启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
(swg)(; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe) [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(!AVG Anti-Spyware)("C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized) [(Verified)GRISOFT LTD]
(AVP)("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe") [Kaspersky Lab]
(SoundMan)(SOUNDMAN.EXE) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(360Safetray)(C:\Program Files\360safe\safemon\360tray.exe /start) [奇虎网]
(MSConfig)(C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto) [(Verified)Microsoft Windows Publisher]
(NvCplDaemon)(; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(NvMediaCenter)(; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit) [(Verified)Microsoft Windows Publisher]
(Thunder)(; "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s) [Thunder Networking Technologies,LTD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({57B86673-276A-48B2-BAE7-C6DBB3020EB8})(C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll) [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
(WPDShServiceObj)(C:\WINDOWS\system32\WPDShServiceObj.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
(Windows Messenger 4.7)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [N/A]
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
(C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe)(GRISOFT s.r.o.)
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r)(Kaspersky Lab)
[BoBoTurbo / BoBoTurbo][Stopped/Auto Start]
(C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe)(广州易播信息科技有限公司)
[Google Updater Service / gusvc][Stopped/Manual Start]
("C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe")(Google)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
(C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation)
[Indexing Data / SOCEESe][Stopped/Auto Start]
()(N/A)
杀毒可以扫描到c:\windows\system32\ppszd.dll和c:\windows\system32\drivers\qiiqh.sys 提示说下次开机删除但重新启动后还是删不掉晕死了
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
