woodbug
新手上路
积分 9
发帖 9
注册 2007-6-22
|
#1 微点无法干净杀掉这个木马
木马Trojan-PSW.win32.Delf.eae
估计是浏览网页时,中了病毒. (靠,老子再也不用baidu搜索了)
电脑启动后,被微点检测到,提示删除
但是,再次启动,又会重复出现.
用kis6.0全盘扫描,无反映.
怎么办?
| |
※ ※ ※ 本文纯属【woodbug】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
 |
|
2007-6-22 07:48 |
|
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
|
|
|
2007-6-22 07:50 |
|
woodbug
新手上路
积分 9
发帖 9
注册 2007-6-22
|
#3
时间 处理结果 木马名称 木马进程名 木马文件创建者
2007-06-22 06:58:28 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\52VEEA1Z\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-21 19:50:19 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2ZFSD6IF\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-21 16:34:36 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\T3P63NBZ\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-21 12:35:47 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2DC46O12\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-20 18:31:50 处理成功 Trojan.Win32.Delf.awy C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2DC46O12\UPDATE[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-20 18:31:46 处理成功 Trojan-PSW.Win32.Delf.eae C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2DC46O12\ABC[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-06-18 19:22:40 用户取消 Trojan-Proxy.Win32.Agent.uu D:\STARCRAFT\WUJIE81\无界浏览器8.1.EXE
| |
※ ※ ※ 本文纯属【woodbug】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-6-22 07:53 |
|
woodbug
新手上路
积分 9
发帖 9
注册 2007-6-22
|
#4
好象比较乱啊
我直接导出的
| |
※ ※ ※ 本文纯属【woodbug】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-6-22 07:53 |
|
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
|
#5
根据楼主贴出来的日志进行初步分析,您那里出现的Trojan-PSW.Win32.Delf.eae和Trojan.Win32.Delf.awy都属于因IE浏览器存在有漏洞,浏览包含有恶意代码的网页时便会被自动下载木马程序。不过木马程序已经都被微点处理掉了,请您放心使用。
对此,建议楼主使用微点漏洞扫描功能,为您的Windows系统修补安全漏洞,彻底杜绝此类问题。
| |
※文章所有权归【Legend】与【东方微点论坛】共同所有,转载请注明出处!※
|
微点官方认证新浪微博:欢迎进入 微点新浪微博
微点技术支持邮箱: support@micropoint.com.cn
给Legend发短消息 |
|
|
|
2007-6-22 08:18 |
|
dsl5
高级用户
积分 578
发帖 520
注册 2007-6-16
来自 广州
|
#6
貌似IE被挟持,从后台连接一些站点下的木马,系统内可能另外存有病毒下载器,把IE进程的模块调出来给我们看看!还有,把全机的启动项都调出来看看!
| |
※ ※ ※ 本文纯属【dsl5】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
该点饭点了叉烧饭 |
|
|
|
2007-6-22 08:19 |
|
woodbug
新手上路
积分 9
发帖 9
注册 2007-6-22
|
#7
用微点扫了系统漏洞,有4个,但是好象没办法下载
不过用360安装了3个,还有1个windows media player的,还是没办法下载
重起后,微点还是扫到了木马
| |
※ ※ ※ 本文纯属【woodbug】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-6-22 08:55 |
|
woodbug
新手上路
积分 9
发帖 9
注册 2007-6-22
|
#8
这是启动项目:
程序名称 启动方式 程序说明 全路径 启动信息
Skdaemon.exe 开始菜单启动组 其他软件 C:\Program Files\LEGEND\联想标准功能键盘驱动程序安装\Skdaemon.exe C:\Documents and Settings\All Users\「开始」菜单\程序\启动\联想键盘驱动程序.lnk
Windows.hta 开始菜单启动组 其他软件 C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Windows.hta C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Windows.hta
remotesetup.exe 计划任务 其他软件 文件不存在(C:\DOCUME~1\user\LOCALS~1\Temp\remotesetup.exe) C:\WINDOWS\Tasks\DDD_Install_Program.job
start.hta 开始菜单启动组 其他软件 C:\Documents and Settings\All Users\「开始」菜单\程序\启动\start.hta C:\Documents and Settings\All Users\「开始」菜单\程序\启动\start.hta
autoexec.bat 批处理文件 其他软件 C:\AUTOEXEC.BAT
crypt32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPT32CHAIN
cscdll.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CSCDLL
Fips.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fips.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FIPS
klif.sys 驱动 卡巴斯基安全软件 C:\WINDOWS\system32\drivers\klif.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KLIF
dmload.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmload.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMLOAD
redbook.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\redbook.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REDBOOK
vaxDLb.sys 驱动 其他软件 C:\WINDOWS\system32\drivers\vaxDLb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VAXDLB
ctfmon.exe 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CTFMON.EXE
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000012\PACKEDCATALOGITEM
ftdisk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ftdisk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTDISK
IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\ime\IMJP8_1\imjpmig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\IMJPMIG8.1
viaagp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\VIAAGP.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VIAAGP
ndpiq.sys 驱动 其他软件 C:\WINDOWS\system32\drivers\ndpiq.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDPIQ
webclnt.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\webclnt.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBCLIENT
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
Mup.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mup.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MUP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000008\PACKEDCATALOGITEM
trkwks.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\trkwks.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TRKWKS
isapnp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\isapnp.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPNP
dnsrslvr.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dnsrslvr.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE
pciide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pciide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIIDE
netbt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\netbt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT
dmio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\dmio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMIO
rasacd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rasacd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASACD
KSecDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ksecdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KSECDD
rsvpsp.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\rsvpsp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000005\PACKEDCATALOGITEM
mp110007.sys 驱动 微点主动防御软件 C:\WINDOWS\system32\drivers\mp110007.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110007
Beep.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\beep.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BEEP
rem RunDll32 advpack.dll 注册表启动组 其他软件 系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\360DISABLED\TV_ENUA
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WLBALLOON
webcheck.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\WEBCHECK
mp110003.sys 驱动 微点主动防御软件 C:\WINDOWS\system32\drivers\mp110003.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110003
realsched.exe -osboot 注册表启动组 RealPlayer C:\Program Files\Common Files\Real\Update_OB\realsched.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\TKBELLEXE
kldriver.exe 注册表启动组 第三方支持软件 C:\Program Files\LEGEND\联想键盘驱动\Kldriver.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\LEGENDKBDRIVER
MSJDrvr.sys 驱动 其他软件 C:\WINDOWS\system32\drivers\MSJDrvr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSJDRVR
PCIDump.sys 驱动 其他软件 文件不存在(C:\WINDOWS\System32\DRIVERS\PCIDump.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIDUMP
ersvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\ersvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC
srsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\srsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRSERVICE
mp110013.sys 驱动 微点主动防御软件 C:\WINDOWS\system32\drivers\mp110013.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110013
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCSS
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000017\PACKEDCATALOGITEM
CdaC15BA.SYS 驱动 其他软件 C:\WINDOWS\system32\drivers\CdaC15BA.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDAC15BA
ipsec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ipsec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPSEC
Fs_Rec.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fs_rec.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FS_REC
TINTSETP.EXE /IMEName 注册表启动组 Microsoft Windows XP Professional C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PHIME2002A
| |
※ ※ ※ 本文纯属【woodbug】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-6-22 08:58 |
|
woodbug
新手上路
积分 9
发帖 9
注册 2007-6-22
|
#9
PartMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\partmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARTMGR
intelide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\intelide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELIDE
stobject.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\SYSTRAY
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000015\PACKEDCATALOGITEM
ipnathlp.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\ipnathlp.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS
viaide.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\viaide.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VIAIDE
logon.scr 屏幕保护 Microsoft Windows XP Professional C:\WINDOWS\system32\logon.scr HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP\SCRNSAVE.EXE
lmhsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lmhsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS
rem "D:\Program Files\Thunder Network\Thunder\Thunder.exe" /s 注册表启动组 其他软件 系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\THUNDER
"\Program Files\Logonui\Logonui.exe" 系统直接调用 其他软件 系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\UIHOST
fltMgr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fltMgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLTMGR
mrxsmb.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mrxsmb.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXSMB
atapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\atapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATAPI
shsvcs.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\THEMES
dhcpcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\dhcpcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000007\PACKEDCATALOGITEM
Cdaudio.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdaudio.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDAUDIO
wdfmgr.exe 服务 第三方支持软件 C:\WINDOWS\system32\wdfmgr.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\UMWDF
lbrtfdc.sys 驱动 其他软件 文件不存在(C:\WINDOWS\System32\DRIVERS\lbrtfdc.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LBRTFDC
NDIS.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\ndis.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDIS
aliide.sys 驱动 其他软件 文件不存在(C:\WINDOWS\System32\DRIVERS\aliide.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALIIDE
imapi.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\imapi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPI
mp110002.sys 驱动 微点主动防御软件 C:\WINDOWS\system32\drivers\mp110002.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110002
WlNotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SENSLOGN
w32time.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\w32time.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\W32TIME
mp110006.sys 驱动 微点主动防御软件 C:\WINDOWS\system32\drivers\mp110006.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110006
afd.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\afd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AFD
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG
Changer.sys 驱动 其他软件 文件不存在(C:\WINDOWS\System32\DRIVERS\Changer.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CHANGER
JAVASUP.VXD Vxd驱动 其他软件 C:\WINDOWS\system32\javasup.vxd HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VXD\JAVASUP
ACPI.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\acpi.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPI
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000002\PACKEDCATALOGITEM
vaxDLs.sys 驱动 第三方支持软件 C:\WINDOWS\system32\drivers\vaxDLs.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VAXDLS
cryptsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC
services.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUGPLAY
intelppm.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\intelppm.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELPPM
p2psvr.exe 服务 其他软件 C:\Program Files\Common Files\Sogou PXP\p2psvr.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\P4P SERVICE
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000018\PACKEDCATALOGITEM
googletoolbar2.dll IE插件 其他软件 c:\program files\Google\googletoolbar2.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
i8042prt.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\i8042prt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT
fsvga.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\fsvga.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FSVGA
kbdhid.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\kbdhid.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDHID
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\POSTBOOTREMINDER
pci.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\pci.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCI
TosIde.sys 驱动 其他软件 文件不存在(C:\WINDOWS\System32\DRIVERS\TosIde.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TOSIDE
TGENotify.dll 系统直接调用 其他软件 C:\WINDOWS\system32\TGENotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ZGNOTIFY
| |
※ ※ ※ 本文纯属【woodbug】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-6-22 08:58 |
|
woodbug
新手上路
积分 9
发帖 9
注册 2007-6-22
|
#10
ntsd.EXE 进程关联启动 Microsoft Windows XP Professional C:\WINDOWS\system32\ntsd.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\YOUR IMAGE FILE NAME HERE WITHOUT A PATH
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000010\PACKEDCATALOGITEM
amdk7.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\amdk7.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AMDK7
WMIsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wbem\wmisvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMGMT
wzcsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wzcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WZCSVC
klogon.dll 系统直接调用 卡巴斯基安全软件 C:\WINDOWS\system32\klogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\KLOGON
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000006\PACKEDCATALOGITEM
cryptnet.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPTNET
rem d:\Program Files\Thunder Network\WebThunder\WebThunder.exe 注册表启动组 其他软件 系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\WEBTHUNDER
WebThunderBHO_Now.dll Explorer插件 迅雷 d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{00000AAA-A363-466E-BEF5-9BB68697AA7F}
wmpdxm.dll ActiveX 插件 Microsoft Windows XP Professional C:\WINDOWS\system32\wmpdxm.dll HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCCERTPROP
pchsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPSVC
wscsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\wscsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WSCSVC
rem RunDll32 advpack.dll 注册表启动组 其他软件 系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\360DISABLED\LHTTSJPJ
disk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\disk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DISK
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000014\PACKEDCATALOGITEM
serial.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\serial.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERIAL
mdmxsdk.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\mdmxsdk.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MDMXSDK
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\TERMSRV
Explorer.exe 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL
VolSnap.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\volsnap.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VOLSNAP
schedsvc.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\schedsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SCHEDULE
wlnotify.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCHEDULE
shsvcs.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\shsvcs.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHELLHWDETECTION
SHELL32.dll 系统直接调用 Microsoft Windows XP Professional C:\WINDOWS\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\CDBURN
sr.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\sr.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SR
lsass.exe 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTEDSTORAGE
sisagp.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\SISAGP.SYS HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SISAGP
mswsock.dll SPI Microsoft Windows XP Professional C:\WINDOWS\system32\mswsock.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9\CATALOG_ENTRIES\000000000011\PACKEDCATALOGITEM
audiosrv.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\audiosrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV
mp110010.sys 驱动 微点主动防御软件 C:\WINDOWS\system32\drivers\mp110010.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110010
mp110004.sys 驱动 微点主动防御软件 C:\WINDOWS\system32\drivers\mp110004.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MP110004
cdrom.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\cdrom.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDROM
StormSet.dll 注册表启动组 暴风影音 D:\Program Files\StormII\StormSet.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\STORM2SET
kl1.sys 驱动 卡巴斯基安全软件 C:\WINDOWS\system32\drivers\kl1.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KL1
RDPCDD.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\rdpcdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDPCDD
rpcss.dll 服务 Microsoft Windows XP Professional C:\WINDOWS\system32\rpcss.dll HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DCOMLAUNCH
rem "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti 注册表启动组 其他软件 系统指定路径下无法匹配该文件 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED\STORMCODEC_HELPER
kbdclass.sys 驱动 Microsoft Windows XP Professional C:\WINDOWS\system32\drivers\kbdclass.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDCLASS
| |
※ ※ ※ 本文纯属【woodbug】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-6-22 08:59 |
|
