微点交流论坛 - 反病毒 - DNS中病毒了？

3/4

rige
新手上路

积分 20
发帖 20
注册 2009-4-4

#21

最后部分

正在运行的进程
[PID: 648 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.1.411]
[PID: 792 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124 / SYSTEM][c:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[PID: 1140 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1364 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1568 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1800 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 580 / user][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 724 / user][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 720 / user][E:\拼音加加\jj4\jiajiasr.exe]  [加加工作组, 4, 0, 1, 36]
[PID: 144 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1712 / user][C:\WINDOWS\system32\WgaTray.exe]  [Microsoft Corporation, 1.7.0018.7]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 1832 / user][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 1112 / user][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 512 / user][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.672\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 328 / user][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.672\SRE516f189a.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.672\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [C:\WINDOWS\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1    localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1112, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 512, C:\DOCUME~1\USER\LOCALS~1\TEMP\RAR$EX00.672\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

※ ※ ※ 本文纯属【rige】个人意见，与【微点交流论坛】立场无关※ ※ ※

2009-4-10 10:34

rige
新手上路

积分 20
发帖 20
注册 2009-4-4

#22

下面是微点的系统自启动信息

程序名称启动方式程序说明全路径启动信息

Accel.exe 开始菜单启动组其他软件 F:\QQGame\Accel.exe C:\Documents and Settings\user\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk
QQ.exe 开始菜单启动组腾讯软件 C:\Program Files\TENCENT\QQ\QQ.exe C:\Documents and Settings\user\「开始」菜单\程序\启动\腾讯QQ.lnk
autoexec.bat 批处理文件其他软件 C:\AUTOEXEC.BAT
crypt32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPT32CHAIN
cscdll.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CSCDLL
Fips.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fips.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FIPS
dmload.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmload.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMLOAD
redbook.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\redbook.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REDBOOK
ctfmon.exe 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CTFMON.EXE
Ravmond.exe 服务瑞星安全软件 C:\PROGRAM FILES\Rising\Rav\RavMonD.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RSRAVMON
ftdisk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ftdisk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTDISK
TDAtOnce_Now.dll Explorer插件迅雷 C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
RavTask.exe -system 注册表启动组瑞星安全软件 c:\Program Files\Rising\Rav\RavTask.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\RAVTASK
webclnt.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\webclnt.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBCLIENT
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
pchsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\UPLOADMGR
Mup.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mup.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MUP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000008\PACKEDCATALOGITEM
trkwks.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\trkwks.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TRKWKS
isapnp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\isapnp.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPNP
dnsrslvr.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dnsrslvr.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE
pciide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pciide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIIDE
MDM.EXE 服务微软 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MDM
netbt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\netbt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT
dmio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMIO
rasacd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rasacd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASACD
KSecDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ksecdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KSECDD
rsvpsp.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000005\PACKEDCATALOGITEM
mp110007.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110007.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110007
Beep.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\beep.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BEEP
jiajiasr.exe 注册表启动组加加输入法 E:\拼音加加\jj4\jiajiasr.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\JIAJIASR
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WLBALLOON
webcheck.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\WEBCHECK
mp110003.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110003.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110003
HookCont.sys 驱动瑞星安全软件 C:\WINDOWS\system32\drivers\HookCont.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HOOKCONT
avp.exe -r 服务其他软件文件不存在(C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVP
PCIDump.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\PCIDump.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIDUMP
ersvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\ersvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC
srsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\srsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRSERVICE
mp110013.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110013.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110013
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCSS
ipsec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ipsec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPSEC
Fs_Rec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fs_rec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FS_REC
PartMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\partmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARTMGR
stobject.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\SYSTRAY
ipnathlp.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\ipnathlp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS
lmhsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lmhsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS
logonui.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\logonui.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\UIHOST
fltMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fltMgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLTMGR
mrxsmb.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mrxsmb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXSMB
atapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\atapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATAPI
tcpip6.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\tcpip6.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP6
shsvcs.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\THEMES
dhcpcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dhcpcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000007\PACKEDCATALOGITEM
Cdaudio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdaudio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDAUDIO
lbrtfdc.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\lbrtfdc.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LBRTFDC

※ ※ ※ 本文纯属【rige】个人意见，与【微点交流论坛】立场无关※ ※ ※

2009-4-10 10:38

rige
新手上路

积分 20
发帖 20
注册 2009-4-4

#23

继续

HookNtos.sys 驱动瑞星安全软件 C:\WINDOWS\system32\drivers\HookNtos.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HOOKNTOS
NDIS.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ndis.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDIS
ws2ifsl.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ws2ifsl.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WS2IFSL
imapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\imapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPI
mp110002.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110002.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110002
WlNotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SENSLOGN
w32time.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\w32time.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\W32TIME
mp110006.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110006.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110006
6to4svc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\6to4svc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\6TO4
browseui.dll Explorer插件 Microsoft Windows XP Professional C:\WINDOWS\system32\browseui.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
afd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\afd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AFD
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG
Changer.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\Changer.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CHANGER
ACPI.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\acpi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPI
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000002\PACKEDCATALOGITEM
cryptsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUGPLAY
intelppm.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\intelppm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELPPM
HookSys.sys 驱动瑞星安全软件 C:\WINDOWS\system32\drivers\HookSys.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HOOKSYS
i8042prt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\i8042prt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT
fsvga.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fsvga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FSVGA
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\POSTBOOTREMINDER
pci.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pci.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCI
ntsd.EXE 进程关联启动 Microsoft Windows XP Professional C:\WINDOWS\system32\ntsd.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\YOUR IMAGE FILE NAME HERE WITHOUT A PATH
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000010\PACKEDCATALOGITEM
WMIsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wbem\wmisvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMGMT
wzcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wzcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WZCSVC
klogon.dll 系统直接调用其他软件 C:\WINDOWS\system32\klogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\KLOGON
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000006\PACKEDCATALOGITEM
cryptnet.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPTNET
HookReg.sys 驱动瑞星安全软件 C:\WINDOWS\system32\drivers\HOOKREG.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HOOKREG
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCCERTPROP
WgaLogon.dll 系统直接调用微软 C:\WINDOWS\system32\WgaLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON
pchsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPSVC
wscsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wscsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WSCSVC
sptd.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\Drivers\sptd.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPTD
disk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\disk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DISK
serial.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\serial.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERIAL
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\TERMSRV
ipfltdrv.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ipfltdrv.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPFILTERDRIVER
Explorer.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL
VolSnap.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\volsnap.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VOLSNAP
schedsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\schedsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SCHEDULE
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCHEDULE
shsvcs.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHELLHWDETECTION
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\CDBURN
sr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SR
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTEDSTORAGE
sisagp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sisagp.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SISAGP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000011\PACKEDCATALOGITEM

※ ※ ※ 本文纯属【rige】个人意见，与【微点交流论坛】立场无关※ ※ ※

2009-4-10 10:38

rige
新手上路

积分 20
发帖 20
注册 2009-4-4

#24

最后部分

rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\IMJPMIG8.1
audiosrv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\audiosrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV
mp110010.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110010.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110010
mp110004.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110004.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110004
rem "C:\Program Files\Messenger\msmsgs.exe" /background 注册表启动组其他软件系统指定路径下无法匹配该文件 HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\MSMSGS
cdrom.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdrom.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDROM
nwwks.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\nwwks.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWCWORKSTATION
RDPCDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rdpcdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDPCDD
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DCOMLAUNCH
kbdclass.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\kbdclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDCLASS
mp110008.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110008.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110008
MPSVC.exe 服务微点主动防御软件 C:\Program Files\Micropoint\MPSVC.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MPSVCSERVICE
360Tray.exe /start 注册表启动组 360Safe D:\Program Files\360\360Safe\safemon\360tray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360SAFETRAY
Null.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\null.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NULL
sens.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\sens.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000003\PACKEDCATALOGITEM
wmp.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmp.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
srvsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\srvsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER
sclgntfy.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCLGNTFY
mp110001.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110001.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110001
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000009\PACKEDCATALOGITEM
dmserver.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dmserver.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER
Npfs.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\npfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NPFS
tcpip.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\tcpip.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP
Sfloppy.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sfloppy.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SFLOPPY
mp110009.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110009.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110009
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000001\PACKEDCATALOGITEM
wkssvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wkssvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION
seclogon.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\seclogon.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SECLOGON
netbios.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\netbios.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS
browseui.dll Explorer插件 Microsoft Windows XP Professional C:\WINDOWS\system32\browseui.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER\{8C7461EF-2B13-11D2-BE35-3078302C2030}
mp110011.sys 驱动微点主动防御软件 C:\WINDOWS\system32\drivers\MP110011.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110011
mouclass.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mouclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUCLASS
safeboxTray.exe /r 注册表启动组 360安全软件 C:\Program Files\360Safebox\safeboxTray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360SAFEBOX
Msfs.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\msfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSFS
CCenter.exe 服务瑞星安全软件 c:\Program Files\Rising\Rav\CCenter.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RSCCENTER
regsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\regsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEREGISTRY
nwlnkspx.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\nwlnkspx.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKSPX
MountMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mountmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUNTMGR
browser.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\browser.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER
wuauserv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wuauserv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SAMSS
npkcrypt.sys 驱动其他软件文件不存在(E:\QQ\npkcrypt.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NPKCRYPT
vga.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\vga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VGASAVE
mnmdd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mnmdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MNMDD
rdbss.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rdbss.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDBSS
SafeBoxKrnl.sys 驱动 360安全软件 C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SAFEBOXKRNL
qmgr.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\qmgr.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
spoolsv.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\spoolsv.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPOOLER
i2omgmt.sys 驱动其他软件文件不存在(C:\WINDOWS\System32\DRIVERS\i2omgmt.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I2OMGMT
nwlnkipx.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\nwlnkipx.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKIPX
rsvpsp.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000004\PACKEDCATALOGITEM
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT
notepad.exe %1 文件类型关联启动 Microsoft Windows XP Professional C:\WINDOWS\notepad.exe HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND
nwlnknb.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\nwlnknb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKNB
xunleiBHO_Now.dll Explorer插件迅雷 C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{889D2FEB-5411-4565-8998-1DD2C5261283}
USERINIT.EXE 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\userinit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\USERINIT
ParVdm.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\parvdm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARVDM
termdd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\termdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TERMDD

※ ※ ※ 本文纯属【rige】个人意见，与【微点交流论坛】立场无关※ ※ ※

2009-4-10 10:39

rige
新手上路

积分 20
发帖 20
注册 2009-4-4

#25

好像回复不能上传TXT文件，只好都发上来了，请各位见谅哦。
谢谢各位高手了

※ ※ ※ 本文纯属【rige】个人意见，与【微点交流论坛】立场无关※ ※ ※

2009-4-10 10:40

狙击virus
注册用户

积分 162
发帖 162
注册 2008-11-25

#26

SRE日志显示没有问题，但是你机器里安装的安全软件太多了。

瑞星，卡巴，微点都有，建议你卸载一些，不要安装太多的安全软件，初步怀疑是IE损坏，重新安装IE下吧！

※ ※ ※ 本文纯属【狙击virus】个人意见，与【微点交流论坛】立场无关※ ※ ※

2009-4-10 11:39

gxdiyer
注册用户

积分 128
发帖 128
注册 2006-8-23

#27

杀毒软件装的够多的。

※ ※ ※ 本文纯属【gxdiyer】个人意见，与【微点交流论坛】立场无关※ ※ ※

[size=5]好的杀软开发者首先要做一个勇于创新且遵纪守法的病毒制造者！[/size]

2009-4-10 15:09

rige
新手上路

积分 20
发帖 20
注册 2009-4-4

#28

瑞星是垃圾，病毒一来，自己就先挂了。现在想卸载都不行，卸载程序都找不到了。卡巴是老版本的6.0，可能是很久以前的装的了，也卸载不了。现在就只有微点。
IE损坏也有可能，但是我装了火狐，用火狐也不行。

※ ※ ※ 本文纯属【rige】个人意见，与【微点交流论坛】立场无关※ ※ ※

2009-4-10 15:10

gxdiyer
注册用户

积分 128
发帖 128
注册 2006-8-23

#29

Quote:

Originally posted by rige at 2009-4-10 15:10:
瑞星是垃圾，病毒一来，自己就先挂了。现在想卸载都不行，卸载程序都找不到了。卡巴是老版本的6.0，可能是很久以前的装的了，也卸载不了。现在就只有微点。
IE损坏也有可能，但是我装了火狐，用火狐也不行。

其实卸载这些程序也好简单的，既然它们两个都不能用了，为什么还要让它们自动运行呢？把它们的文件夹改名然后重新启动计算机，再删除；或者用金山清理专家中的文件粉碎机（这工具好厉害的）把整个文件夹粉碎删除，对于drivers下面的驱动文件也可效仿此法。不过对于注册表中的无用垃圾信息就很麻烦了。有安装程序的话，建议先重新安装一下它们（新旧都可），然后再卸载。

[ Last edited by gxdiyer on 2009-4-10 at 22:47 ]

※ ※ ※ 本文纯属【gxdiyer】个人意见，与【微点交流论坛】立场无关※ ※ ※

[size=5]好的杀软开发者首先要做一个勇于创新且遵纪守法的病毒制造者！[/size]

2009-4-10 15:41

rige
新手上路

积分 20
发帖 20
注册 2009-4-4

#30

卸载了，但是问题还是没有解决啊

※ ※ ※ 本文纯属【rige】个人意见，与【微点交流论坛】立场无关※ ※ ※

2009-4-13 08:38

3/4

论坛跳转:

可打印版本 | 推荐 | 订阅 | 收藏

[ 联系我们 - 东方微点 ] 北京东方微点信息技术有限责任公司福建东方微点信息安全有限责任公司闽ICP备05030815号