微点交流论坛

标题: 今天碰到一个未知木马？ [打印本页]

作者: sunet 时间: 2007-11-3 10:54 标题: 今天碰到一个未知木马？

今天碰到一个未知木马？微点提示延迟删除，要重启，重启后，微点未在第一位启动，以前都是第一个启动，开机后好一会才启动，我还以为启动不了，启动后也没有提示删除未知木马，我想知道我中了木马吗？未知木马scbjbtra.dll

作者: sunet 时间: 2007-11-3 10:55
创建时间键名称原数据新数据创建者
2007-11-03 09:51:24 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ SRS AUDIO SANDBOX "C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE" /HIDEME "C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE" /HIDEME C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE
2007-11-03 09:50:56 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE
2007-11-03 09:50:46 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ TKBELLEXE "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:11 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE

作者: sunet 时间: 2007-11-3 10:57
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:25:43 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ SRS AUDIO SANDBOX "C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE" /HIDEME "C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE" /HIDEME C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE
2007-11-03 09:25:00 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE
2007-11-03 09:24:59 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ TKBELLEXE "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE

作者: Legend 时间: 2007-11-3 11:02
您好，您可以到微点主界面－安全防护与策略－有害程序隔离看微点的报警程序是否再里面

显示为延迟删除的，微点重其后会自动删除。

另请将微点报警文件及技术支持信息（微点主界面--辅助功能--生成技术支持信息）一并发送到 support@micropoint.com.cn 邮箱，发送时请在您邮件中复制本帖连接，以便我们跟踪解决您的问题。具体我们看下原因。

作者: y0365 时间: 2007-11-3 11:04
scbjbtra.dll 好像是个广告类的木马插件，可以到微点的有害程序隔离区看看是否删除成功了。

作者: 三好学生 时间: 2007-11-3 18:19
最好再重杀一遍，有时候微点没有删除！

作者: Legend 时间: 2007-11-3 19:12
三好学生，如果您使用微点过程中遇到问题，请您随时和我们联系。

作者: Legend 时间: 2007-11-17 02:47
由于没有收到楼主的进一步反馈，此主题暂做关闭主题处理，如有其他问题，请另开新帖讨论！

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn