDCATALOGITEM
mp110007.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110007.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110007
Beep.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\beep.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BEEP
viaagp1.sys 驱动第三方支持软件 C:\WINDOWS\system32\drivers\VIAAGP1.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VIAAGP1
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WLBALLOON
webcheck.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\WEBCHECK
mp110003.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110003.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110003
PCIDump.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\PCIDump.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIDUMP
srsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\srsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRSERVICE
mp110013.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110013.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110013
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCSS
ipsec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ipsec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPSEC
Fs_Rec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fs_rec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FS_REC
PartMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\partmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARTMGR
intelide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\intelide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELIDE
stobject.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\SYSTRAY
ipnathlp.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\ipnathlp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS
viaide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\viaide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VIAIDE
lmhsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lmhsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS
logonui.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\logonui.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\UIHOST
fltMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fltMgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLTMGR
mrxsmb.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mrxsmb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXSMB
atapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\atapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATAPI
shsvcs.dll 服务 Microsoft Windows XP Professional

作者: king-yn 时间: 2007-11-18 21:37
C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\THEMES
dhcpcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dhcpcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000007\PACKEDCATALOGITEM
Cdaudio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdaudio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDAUDIO
lbrtfdc.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\lbrtfdc.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LBRTFDC
xfilt.sys 驱动其他软件 C:\WINDOWS\system32\drivers\xfilt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\XFILT
NDIS.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ndis.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDIS
aliide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\aliide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALIIDE
WS2IFSL.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ws2ifsl.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WS2IFSL
imapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\imapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPI
mp110002.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110002.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110002
WlNotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SENSLOGN
svchost.exe -k netsvcs 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\svchost.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\W32TIME
agp440.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\AGP440.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AGP440
mp110006.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110006.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110006
browseui.dll Explorer插件 Microsoft Windows XP Professional C:\WINDOWS\system32\browseui.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
afd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\afd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AFD
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG
Changer.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\Changer.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CHANGER
JAVASUP.VXD Vxd驱动其他软件 C:\WINDOWS\system32\javasup.vxd HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VXD\JAVASUP
ACPI.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\acpi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPI
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000002\PACKEDCATALOGITEM
cryptsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUGPLAY
intelppm.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\intelppm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELPPM
googletoolbar2.dll IE插件 Google c:\program files\Google\googletoolbar2.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
i8042prt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\i8042prt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT
fsvga.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fsvga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FSVGA
kbdhid.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\kbdhid.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDHID
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\POSTBOOTREMINDER
pci.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pci.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCI
ntsd.EXE 进程关联启动 Microsoft Windows XP Professional C:\WINDOWS\system32\ntsd.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\YOUR IMAGE FILE NAME HERE WITHOUT A PATH
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000010\PACKEDCATALOGITEM
WMIsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wbem\wmisvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMGMT
wzcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wzcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WZCSVC
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000006\PACKEDCATALOGITEM
cryptnet.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPTNET
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCCERTPROP
wscsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wscsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WSCSVC
disk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\disk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DISK
serial.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\serial.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERIAL
SkyTel.EXE 注册表启动组第三方支持软件 C:\WINDOWS\SkyTel.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SKYTEL
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\TERMSRV
Explorer.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL
VolSnap.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\volsnap.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VOLSNAP
schedsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\schedsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SCHEDULE
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCHEDULE
shsvcs.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHELLHWDETECTION
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\CDBURN
sr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SR
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTEDSTORAGE
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000011\PACKEDCATALOGITEM
IMSCMIG.EXE /Preload 注册表启动组 Microsoft Office C:\Program Files\Common Files\Microsoft Shared\IME\IMSC40A\IMSCMIG.EXE

作者: Legend 时间: 2007-11-18 21:38
请问你是否已全部导出？

作者: king-yn 时间: 2007-11-18 21:38
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\IMSCMIG
audiosrv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\audiosrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV
videX32.sys 驱动其他软件 C:\WINDOWS\system32\drivers\videX32.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VIDEX32
mp110010.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110010.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110010
mp110004.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110004.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110004
cdrom.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdrom.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDROM
SKNFW.sys 驱动天网防火墙 C:\WINDOWS\system32\drivers\SKNFW.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SKNFW
p3.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\p3.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\P3
RDPCDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rdpcdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDPCDD
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DCOMLAUNCH
kbdclass.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\kbdclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDCLASS
mp110008.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110008.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110008
MPSVC.exe 服务微点主动防御软件 C:\Program Files\Micropoint\MPSVC.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MPSVCSERVICE
Null.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\null.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NULL
sens.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\sens.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000003\PACKEDCATALOGITEM
wmp.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmp.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
srvsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\srvsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER
sclgntfy.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCLGNTFY
mp110001.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110001.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110001
rpfkv.sys 驱动其他软件 C:\WINDOWS\system32\drivers\rpfkv.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RPFKV
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000009\PACKEDCATALOGITEM
dmserver.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dmserver.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER
Npfs.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\npfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NPFS
tcpip.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\tcpip.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP
Sfloppy.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sfloppy.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SFLOPPY
mp110009.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110009.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110009
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000001\PACKEDCATALOGITEM
wkssvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wkssvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION
seclogon.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\seclogon.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SECLOGON
netbios.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\netbios.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS
browseui.dll Explorer插件 Microsoft Windows XP Professional C:\WINDOWS\system32\browseui.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER\{8C7461EF-2B13-11D2-BE35-3078302C2030}
cmdide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cmdide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CMDIDE
mp110011.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\mp110011.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110011
shell32.dll Explorer插件 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{AEB6717E-7E19-11D0-97EE-00C04FD91972}
mouclass.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mouclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUCLASS
Msfs.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\msfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSFS
ALCMTR.EXE 注册表启动组第三方支持软件 C:\WINDOWS\Alcmtr.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ALCMTR
MountMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mountmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUNTMGR
browser.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\browser.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER
wuauserv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wuauserv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SAMSS
UC 驱动其他软件文件不存在(D:\UC) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NPKCRYPT
vga.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\vga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VGASAVE
mnmdd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mnmdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MNMDD
rdbss.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rdbss.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDBSS
spoolsv.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\spoolsv.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPOOLER
i2omgmt.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\i2omgmt.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I2OMGMT
googletoolbar2.dll Explorer插件 Google c:\program files\Google\googletoolbar2.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AA58ED58-01DD-4D91-8333-CF10577473F7}
pfw.exe 注册表启动组其他软件 C:\Program Files\SkyNet\Firewall\PFW.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SKYNET PERSONAL FIREWALL
rsvpsp.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000004\PACKEDCATALOGITEM
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT
NOTEPAD.EXE %1 文件类型关联启动 Microsoft Windows XP Professional C:\WINDOWS\system32\notepad.exe HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND
xunleiBHO_Now.dll Explorer插件迅雷 C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{889D2FEB-5411-4565-8998-1DD2C5261283}
userinit.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\userinit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\USERINIT
termdd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\termdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TERMDD

作者: king-yn 时间: 2007-11-18 22:05
好了,搞定了,有这种问题的朋友可以借鉴下
http://forum.jiangmin.com/dispbb ... &star=2#1355044

作者: Legend 时间: 2007-11-18 22:09
你可以把在系统自启动信息中鼠标右键选择导出然后连同本贴连接一起发到support@micropoint.com.cn

作者: lotei 时间: 2007-11-19 00:08
dll动态库的加载可以有两种方向考虑
1.该dll文件写了自动启动信息或者主机其他进程随进程起来加载，这种情况一般使用微点的自启动信息即可找到对应dll文件的启动项。

2.该文件有另外模块加载，这种情况一般考虑是驱动，我们通过微点的自启动信息尝试找找有可能加载他的驱动文件即可

希望此思路能给楼主或者遇到这种情况的用户提供帮助！

作者: king-yn 时间: 2007-12-3 22:22
好的,谢谢楼主讲的这么详细

作者: gudan 时间: 2007-12-4 02:53
驱动加载exe只要打开起进程就ok了，加载dll不借助rundll32或其他exe不知道如何做到

作者: lotei 时间: 2007-12-4 22:29

Quote:

Originally posted by gudan at 2007-12-4 02:53:
驱动加载exe只要打开起进程就ok了，加载dll不借助rundll32或其他exe不知道如何做到

可以利用驱动文件（*.sys）调用LoadLibraryEx函数使用非常规方式，是可以完成对dll文件的加载的。但对dll文件的要求也比较苛刻。

[ Last edited by pioneer on 2007-12-5 at 15:01 ]

作者: gudan 时间: 2007-12-4 23:52
e

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn