标题:
启动监控,操作问题
[打印本页]
作者:
sygate7
时间:
2007-3-22 14:07
标题:
启动监控,操作问题
如图所示.
我的系统启动时会有 NOTEPAD.EXE 启动吗? 为什么我没有看到?
象这些找不到对应启动 文件的条目, 可不可以 在右键增加 "删除启动项" 功能?
附件 1:
STARTUP.JPG
(2007-3-22 14:07, 97.44 K,下载次数: 37)
作者:
Legend
时间:
2007-3-22 14:16
出于系统安全考虑请勿随便删除系统自启动信息中的启动项目;
微点软件系统自启动信息中显示为文件不存在、为此文件已经不存在或者被删除,但注册表启动键值还在,您可以双击会自动定位到注册表,然后选择删除相应键值即可。
作者:
sygate7
时间:
2007-3-22 14:22
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROCKEYNT]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,52,00,6f,00,63,00,\
6b,00,65,00,79,00,6e,00,74,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="ROCKEYNT"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROCKEYNT\Parameters]
"Support"=dword:00000000
"TestBusy"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROCKEYNT\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROCKEYNT\Enum]
"0"="Root\\LEGACY_ROCKEYNT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
这笔自启动的注册表有问题吗? 看名字很可怕啊. ROCKEYNT.SYS
作者:
Legend
时间:
2007-3-22 14:28
您可以把您的这个文件及注册启动键值导出发到
virus@micropoint.com.cn
我们具体测试分析。
作者:
tloki
时间:
2007-3-22 21:03
这个貌似是个病毒 现象就是开机自动打开一个空白文本 没发现什么危害
欢迎光临 微点交流论坛 (http://bbs.micropoint.com.cn/)
bbs.micropoint.com.cn
STARTUP.JPG (2007-3-22 14:07, 97.44 K,下载次数: 37)
