»
游客:
注册
|
登录
|
帮助
微点交流论坛
»
微点主动防御软件
» 今天碰到一个未知木马?
作者:
标题: 今天碰到一个未知木马?
sunet
新手上路
积分 26
发帖 26
注册 2007-1-15
#1
今天碰到一个未知木马?
今天碰到一个未知木马?微点提示延迟删除,要重启,重启后,微点未在第一位启动,以前都是第一个启动,开机后好一会才启动,我还以为启动不了,启动后也没有提示删除未知木马,我想知道我中了木马吗?未知木马scbjbtra.dll
※ ※ ※ 本文纯属【sunet】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2007-11-3 10:54
sunet
新手上路
积分 26
发帖 26
注册 2007-1-15
#2
创建时间 键 名称 原数据 新数据 创建者
2007-11-03 09:51:24 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ SRS AUDIO SANDBOX "C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE" /HIDEME "C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE" /HIDEME C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE
2007-11-03 09:50:56 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE
2007-11-03 09:50:46 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ TKBELLEXE "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:18 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:50:11 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
※ ※ ※ 本文纯属【sunet】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2007-11-3 10:55
sunet
新手上路
积分 26
发帖 26
注册 2007-1-15
#3
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:49:10 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:48:57 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:25:43 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ SRS AUDIO SANDBOX "C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE" /HIDEME "C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE" /HIDEME C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE
2007-11-03 09:25:00 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE
2007-11-03 09:24:59 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ TKBELLEXE "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ POSTSHELL WLEVENTPOSTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSHELL WLEVENTSTARTSHELL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ UNLOCK WLEVENTUNLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOCK WLEVENTLOCK C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STOPSCREENSAVER WLEVENTSTOPSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTSCREENSAVER WLEVENTSTARTSCREENSAVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ SHUTDOWN WLEVENTSHUTDOWN C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ STARTUP WLEVENTSTARTUP C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGOFF WLEVENTLOGOFF C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ LOGON WLEVENTLOGON C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DLLNAME WGALOGON.DLL C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ RECONNECT WLEVENTRECONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2007-11-03 09:24:54 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON\ DISCONNECT WLEVENTDISCONNECT C:\WINDOWS\SYSTEM32\WINLOGON.EXE
※ ※ ※ 本文纯属【sunet】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2007-11-3 10:57
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
#4
您好,您可以到微点主界面-安全防护与策略-有害程序隔离 看微点的报警程序是否再里面
显示为 延迟删除 的,微点重其后会自动删除。
另请将微点报警文件及技术支持信息(微点主界面--辅助功能--生成技术支持信息)一并发送到
support@micropoint.com.cn
邮箱,发送时请在您邮件中复制本帖连接,以便我们跟踪解决您的问题。具体我们看下原因。
※文章所有权归【Legend】与【东方微点论坛】共同所有,转载请注明出处!※
微点官方认证新浪微博:欢迎进入
微点新浪微博
微点技术支持邮箱:
support@micropoint.com.cn
给Legend发短消息
2007-11-3 11:02
y0365
版主
使用与技巧版主
积分 1603
发帖 1571
注册 2007-1-27
#5
scbjbtra.dll 好像是个广告类的木马插件,可以到微点的有害程序隔离区看看是否删除成功了。
※ ※ ※ 本文纯属【y0365】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
乱我心者必杀之
2007-11-3 11:04
三好学生
注册用户
积分 69
发帖 69
注册 2007-9-26
#6
最好再重杀一遍,有时候微点没有删除!
※ ※ ※ 本文纯属【三好学生】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2007-11-3 18:19
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
#7
三好学生 ,如果您使用微点过程中遇到问题,请您随时和我们联系。
※文章所有权归【Legend】与【东方微点论坛】共同所有,转载请注明出处!※
微点官方认证新浪微博:欢迎进入
微点新浪微博
微点技术支持邮箱:
support@micropoint.com.cn
给Legend发短消息
2007-11-3 19:12
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
#8
由于没有收到楼主的进一步反馈,此主题暂做关闭主题处理,如有其他问题,请另开新帖讨论!
※文章所有权归【Legend】与【东方微点论坛】共同所有,转载请注明出处!※
微点官方认证新浪微博:欢迎进入
微点新浪微博
微点技术支持邮箱:
support@micropoint.com.cn
给Legend发短消息
2007-11-17 02:47
论坛跳转:
微点软件公测区
安全快报
> 病毒快报
> 漏洞快报
微点产品在线技术支持
> 微点主动防御软件
> 预升级反馈专区
> 微点杀毒软件
微点用户交流区
> 微点新闻
> 微点软件使用交流
> 微点茶室
安全技术交流区
> 主动防御
> 反病毒
> 防火墙
综合区
> 电脑&数码
> 体育&娱乐&休闲
> 灌水区
版务管理
内部使用专区
可打印版本
|
推荐
|
订阅
|
收藏
[
联系我们
-
东方微点
]
北京东方微点信息技术有限责任公司 福建东方微点信息安全有限责任公司
闽ICP备05030815号
