第一:LZ你卡吗??正在运行的程序哪里我实在不知道怎么弄了。。
第二:本人已经有三个月没有看过日记了。。
第三:正因为太久没看了。。至于处理。。希望高手来吧。。我看了看日记。。把看的给贴出来吧。。。
注册表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{40940F85-F015-14F1-A05F-F69858AC6D04}><> [N/A]
<{71954FAC-1023-154F-895A-1458258AD817}><> [N/A]
<{7FA4A83B-F99A-4bfc-A8E2-6A62B05D2C82}><C:\WINDOWS\TEMP\datA.tmp> [File is missing]
<{37FD640A-158F-48AC-FD14-1597F14A9773}><> [N/A]
<{6A59145F-315D-BC23-AC1F-145DF81A34A6}><> [N/A]
<{50AF1289-F140-A140-D012-C1458759FC05}><C:\WINDOWS\system32\ypcqdhlp.dll> [File is missing]
<{6490415F-65F8-B5C5-D8BA-9405FB120546}><> [N/A]
<{73BA45AF-FAAA-CDDD-BEEE-BCDE1234AB37}><> [N/A]
<{91698482-6555-3666-1222-954784129019}><> [N/A]
<{4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4}><> [N/A]
<{34FAE856-AD58-20CB-A025-CD4895FA6E43}><> [N/A]
<{7490415F-65F8-B5C5-D8BA-9405FB120547}><> [N/A]
<{35694105-5108-9405-3695-954187462153}><> [N/A]
<{428DF602-9541-A985-210A-984A698C6F24}><> [N/A]
<{4A069845-2036-6084-9054-6087502480A4}><> [N/A]
<{8A59145F-315D-BC23-AC1F-145DF81A34A8}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ati2evxx.exe]
<IFEO[ati2evxx.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
<IFEO[egui.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe]
<IFEO[esafe.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idag.exe]
<IFEO[idag.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
<IFEO[kaccore.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
<IFEO[kissvc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe]
<IFEO[KPPMain.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE]
<IFEO[KVFW.EXE]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE]
<IFEO[OllyDBG.EXE]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyICE.EXE]
<IFEO[OllyICE.EXE]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
<IFEO[procexp.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe]
<IFEO[qqsc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtool.exe]
<IFEO[ravtool.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe]
<IFEO[regtool.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exeFYFireWall.exe]
<IFEO[rfwproxy.exeFYFireWall.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
<IFEO[rfwstub.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinDbg.exe]
<IFEO[WinDbg.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)M
驱动程序
[00205577 / 00205577][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\00205577.sys><N/A>
[44671 / 44671][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\44562.sys><Driver>
[48171 / 48171][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\48125.sys><Driver>
[53375 / 53375][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\53296.sys><Driver>
[Atixeve23062 / Atixeve23062][Stopped/Manual Start]
<\??\C:\WINDOWS\TEMP\~wxp2ins.781.tmp><N/A>
[Atixeve29484 / Atixeve29484][Stopped/Manual Start]
<\??\C:\WINDOWS\TEMP\~wxp2ins.281.tmp><N/A>
[BdGuard / BdGuard][Running/Boot Start]
<\SystemRoot\system32\drivers\BDGuard.SYS><>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[vlga4j / vlga4jy][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\vlga4jy.sys><N/A>
[wemegsi / wemegsi][Stopped/Boot Start]
<\SystemRoot\system32\drivers\wemegsi.sys><N/A>
浏览器加载项
[]
{50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
{7A59145F-315D-BC23-AC1F-145DF81A34A7} <C:\WINDOWS\system32\zyzxgime.dll, N/A>
[]
{50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
{7A59145F-315D-BC23-AC1F-145DF81A34A7} <C:\WINDOWS\system32\zyzxgime.dll, N/A>
