微点交流论坛

标题: 想问各大高手一个问题! [打印本页]

作者: mimg11 时间: 2009-1-5 19:27 标题: 想问各大高手一个问题!

今天中病毒了,很牛X,封锁安全模式,禁用所有用户权利,盗取上网密码.把所有杀软全部杀掉微点也是!这是什么东西???最新出的超级火星变态无敌病毒??本人菜鸟一个,请高手指点!

作者: Legend 时间: 2009-1-5 19:32
具体我们需要根据分析才能确定，希望您能协助我们，将您提到的程序文件压缩后，发送到virus@micropoint.com.cn我们分析看看。

来信的话请在信中附上这个帖子的网址，方便帮您查收处理。

作者: mimg11 时间: 2009-1-5 19:32
刚就发过去了~~~您在分析呢吗?

作者: Legend 时间: 2009-1-5 19:33
您发送到我们的哪个邮箱了？
您的邮箱地址是？（请通过论坛短消息告诉我，谢谢）

作者: mimg11 时间: 2009-1-5 19:45
已经发出,请查收

作者: zhanguomoushi 时间: 2009-1-5 19:46
这么厉害？
严重关注中。。。

希望能知道结果。
不知道事先装了微点会怎么样。

作者: Legend 时间: 2009-1-5 19:47

Quote:

Originally posted by mimg11 at 2009-1-5 19:45:
已经发出,请查收

您的邮件地址我们已经收到，我们会尽快查收，收到后会尽快分析并回复您结果的。

作者: mimg11 时间: 2009-1-5 19:55
需要本人再用虚拟机再重现一下病毒症状吗?

作者: 燕赵之士 时间: 2009-1-5 20:17
密切关注此病毒

作者: mimg11 时间: 2009-1-5 20:32
版主先生有分析结果了么?

作者: mimg11 时间: 2009-1-5 20:33
据最不完全统计,此病毒在一个晚上往我机器里下了121个病毒...?(注:用金山在另外一个系统里查的)

作者: wsmurderer 时间: 2009-1-5 20:39
关注ing！

作者: wsmurderer 时间: 2009-1-5 20:40
能搞个样本来玩么？

作者: mimg11 时间: 2009-1-5 20:43
我现在用虚拟机实验下病毒,得出结果就发~~

作者: mimg11 时间: 2009-1-5 20:45
咋提样本哦...?把金山的杀毒记录给你看看?

作者: wsmurderer 时间: 2009-1-5 20:48
加密压缩就行了

作者: wsmurderer 时间: 2009-1-5 20:49
密码：virus
发到微点邮箱了吗
virus@micropoint.com.cn

作者: wsmurderer 时间: 2009-1-5 20:51
你是安装微点前中了还是安装后啊？

作者: mimg11 时间: 2009-1-5 20:51
发了,但是那似乎只是微点主动防御找出来的东东....搞不明白...

作者: wsmurderer 时间: 2009-1-5 20:53
没找到老大，找到些小喽啰？

作者: mimg11 时间: 2009-1-5 20:53
病毒是安装前中的,后面才找的微点,但是装上了用不了!所以我又把微点装在了这台机器的另外一个系统里!

作者: mimg11 时间: 2009-1-5 20:55
时间处理结果木马名称木马进程名木马文件创建者
2009-01-05 17:14:44 处理成功未知间谍软件 F:\极品飞车12 GAME\PLAYNFS12.EXE
2009-01-05 16:24:21 处理成功未知木马 D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\KAV2407.TMP C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KAV32.EXE
2009-01-05 14:29:32 延时删除未知木马 D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\KAV2350.TMP C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KAV32.EXE
2009-01-05 14:18:56 处理成功未知木马 C:\PROGRAM FILES\PPLIVEVA\DOWNLOADERMANAGER.DLL
2009-01-05 14:18:49 处理成功未知木马 C:\PROGRAM FILES\PPLIVEVA\DOWNLOADERMANAGER.DLL
2009-01-05 14:18:33 处理成功未知木马 C:\PROGRAM FILES\KSM1.0.70\KSMSVC.EXE
2009-01-05 12:05:12 延时删除未知木马 C:\WINDOWS\SYSTEM32\50AEA9CD.DLL
2009-01-05 12:01:54 延时删除未知木马 C:\WINDOWS\SYSTEM32\4C37FBA3.DLL

时间处理结果病毒名称病毒进程名病毒文件创建者
2009-01-05 14:21:48 处理成功未知病毒 D:\WINDOWS\TEMP\WINIPSEC.DLL E:\木马端口封杀.EXE
2009-01-05 14:21:48 处理成功未知病毒 D:\WINDOWS\TEMP\POLSTORE.DLL E:\木马端口封杀.EXE
2009-01-05 14:21:48 处理成功未知病毒 D:\WINDOWS\TEMP\IPSECCMD.EXE E:\木马端口封杀.EXE
2009-01-05 14:21:48 处理成功未知病毒 E:\木马端口封杀.EXE
这是记录,但是里面似乎有几个是误杀?

作者: wsmurderer 时间: 2009-1-5 20:56
哦，那就怪不到微点了，微点重在预防。而且病毒会阻止微点安装

作者: mimg11 时间: 2009-1-5 20:57
难道中毒了只能重装系统么...?但是我重装系统后好象还有点问题哦~~必须用无敌绝招-----格式化硬盘?

作者: wsmurderer 时间: 2009-1-5 20:58
病毒也可能感染正常程序啊

作者: mimg11 时间: 2009-1-5 21:01
确实....发现现在杀毒软件全部是被杀的....

作者: wsmurderer 时间: 2009-1-5 21:04
下个大蜘蛛绿色版扫一下
Dr.Web出品免费工具Dr.Web CureIt!（官方中文绿色版）
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

作者: wsmurderer 时间: 2009-1-5 21:04
不用安装的

作者: mimg11 时间: 2009-1-5 21:07
我用下~请稍后

作者: mimg11 时间: 2009-1-5 21:15

Quote:

Originally posted by wsmurderer at 2009-1-5 21:04:
下个大蜘蛛绿色版扫一下
Dr.Web出品免费工具Dr.Web CureIt!（官方中文绿色版）
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

"Errors encountered while performing the operation Look at the information window for more details"啥情况?

作者: wsmurderer 时间: 2009-1-5 21:22
完了，不妙，被阻止了，先用微点清理一下不正常的开机自启动项，重启再杀

作者: mimg11 时间: 2009-1-5 21:28
什么叫不正常...?请指出!

作者: wsmurderer 时间: 2009-1-5 21:31
:lol:那就要你自己判断了，我又不能帮你

作者: mimg11 时间: 2009-1-5 21:32
程序名称启动方式程序说明全路径启动信息

crypt32.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPT32CHAIN
cscdll.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CSCDLL
Fips.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\fips.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FIPS
dmload.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\dmload.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMLOAD
EAZTray.exe 注册表启动组雨过天晴电脑保护系统 D:\Program Files\Yuguo\EAZTRAY.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\YUGUO
redbook.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\redbook.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REDBOOK
--defaults-file=C:\shuya\mysql\my.ini shuya_mysql 服务 mysql C:\shuya\mysql\bin\mysqld-nt.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHUYA_MYSQL
ctfmon.exe 注册表启动组 Microsoft Windows XP Professional D:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CTFMON.EXE
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000012\PACKEDCATALOGITEM
ftdisk.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\ftdisk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTDISK
webclnt.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\webclnt.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBCLIENT
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional D:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
Mup.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\mup.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MUP
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000008\PACKEDCATALOGITEM
trkwks.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\trkwks.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TRKWKS
isapnp.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\isapnp.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPNP
dnsrslvr.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\dnsrslvr.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE
pciide.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\pciide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIIDE
WPDShServiceObj.dll 系统直接调用微软 D:\WINDOWS\system32\WPDShServiceObj.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\WPDSHSERVICEOBJ
ShareGuard.exe -service 服务其他软件 C:\shuya\shareguard\ShareGuard.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHUYA_SHAREGUARD
netbt.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\netbt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT
NvCpl.dll 注册表启动组其他软件 D:\WINDOWS\system32\nvcpl.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NVCPLDAEMON
dmio.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\dmio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMIO
rasacd.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\rasacd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASACD
KSecDD.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\ksecdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KSECDD
rsvpsp.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000005\PACKEDCATALOGITEM
mp110007.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110007.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110007
AST.exe -min 注册表启动组超级巡警 C:\Program Files\ast\AST.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ANTI-SPY TOOLS
Beep.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\beep.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BEEP
HDeck.exe 1 注册表启动组其他软件 D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HDAUDDECK
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WLBALLOON
webcheck.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\WEBCHECK
mp110003.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110003.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110003
srsvc.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\srsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRSERVICE
mp110013.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110013.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110013
rpcss.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCSS
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000017\PACKEDCATALOGITEM
ipsec.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\ipsec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPSEC
Fs_Rec.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\fs_rec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FS_REC
PartMgr.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\partmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARTMGR
stobject.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\SYSTRAY
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000015\PACKEDCATALOGITEM
ipnathlp.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\ipnathlp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS
logon.scr 屏幕保护 Microsoft Windows XP Professional D:\WINDOWS\system32\logon.scr HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP\SCRNSAVE.EXE
lmhsvc.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\lmhsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS
logonui.exe 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\logonui.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\UIHOST
fltMgr.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\fltMgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLTMGR
mrxsmb.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\mrxsmb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXSMB
atapi.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\atapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATAPI
dimsntfy.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\dimsntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\DIMSNTFY
shsvcs.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\THEMES
dhcpcsvc.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\dhcpcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000007\PACKEDCATALOGITEM
Cdaudio.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\cdaudio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDAUDIO
lbrtfdc.sys 驱动其他软件文件不存在(D:\WINDOWS\System32\DRIVERS\lbrtfdc.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LBRTFDC
NDIS.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\ndis.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDIS
WS2IFSL.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\ws2ifsl.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WS2IFSL

作者: wsmurderer 时间: 2009-1-5 21:32
找微点客服的qq，叫他们帮你远程搞定

作者: mimg11 时间: 2009-1-5 21:32
imapi.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\imapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPI
mp110002.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110002.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110002
Shield.sys 驱动雨过天晴电脑保护系统 D:\WINDOWS\system32\drivers\Shield.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHIELD
WlNotify.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SENSLOGN
w32time.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\w32time.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\W32TIME
mp110006.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110006.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110006
browseui.dll Explorer插件 Microsoft Windows XP Professional D:\WINDOWS\system32\browseui.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
afd.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\afd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AFD
services.exe 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG
shdserv.exe 服务雨过天晴电脑保护系统 D:\Program Files\Yuguo\SHDSERV.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHDSERV
Changer.sys 驱动其他软件文件不存在(D:\WINDOWS\System32\DRIVERS\Changer.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CHANGER
JAVASUP.VXD Vxd驱动其他软件 D:\WINDOWS\system32\javasup.vxd HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VXD\JAVASUP
ACPI.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\acpi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPI
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000002\PACKEDCATALOGITEM
cryptsvc.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\cryptsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC
services.exe 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUGPLAY
shieldm.sys 驱动雨过天晴电脑保护系统 D:\WINDOWS\system32\drivers\Shieldm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHIELDM
intelppm.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\intelppm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELPPM
i8042prt.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\i8042prt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT
fsvga.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\fsvga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FSVGA
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\POSTBOOTREMINDER
pci.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\pci.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCI
ntsd.EXE 进程关联启动 Microsoft Windows XP Professional D:\WINDOWS\system32\ntsd.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\YOUR IMAGE FILE NAME HERE WITHOUT A PATH
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000010\PACKEDCATALOGITEM
WMIsvc.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\wbem\wmisvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMGMT
wzcsvc.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\wzcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WZCSVC
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000006\PACKEDCATALOGITEM
cryptnet.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPTNET
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional D:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCCERTPROP
disk.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\disk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DISK
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000014\PACKEDCATALOGITEM
serial.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\serial.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERIAL
vmware-authd.exe 服务 VMWare D:\虚拟系统\vmware-authd.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VMAUTHDSERVICE
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\TERMSRV
Explorer.exe 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL
VolSnap.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\volsnap.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VOLSNAP
KPFW32.EXE -startup 注册表启动组其他软件 C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kpfw32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\KAVPFW
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCHEDULE
KAVSafe.sys 驱动金山安全软件 D:\WINDOWS\system32\drivers\KAVSafe.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KAVSAFE
shsvcs.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHELLHWDETECTION
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\CDBURN
sr.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\sr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SR
lsass.exe 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTEDSTORAGE
vmnetuserif.sys 驱动 VMWare D:\WINDOWS\system32\drivers\vmnetuserif.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VMNETUSERIF
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000011\PACKEDCATALOGITEM
audiosrv.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\audiosrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV
mp110010.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110010.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110010
mp110004.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110004.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110004
vmnat.exe 服务 VMWare D:\虚拟系统\vmnat.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VMWARE NAT SERVICE
cdrom.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\cdrom.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDROM
RDPCDD.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\rdpcdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDPCDD
shdbus.sys 驱动雨过天晴电脑保护系统 D:\WINDOWS\system32\drivers\SHDBUS.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHDBUS
rpcss.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DCOMLAUNCH
kbdclass.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\kbdclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDCLASS
mp110008.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110008.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110008
EAZClnt.exe 服务其他软件 D:\Program Files\Yuguo\EAZClnt.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EAZCLIENTSERVICE
MPSVC.exe 服务微点主动防御软件 D:\Program Files\Micropoint\MPSVC.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MPSVCSERVICE

作者: mimg11 时间: 2009-1-5 21:33
Null.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\null.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NULL
sens.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\sens.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000003\PACKEDCATALOGITEM
KAVBootC.sys 驱动金山安全软件 D:\WINDOWS\system32\drivers\KAVBootC.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KAVBOOTC
wmp.dll ActiveX 插件 Microsoft Windows XP Professional D:\WINDOWS\system32\wmp.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
srvsvc.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\srvsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER
sclgntfy.dll 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCLGNTFY
mp110001.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110001.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110001
VMnetDHCP.exe 服务 VMWare D:\虚拟系统\VMnetDHCP.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VMNETDHCP
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000009\PACKEDCATALOGITEM
dmserver.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\dmserver.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER
vmx86.sys 驱动其他软件 D:\WINDOWS\system32\drivers\vmx86.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VMX86
nvsvc32.exe 服务 NVIDIA D:\WINDOWS\system32\nvsvc32.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NVSVC
Npfs.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\npfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NPFS
tcpip.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\tcpip.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP
Sfloppy.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\sfloppy.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SFLOPPY
mp110009.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110009.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110009
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000001\PACKEDCATALOGITEM
wkssvc.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\wkssvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION
seclogon.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\seclogon.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SECLOGON
netbios.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\netbios.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS
vmnetbridge.sys 驱动 VMWare D:\WINDOWS\system32\drivers\vmnetbridge.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VMNETBRIDGE
browseui.dll Explorer插件 Microsoft Windows XP Professional D:\WINDOWS\system32\browseui.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER\{8C7461EF-2B13-11D2-BE35-3078302C2030}
mp110011.sys 驱动微点主动防御软件 D:\WINDOWS\system32\drivers\MP110011.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110011
shell32.dll Explorer插件 Microsoft Windows XP Professional D:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{AEB6717E-7E19-11D0-97EE-00C04FD91972}
mouclass.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\mouclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUCLASS
Msfs.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\msfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSFS
NvMcTray.dll 注册表启动组 NVIDIA D:\WINDOWS\system32\nvmctray.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NVMEDIACENTER
stormliv.exe /asservice 服务暴风影音 C:\Program Files\StormII\stormliv.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CCOSM
httpd.exe -k runservice 服务 apache C:\shuya\apache\bin\httpd.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHUYA_APACHE
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000013\PACKEDCATALOGITEM
mswsock.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000016\PACKEDCATALOGITEM
MountMgr.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\mountmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUNTMGR
browser.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\browser.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER
Shieldf.sys 驱动雨过天晴电脑保护系统 D:\WINDOWS\system32\drivers\Shieldf.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHIELDF
wuauserv.dll 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\wuauserv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
lsass.exe 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SAMSS
vga.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\vga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VGASAVE
mnmdd.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\mnmdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MNMDD
rdbss.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\rdbss.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDBSS
spoolsv.exe 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\spoolsv.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPOOLER
nwiz.exe 注册表启动组 NVIDIA D:\WINDOWS\system32\nwiz.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NWIZ
rsvpsp.dll SPI Microsoft Windows XP Professional D:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000004\PACKEDCATALOGITEM
lsass.exe 服务 Microsoft Windows XP Professional D:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT
NOTEPAD.EXE %1 文件类型关联启动 Microsoft Windows XP Professional D:\WINDOWS\system32\notepad.exe HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND
USERINIT.EXE 系统直接调用 Microsoft Windows XP Professional D:\WINDOWS\system32\userinit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\USERINIT
ParVdm.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\parvdm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARVDM
termdd.sys 驱动 Microsoft Windows XP Professional D:\WINDOWS\system32\drivers\termdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TERMDD

作者: mimg11 时间: 2009-1-5 21:33
天书级....

作者: mimg11 时间: 2009-1-5 21:34
刚那个版主大神去帮我搞了....

作者: vilanden 时间: 2009-1-5 21:35
参考下面的方法试一下。
http://bbs.micropoint.com.cn/showthread.asp?tid=11538&fpage=1

作者: mimg11 时间: 2009-1-5 21:37
收到!测试中!

作者: mimg11 时间: 2009-1-5 21:39
注册编辑已被管理员停用...

作者: wangguofeng 时间: 2009-1-5 21:47
看来你中的病毒还真是厉害啊期待结果早点出来

作者: mimg11 时间: 2009-1-5 21:48
使用.JS.INT.REG文件进行注册表修复,结果为失败!

作者: mimg11 时间: 2009-1-5 22:00
希望版主能透露点最新进展....我等的好苦啊!

作者: mimg11 时间: 2009-1-6 08:47
帖子沉了....没人鸟了....

作者: zqrsc 时间: 2009-1-6 09:42
不会吧。还有样本没？发我瞧瞧~

作者: WoZD 时间: 2009-1-6 09:46
关注

作者: mimg11 时间: 2009-1-6 09:53
样本太多了....121个...我都不知道是什么东西

作者: mimg11 时间: 2009-1-6 09:54
顺便问下,用金山杀毒的样本在哪呢?
注册表怎么修复呢?
我现在基本的功能全被禁止了....

作者: mimg11 时间: 2009-1-6 09:58
用超级巡警查出个病毒名叫Trojan.Win32.Agent.ajvg的病毒,一直在提示...文件名一直在换,最近一个叫ilobbyupdater117.exe这是什么病毒哦?

作者: mimg11 时间: 2009-1-6 11:29
在360上了解到我似乎中了传说中的"母马".......

作者: Legend 时间: 2009-1-6 16:09
没有收到楼主发送的邮件，请楼主重新发送一下，请在发送时加密压缩一下（密码：virus）。

作者: aq6861311 时间: 2009-1-6 16:12
楼主能不能发个木马压缩包

作者: wsmurderer 时间: 2009-1-6 17:03
咋整的？发个邮件都发不来？

作者: keyoushi 时间: 2009-1-7 01:06
LZ或许可以SRE扫描个报告上来看看，从你的描述看，很可能是木马群。

作者: mimg11 时间: 2009-1-7 15:49
发的来...但是好象很多啊??121个..而且是金山删除的,我不知道隔离在哪个地方了.并且我现在电脑注册表不让注册了...说管理员禁用...咋回事呢??

作者: mimg11 时间: 2009-1-7 18:46
郁闷!用某某人给我提供的大蜘蛛在那个有毒的系统里杀毒后,一登陆系统就注册表被删除然后自动注销!换到好的系统我的F盘又开不了了....求救啊!!什么病毒???

作者: Legend 时间: 2009-1-7 18:57
请问您是否联系过微点技术交流群管理员qq,如果没有请加管理员qq:466248167或者383154254帮您具体分析下。

作者: mimg11 时间: 2009-1-7 19:00
不好意思找你们啊....又不是微点的问题...就是想找几个高手以个人的形式问下就好了~~`哈哈..哈哈...

作者: mimg11 时间: 2009-1-7 19:30
如果你们不想帮我可以当我没发过帖....呵呵..突然发现发错.了.

作者: Legend 时间: 2009-1-12 13:24
由于没有收到楼主的进一步反馈，此主题暂做关闭主题处理，如有其他问题，请另开新帖讨论！

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn