1   1  /  1  页   跳转

杀毒软件无法启动

收藏
imgon
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2006-10-01
  • 来自:
发表于: 2008-01-24 14:20 | 显示全部 短消息 资料
字号: 1楼

杀毒软件无法启动

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <FlashPlayerUpdate><C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe>  [(Verified)Adobe Systems Incorporated]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <switch><c:\windows\system32\壁纸自动换.exe>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TBMonEx><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
    <inudhya><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\soundma.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
    <PTSShell><C:\WINDOWS\PTSShell.exe>  []
    <WinForm><C:\WINDOWS\WinForm.exE>  []
    <NAVMon32><C:\WINDOWS\NAVMon32.exE>  []
    <NVDispDrv><C:\WINDOWS\vxaknk.exe>  []
    <DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4FA10261-B890-F432-A453-69F1023513F4}><C:\WINDOWS\Fonts\gjcsdyc.dll>  []
    <{00C5102A-E519-4187-ADF4-B4E313A99947}><>  [N/A]
    <{992FADFA-BCDE-ACDF-CDEF-21054865CBA9}><C:\WINDOWS\Fonts\wsmsgzx.dll>  []
    <{54909874-8982-F344-A322-7898787FA745}><C:\WINDOWS\Fonts\swjqezc.dll>  []
    <{6598FF45-DA60-F48A-BC43-10AC47853D56}><C:\WINDOWS\Fonts\rarjfpi.dll>  []
    <{3D098345-9012-8750-8910-9128098134D3}><C:\WINDOWS\Fonts\jsqxcyc.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE]
    <IFEO[ACKWIN32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE]
    <IFEO[ANTI-TROJAN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE]
    <IFEO[APVXDWIN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\asktao.mod]
    <IFEO[asktao.mod]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdlm.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.EXE]
    <IFEO[AUTODOWN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE]
    <IFEO[AVCONSOL.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.EXE]
    <IFEO[AVE32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE]
    <IFEO[AVGCTRL.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE]
    <IFEO[AVKSERV.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVNT.EXE]

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑2008-01-24 18:15:23
分享到:
gototop
 
imgon
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2006-10-01
  • 来自:
发表于: 2008-01-24 14:20 | 显示全部 短消息 资料
字号: 2楼

IFEO[AVNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE]
    <IFEO[AVP.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE]
    <IFEO[AVP32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPCC.EXE]
    <IFEO[AVPCC.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPDOS32.EXE]
    <IFEO[AVPDOS32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPM.EXE]
    <IFEO[AVPM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.EXE]
    <IFEO[AVPTC32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.EXE]
    <IFEO[AVPUPD.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.EXE]
    <IFEO[AVSCHED32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.EXE]
    <IFEO[AVWIN95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWUPD32.EXE]
    <IFEO[AVWUPD32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.EXE]
    <IFEO[BLACKD.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE]
    <IFEO[BLACKICE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.EXE]
    <IFEO[CFIADMIN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.EXE]
    <IFEO[CFIAUDIT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET.EXE]
    <IFEO[CFINET.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET32.EXE]
    <IFEO[CFINET32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.EXE]
    <IFEO[CLAW95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CF.EXE]
    <IFEO[CLAW95CF.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.EXE]
    <IFEO[CLEANER.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.EXE]
    <IFEO[CLEANER3.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.EXE]
    <IFEO[DVP95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95_0.EXE]
    <IFEO[DVP95_0.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.EXE]
    <IFEO[ECENGINE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.EXE]
    <IFEO[EGHOST.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE]
    <IFEO[ESAFE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPWATCH.EXE]
    <IFEO[EXPWATCH.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.EXE]
    <IFEO[F-AGNT95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.EXE]
    <IFEO[F-PROT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT95.EXE]
    <IFEO[F-PROT95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.EXE]
    <IFEO[F-STOPW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FESCUE.EXE]
    <IFEO[FESCUE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.EXE]
    <IFEO[FINDVIRU.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FP-WIN.EXE]
    <IFEO[FP-WIN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT.EXE]
    <IFEO[FPROT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.EXE]
    <IFEO[FRW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.EXE]
    <IFEO[IAMAPP.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.EXE]
    <IFEO[IAMSERV.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.EXE]
    <IFEO[IBMASN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.EXE]
    <IFEO[IBMAVSP.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.EXE]
    <IFEO[ICLOAD95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.EXE]
    <IFEO[ICLOADNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMON.EXE]
    <IFEO[ICMON.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.EXE]
    <IFEO[ICSUPP95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPPNT.EXE]
    <IFEO[ICSUPPNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFACE.EXE]
    <IFEO[IFACE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IOMON98.EXE]
    <IFEO[IOMON98.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JEDI.EXE]
    <IFEO[JEDI.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE]
gototop
 
imgon
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2006-10-01
  • 来自:
发表于: 2008-01-24 14:21 | 显示全部 短消息 资料
字号: 3楼

<IFEO[KAVPFW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvc.exe]
    <IFEO[KAVsvc.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe]
    <IFEO[KAVSvcUI.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE]
    <IFEO[KVFW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
    <IFEO[KVMonXP.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe]
    <IFEO[KVwsc.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchUI.EXE]
    <IFEO[KWatchUI.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOCKDOWN2000.EXE]
    <IFEO[LOCKDOWN2000.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe]
    <IFEO[Logo1_.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo_1.exe]
    <IFEO[Logo_1.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.EXE]
    <IFEO[LOOKOUT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUALL.EXE]
    <IFEO[LUALL.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAILMON.EXE]
    <IFEO[MAILMON.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.EXE]
    <IFEO[MOOLIVE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.EXE]
    <IFEO[MPFTRAY.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\my.exe]
    <IFEO[my.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\lmmh.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32SCANW.EXE]
    <IFEO[N32SCANW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
    <IFEO[Navapsvc.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
    <IFEO[Navapw32.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.EXE]
    <IFEO[NAVLU32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE]
    <IFEO[NAVNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE]
    <IFEO[navw32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE]
    <IFEO[NAVWNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NISUM.EXE]
    <IFEO[NISUM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMain.exe]
    <IFEO[NMain.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.EXE]
    <IFEO[NORMIST.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.EXE]
    <IFEO[NUPGRADE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.EXE]
    <IFEO[NVC95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.EXE]
    <IFEO[PAVCL.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE]
    <IFEO[PAVSCHED.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVW.EXE]
    <IFEO[PAVW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCWIN98.EXE]
    <IFEO[PCCWIN98.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.EXE]
    <IFEO[PCFWALLICON.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.EXE]
    <IFEO[PERSFW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE]
gototop
 
imgon
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2006-10-01
  • 来自:
发表于: 2008-01-24 14:22 | 显示全部 短消息 资料
字号: 4楼

<IFEO[PFW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Play.exe]
    <IFEO[Play.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\lmmy.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.EXE]
    <IFEO[RAV7.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7WIN.EXE]
    <IFEO[RAV7WIN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe]
    <IFEO[RAVmon.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe]
    <IFEO[RAVmonD.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe]
    <IFEO[RAVtimer.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rising.exe]
    <IFEO[Rising.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAFEWEB.EXE]
    <IFEO[SAFEWEB.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE]
    <IFEO[SCAN32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN95.EXE]
    <IFEO[SCAN95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.EXE]
    <IFEO[SCANPM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.EXE]
    <IFEO[SCRSCAN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.EXE]
    <IFEO[SERV95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.EXE]
    <IFEO[SMC.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.EXE]
    <IFEO[SPHINX.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.EXE]
    <IFEO[SWEEP95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.EXE]
    <IFEO[TBSCAN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.EXE]
    <IFEO[TCA.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.EXE]
    <IFEO[TDS2-98.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.EXE]
    <IFEO[TDS2-NT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\THGUARD.EXE]
    <IFEO[THGUARD.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanHunter.exe]
    <IFEO[TrojanHunter.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.EXE]
    <IFEO[VET95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.EXE]
    <IFEO[VETTRAY.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCAN40.EXE]
    <IFEO[VSCAN40.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.EXE]
    <IFEO[VSECOMR.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSHWIN32.EXE]
    <IFEO[VSHWIN32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE]
    <IFEO[VSSTAT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE]
    <IFEO[WEBSCANX.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE]
    <IFEO[WFINDV32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE]
    <IFEO[ZONEALARM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.EXE]
    <IFEO[_AVP32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.EXE]
    <IFEO[_AVPCC.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE]
    <IFEO[_AVPM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.exe]
    <IFEO[修复工具.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []

==================================
启动文件夹
N/A
gototop
 
imgon
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2006-10-01
  • 来自:
发表于: 2008-01-24 14:23 | 显示全部 短消息 资料
字号: 5楼

服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[lerdoj / lerdoj][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\lerdoj.sys><N/A>
[mseqsy / mseqsy][Running/Auto Start]
  <system32\DRIVERS\msacpe.sys><N/A>
[msskye / msskye][Running/Auto Start]
  <system32\DRIVERS\msaclue.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 564 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 852 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 920 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1020 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1096 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1168 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1468 / Administrator][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\gjcsdyc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\wsmsgzx.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\swjqezc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\rarjfpi.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\jsqxcyc.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1556 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1804 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 52]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 1812 / Administrator][C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe]  [N/A, ]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1980 / Administrator][c:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[PID: 392 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oqnauhc.dll]  [N/A, ]
[PID: 524 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oqnauhc.dll]  [N/A, ]
[PID: 1756 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\System32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\System32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\System32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\System32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\System32\oqnauhc.dll]  [N/A, ]
gototop
 
imgon
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2006-10-01
  • 来自:
发表于: 2008-01-24 14:24 | 显示全部 短消息 资料
字号: 6楼

[PID: 2520 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oqnauhc.dll]  [N/A, ]
[PID: 2636 / Administrator][c:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\Fonts\jsqxcyc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\rarjfpi.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\swjqezc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\wsmsgzx.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\gjcsdyc.dll]  [N/A, ]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 2992 / Administrator][d:\软件\日志\srengps.exe]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\gjcsdyc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\jsqxcyc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\wsmsgzx.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\swjqezc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\rarjfpi.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[D:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[E:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe

==================================
HOSTS 文件
127.0.0.1      localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com
124.238.254.113        www.10280011.com
124.238.254.113        10280011.com
124.238.254.113        www.10289900.com
124.238.254.113        10289900.com
124.238.254.113        www.78877788.com
124.238.254.113        78877788.com
124.238.254.113        www.11051122.com
124.238.254.113        11051122.com
124.238.254.113        1.ehai01.com
124.238.254.113        da.ehai01.com
124.238.254.113        ehai01.com
124.238.254.113        2008.sekart.cn
124.238.254.113        www.sekart.cn
124.238.254.113        sekart.cn
124.238.254.113        www.11309988.com
124.238.254.113        www.12100088.com
124.238.254.113        www.12108899.com
124.238.254.113        d2.llsging.com
124.238.254.113            llsging.com
124.238.254.113        dd.749571.com
124.238.254.113            749571.com
124.238.254.113        pr.749571.com
124.238.254.113            txwm1204.com
124.238.254.113        www.txwm1204.com

==================================
进程特权扫描
特殊特权被允许: SeSystemtimePrivilege [PID = 1812, C:\WINDOWS\FONTS\00-0F-3D-A0-74-12\SYSTEM\WDFMGR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1812, C:\WINDOWS\FONTS\00-0F-3D-A0-74-12\SYSTEM\WDFMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1812, C:\WINDOWS\FONTS\00-0F-3D-A0-74-12\SYSTEM\WDFMGR.EXE]

==================================
API HOOK
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\NVDispDrv.dll)
入口点错误:FreeLibrary (危险等级: 高,  被下面模块所HOOK: 0x5F00002D)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
imgon
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2006-10-01
  • 来自:
发表于: 2008-01-24 14:57 | 显示全部 短消息 资料
字号: 7楼

附件

附件附件:

下载次数:132
文件类型:application/octet-stream
文件大小:
上传时间:2008-1-24 14:57:14
描述:
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT