微点交流论坛

标题: DNS中病毒了？ [打印本页]

作者: rige 时间: 2009-4-4 09:20 标题: DNS中病毒了？

各位高手，帮帮忙啊。
可能是中了病毒的原因，网页打不开了。其实网络是通的，qq可以上。网页如果是纯IP地址的网址也是可以上的，但是如果是域名比如www.163.com之类的就不得行。360查不出来，用了瑞星、金山、江民也杀不出来。想装卡巴呢，因为卡巴升级也是用的域名地址。所以升不了级也杀不了。我也用过离线升级包来升级江民和金山，可惜还是没办法啊。网卡驱动也卸载过在重新装驱动，还是没的法。各位高手有什么办法吗？在此先谢过了。
PS：不好重装系统的。

作者: snhao 时间: 2009-4-4 10:00
dns错误，请咨询你的网络提供商

作者: rige 时间: 2009-4-4 22:11
DNS没有错误啊，是局域网。其他机器用相同的DNS地址都可以上。

作者: gxdiyer 时间: 2009-4-5 15:09
用记事本打开系统盘\windows\system32\drivers\etc文件夹下的hosts文件（无扩展名），删除所有内容，只保留

127.0.0.1 localhost

这一条就可以了。
保存。

比如你在里面加一条：0.0.0.0 www.163.com
那你以后登录www.163.com就会变成访问0.0.0.0这个IP地址，无法访问了。
一些病毒会做这些事情，利用hosts文件把反病毒公司的网站或一些常用网站指向病毒网站的IP地址，导致打不开很多网站，反倒变成了访问病毒网页。
如果你的系统盘用的是NTFS格式，建议修改好此文件后，在安全属性里面添加一个everyone账户，将写的权限全部禁止，只保留读的权限，甚至完全拒绝访问应该也没有影响的。可以有效防止病毒修改此文件。

[ Last edited by gxdiyer on 2009-4-5 at 23:12 ]

作者: rige 时间: 2009-4-7 10:32
试过了，还是不得行。还是谢谢你

作者: 李莫愁 时间: 2009-4-7 10:39
试下用winsock修复下

作者: rige 时间: 2009-4-7 17:15
用360和超级兔子的winsock修复功能试过了，还是不行。
谢谢你

作者: 御剑临风 时间: 2009-4-7 20:25
请你的网管（或者网络供应商）前来查看一下

是否是线路以及配置原因

以及你的机器是不是使用了什么安全软件（杀毒软件）以及防火墙之类的

关闭了某些端口？！可以在访问规则以及配置里面查看是否有阻止！

作者: gxdiyer 时间: 2009-4-8 00:51
可能是你的网络连接属性当中的“TCP/IP协议”的属性当中的DNS服务器没有设置或错误？

附件 1: 23.jpg (2009-4-8 00:51, 170.21 K,下载次数： 62)

作者: rige 时间: 2009-4-8 10:41
呵呵，咱们微点论坛真团结啊，一求百应，先谢谢大家了。
应该不是防火墙端口的问题。没装防火墙，而且用IE的浏览器或者是火狐的浏览器都是同样的问题：直接输入IP地址可以访问，但是输入网址就不行。DNS设置也没问题，因为是局域网中的一台，DNS一直都没改过，其他机器的DNS也是这样设置的，其他机器都没问题。另外我用了最新版本的微点来扫描可疑程序，也没有发现。可恶的是，用网址就访问不了网站，所以包括微点在内的安全软件都没发注册，也没办法升级，杀毒也杀出来。

作者: 李莫愁 时间: 2009-4-8 10:54
额，那就难办了。。。。
如果只是为了访问网站，可以在CMD下ping那个域名，一般能得到对应IP，如果要注册。。。。。额。。。。我也有点晕了

作者: gxdiyer 时间: 2009-4-8 15:23
这还真麻烦！
建议请个微点的高手用QQ帮你远程协助检查一下，可能他们能发现问题。
建议求助超级版主Legend。

作者: rige 时间: 2009-4-8 17:17
呵呵，看来要总扛把子出手了。

作者: jaber 时间: 2009-4-8 17:36
用SRE扫一份日志上来瞧瞧，还有微点的系统自启动信息

上述文件传到网盘吧，目前论坛不支持附件RAR

作者: rige 时间: 2009-4-9 17:14
请问网盘指的是？

作者: rige 时间: 2009-4-10 08:54
刚用nslookup命令检测了下，DNS解析没问题啊，怎么就上不了网呢，用ip都可以访问的啊

作者: jaber 时间: 2009-4-10 09:00
用SRE扫一份日志上来瞧瞧，还有微点的系统自启动信息导出来传上来！

作者: rige 时间: 2009-4-10 10:31
好的这个是SRE
[CODE]

2009-04-10,09:36:53

System Repair Engineer 2.7.0.1210
Smallfrogs ([url]http://www.KZTechs.com)[/url]

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
<jiajiasr><E:\拼音加加\jj4\jiajiasr.exe>  [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
<run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
<RavTask><"c:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
<360Safetray><D:\Program Files\360\360Safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\SYSTEM32\USERINIT.EXE,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\user\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> F:\QQGame\Accel.exe [File is missing]><N>
[腾讯QQ]
  <C:\Documents and Settings\user\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\TENCENT\QQ\QQ.exe [TENCENT]><N>

==================================

作者: rige 时间: 2009-4-10 10:32
继续

服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[卡巴斯基反病毒6.0 / AVP][Stopped/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><(File is missing)>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Basic Service / kaccore][Stopped/Manual Start]
  <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[KDDelegateService / KDDelegateService][Stopped/Manual Start]
  <d:\K3ERP\KDDelegateService.exe><KINGDEE>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"c:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[Aero-Info PCI JScard / AIPCI_Device][Stopped/Manual Start]
  <System32\Drivers\AIPCI.sys><Your Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[dtscsi / dtscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><DT Soft Ltd.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\E:\QQ\npkcrypt.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[sptd / sptd][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[xAntiArpSpoof Service / xAntiArp][Stopped/Manual Start]
  <system32\DRIVERS\xAntiArp.sys><N/A>

==================================

作者: rige 时间: 2009-4-10 10:33
继续

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <, >
[]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, >
[]
  {0C7C23EF-A848-485B-873C-0ED954731014} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <E:\QQ\直辈播\QQLiveInstaller.dll, N/A>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[]
  {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <, >
[]
  {381FFDE8-2394-4F90-B10D-FC6124A40F8C} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <, >
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <D:\MICROS~1\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <, >
[]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <, >
[]
  {84920E5F-3788-49CD-A274-E365578DF174} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <d:\Program Files\360\360Safe\live.dll, (Signed) 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[]
  {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} <, >
[Qzone Media Tools]
  {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <C:\PROGRA~1\TENCENT\QQ\VQQPLA~1.OCX, (Signed) Tencent Technology (Shenzhen) Company Limited>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5805.77.(987).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} <, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <, >
[]
  {C95FE080-8F5D-11D2-A20B-00AA003C157B} <, >
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <, >
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, N/A>
[]
  {DEDEB80D-FA35-45D9-9460-4983E5A8AFE6} <, >
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <C:\Program Files\TENCENT\QQ\QzoneMusic.dll, 深圳腾讯科技>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.996.dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {EF1EA76E-5428-4e40-85A1-D4DD2893183A} <, >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5853.212.(987).dll, Xunlei Networking Technologies,LTD>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
  {FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <, >
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================

作者: rige 时间: 2009-4-10 10:34
最后部分

正在运行的进程
[PID: 648 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.1.411]
[PID: 792 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124 / SYSTEM][c:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[PID: 1140 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1364 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1568 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1800 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 580 / user][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 724 / user][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 720 / user][E:\拼音加加\jj4\jiajiasr.exe]  [加加工作组, 4, 0, 1, 36]
[PID: 144 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1712 / user][C:\WINDOWS\system32\WgaTray.exe]  [Microsoft Corporation, 1.7.0018.7]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 1832 / user][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 1112 / user][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 512 / user][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.672\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 328 / user][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.672\SRE516f189a.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.672\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [C:\WINDOWS\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1    localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1112, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 512, C:\DOCUME~1\USER\LOCALS~1\TEMP\RAR$EX00.672\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

作者: rige 时间: 2009-4-10 10:38
下面是微点的系统自启动信息

程序名称启动方式程序说明全路径启动信息

Accel.exe 开始菜单启动组其他软件 F:\QQGame\Accel.exe C:\Documents and Settings\user\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk
QQ.exe 开始菜单启动组腾讯软件 C:\Program Files\TENCENT\QQ\QQ.exe C:\Documents and Settings\user\「开始」菜单\程序\启动\腾讯QQ.lnk
autoexec.bat 批处理文件其他软件 C:\AUTOEXEC.BAT
crypt32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPT32CHAIN
cscdll.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CSCDLL
Fips.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fips.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FIPS
dmload.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmload.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMLOAD
redbook.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\redbook.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REDBOOK
ctfmon.exe 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CTFMON.EXE
Ravmond.exe 服务瑞星安全软件 C:\PROGRAM FILES\Rising\Rav\RavMonD.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RSRAVMON
ftdisk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ftdisk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTDISK
TDAtOnce_Now.dll Explorer插件迅雷 C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
RavTask.exe -system 注册表启动组瑞星安全软件 c:\Program Files\Rising\Rav\RavTask.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\RAVTASK
webclnt.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\webclnt.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBCLIENT
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
pchsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\UPLOADMGR
Mup.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mup.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MUP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000008\PACKEDCATALOGITEM
trkwks.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\trkwks.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TRKWKS
isapnp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\isapnp.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPNP
dnsrslvr.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dnsrslvr.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE
pciide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pciide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIIDE
MDM.EXE 服务微软 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MDM
netbt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\netbt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT
dmio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMIO
rasacd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rasacd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASACD
KSecDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ksecdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KSECDD
rsvpsp.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000005\PACKEDCATALOGITEM
mp110007.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110007.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110007
Beep.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\beep.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BEEP
jiajiasr.exe 注册表启动组加加输入法 E:\拼音加加\jj4\jiajiasr.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\JIAJIASR
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WLBALLOON
webcheck.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\WEBCHECK
mp110003.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110003.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110003
HookCont.sys 驱动瑞星安全软件 C:\WINDOWS\system32\drivers\HookCont.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HOOKCONT
avp.exe -r 服务其他软件文件不存在(C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVP
PCIDump.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\PCIDump.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIDUMP
ersvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\ersvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC
srsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\srsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRSERVICE
mp110013.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110013.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110013
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCSS
ipsec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ipsec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPSEC
Fs_Rec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fs_rec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FS_REC
PartMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\partmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARTMGR
stobject.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\SYSTRAY
ipnathlp.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\ipnathlp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS
lmhsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lmhsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS
logonui.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\logonui.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\UIHOST
fltMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fltMgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLTMGR
mrxsmb.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mrxsmb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXSMB
atapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\atapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATAPI
tcpip6.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\tcpip6.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP6
shsvcs.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\THEMES
dhcpcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dhcpcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000007\PACKEDCATALOGITEM
Cdaudio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdaudio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDAUDIO
lbrtfdc.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\lbrtfdc.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LBRTFDC

作者: rige 时间: 2009-4-10 10:38
继续

HookNtos.sys 驱动瑞星安全软件 C:\WINDOWS\system32\drivers\HookNtos.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HOOKNTOS
NDIS.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ndis.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDIS
ws2ifsl.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ws2ifsl.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WS2IFSL
imapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\imapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPI
mp110002.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110002.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110002
WlNotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SENSLOGN
w32time.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\w32time.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\W32TIME
mp110006.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110006.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110006
6to4svc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\6to4svc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\6TO4
browseui.dll Explorer插件 Microsoft Windows XP Professional C:\WINDOWS\system32\browseui.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
afd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\afd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AFD
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG
Changer.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\Changer.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CHANGER
ACPI.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\acpi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPI
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000002\PACKEDCATALOGITEM
cryptsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUGPLAY
intelppm.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\intelppm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELPPM
HookSys.sys 驱动瑞星安全软件 C:\WINDOWS\system32\drivers\HookSys.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HOOKSYS
i8042prt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\i8042prt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT
fsvga.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fsvga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FSVGA
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\POSTBOOTREMINDER
pci.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pci.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCI
ntsd.EXE 进程关联启动 Microsoft Windows XP Professional C:\WINDOWS\system32\ntsd.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\YOUR IMAGE FILE NAME HERE WITHOUT A PATH
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000010\PACKEDCATALOGITEM
WMIsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wbem\wmisvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMGMT
wzcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wzcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WZCSVC
klogon.dll 系统直接调用其他软件 C:\WINDOWS\system32\klogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\KLOGON
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000006\PACKEDCATALOGITEM
cryptnet.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPTNET
HookReg.sys 驱动瑞星安全软件 C:\WINDOWS\system32\drivers\HOOKREG.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HOOKREG
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCCERTPROP
WgaLogon.dll 系统直接调用微软 C:\WINDOWS\system32\WgaLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON
pchsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPSVC
wscsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wscsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WSCSVC
sptd.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\Drivers\sptd.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPTD
disk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\disk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DISK
serial.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\serial.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERIAL
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\TERMSRV
ipfltdrv.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ipfltdrv.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPFILTERDRIVER
Explorer.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL
VolSnap.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\volsnap.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VOLSNAP
schedsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\schedsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SCHEDULE
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCHEDULE
shsvcs.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHELLHWDETECTION
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\CDBURN
sr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SR
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTEDSTORAGE
sisagp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sisagp.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SISAGP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000011\PACKEDCATALOGITEM

作者: rige 时间: 2009-4-10 10:39
最后部分

rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\IMJPMIG8.1
audiosrv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\audiosrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV
mp110010.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110010.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110010
mp110004.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110004.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110004
rem "C:\Program Files\Messenger\msmsgs.exe" /background 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\MSMSGS
cdrom.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdrom.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDROM
nwwks.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\nwwks.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWCWORKSTATION
RDPCDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rdpcdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDPCDD
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DCOMLAUNCH
kbdclass.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\kbdclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDCLASS
mp110008.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110008.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110008
MPSVC.exe 服务微点主动防御软件 C:\Program Files\Micropoint\MPSVC.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MPSVCSERVICE
360Tray.exe /start 注册表启动组 360Safe D:\Program Files\360\360Safe\safemon\360tray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360SAFETRAY
Null.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\null.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NULL
sens.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\sens.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000003\PACKEDCATALOGITEM
wmp.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmp.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
srvsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\srvsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER
sclgntfy.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCLGNTFY
mp110001.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110001.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110001
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000009\PACKEDCATALOGITEM
dmserver.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dmserver.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER
Npfs.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\npfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NPFS
tcpip.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\tcpip.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP
Sfloppy.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sfloppy.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SFLOPPY
mp110009.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110009.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110009
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000001\PACKEDCATALOGITEM
wkssvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wkssvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION
seclogon.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\seclogon.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SECLOGON
netbios.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\netbios.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS
browseui.dll Explorer插件 Microsoft Windows XP Professional C:\WINDOWS\system32\browseui.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER\{8C7461EF-2B13-11D2-BE35-3078302C2030}
mp110011.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110011.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110011
mouclass.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mouclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUCLASS
safeboxTray.exe /r 注册表启动组 360安全软件 C:\Program Files\360Safebox\safeboxTray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360SAFEBOX
Msfs.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\msfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSFS
CCenter.exe 服务瑞星安全软件 c:\Program Files\Rising\Rav\CCenter.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RSCCENTER
regsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\regsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEREGISTRY
nwlnkspx.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\nwlnkspx.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKSPX
MountMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mountmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUNTMGR
browser.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\browser.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER
wuauserv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wuauserv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SAMSS
npkcrypt.sys 驱动其他软件文件不存在(E:\QQ\npkcrypt.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NPKCRYPT
vga.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\vga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VGASAVE
mnmdd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mnmdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MNMDD
rdbss.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rdbss.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDBSS
SafeBoxKrnl.sys 驱动 360安全软件 C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SAFEBOXKRNL
qmgr.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\qmgr.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
spoolsv.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\spoolsv.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPOOLER
i2omgmt.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\i2omgmt.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I2OMGMT
nwlnkipx.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\nwlnkipx.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKIPX
rsvpsp.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000004\PACKEDCATALOGITEM
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT
notepad.exe %1 文件类型关联启动 Microsoft Windows XP Professional C:\WINDOWS\notepad.exe HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND
nwlnknb.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\nwlnknb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKNB
xunleiBHO_Now.dll Explorer插件迅雷 C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{889D2FEB-5411-4565-8998-1DD2C5261283}
USERINIT.EXE 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\userinit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\USERINIT
ParVdm.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\parvdm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARVDM
termdd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\termdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TERMDD

作者: rige 时间: 2009-4-10 10:40
好像回复不能上传TXT文件，只好都发上来了，请各位见谅哦。
谢谢各位高手了

作者: 狙击virus 时间: 2009-4-10 11:39
SRE日志显示没有问题，但是你机器里安装的安全软件太多了。

瑞星，卡巴，微点都有，建议你卸载一些，不要安装太多的安全软件，初步怀疑是IE损坏，重新安装IE下吧！

作者: gxdiyer 时间: 2009-4-10 15:09
杀毒软件装的够多的。

作者: rige 时间: 2009-4-10 15:10
瑞星是垃圾，病毒一来，自己就先挂了。现在想卸载都不行，卸载程序都找不到了。卡巴是老版本的6.0，可能是很久以前的装的了，也卸载不了。现在就只有微点。
IE损坏也有可能，但是我装了火狐，用火狐也不行。

作者: gxdiyer 时间: 2009-4-10 15:41

Quote:

Originally posted by rige at 2009-4-10 15:10:
瑞星是垃圾，病毒一来，自己就先挂了。现在想卸载都不行，卸载程序都找不到了。卡巴是老版本的6.0，可能是很久以前的装的了，也卸载不了。现在就只有微点。
IE损坏也有可能，但是我装了火狐，用火狐也不行。

其实卸载这些程序也好简单的，既然它们两个都不能用了，为什么还要让它们自动运行呢？把它们的文件夹改名然后重新启动计算机，再删除；或者用金山清理专家中的文件粉碎机（这工具好厉害的）把整个文件夹粉碎删除，对于drivers下面的驱动文件也可效仿此法。不过对于注册表中的无用垃圾信息就很麻烦了。有安装程序的话，建议先重新安装一下它们（新旧都可），然后再卸载。

[ Last edited by gxdiyer on 2009-4-10 at 22:47 ]

作者: rige 时间: 2009-4-13 08:38
卸载了，但是问题还是没有解决啊

作者: images 时间: 2009-4-13 08:53
另一种投机取巧的方法：
反其道而行之，把你暂时需要访问的网站域名手动解析，输入到你的hosts文件中，这样暂时应该就可以正常访问了，然后继续你的操作，该卸载的卸载，该升级的升级，试试看吧。
ip地址域名

作者: images 时间: 2009-4-13 08:57
另外你原来是否安装过什么代理软件，并设置过代理服务器之类的，因为有些代理软件你设置后，由于某些原因卸载不干净，也会造成你的现象。如果安装过建议重新安装下相同的软件，并更改下设置。

作者: rige 时间: 2009-4-13 11:05

Quote:

Originally posted by images at 2009-4-13 08:57:
另外你原来是否安装过什么代理软件，并设置过代理服务器之类的，因为有些代理软件你设置后，由于某些原因卸载不干净，也会造成你的现象。如果安装过建议重新安装下相同的软件，并更改下设置。

没有装过代理软件

作者: rige 时间: 2009-4-13 11:08

Quote:

Originally posted by images at 2009-4-13 08:53:
另一种投机取巧的方法：
反其道而行之，把你暂时需要访问的网站域名手动解析，输入到你的hosts文件中，这样暂时应该就可以正常访问了，然后继续你的操作，该卸载的卸载，该升级的升级，试试看吧。
ip地址域名

呵呵，不太实用。因为平时上网要点很多链接啊。在说杀毒软件也要升级啊，搞不清楚杀毒软件升级服务器的链接啊

作者: 狙击virus 时间: 2009-4-13 11:53
检查IE的代理设置，看是否有设置

另外  开始-运行 ipconfig/all

  看看你的DNS服务器

  检查一下是否设置正确

作者: gxdiyer 时间: 2009-4-13 15:44
可以直接联系微点的在线管理员(QQ：383154254、466248167)，这个QQ号是超级版主Legend给的，可以放心。
这么久了，还没有解决用QQ的远程协助看一下吧。

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn