注册表(病毒添加的注册表项)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{12316E69-4CE5-4CD7-A174-C0BD57529D5A}><12316E69.dll> [N/A]
<{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll> [N/A]
<{A55F538E-9E65-4706-9458-852BF6592063}><A55F538E.dll> [N/A]
<{14F7F80A-0FE7-4A24-83CC-639D42BE410C}><14F7F80A.dll> [N/A]
<{93DEE065-EC9B-4505-ADD3-19880AD3C38F}><93DEE065.dll> [N/A]
<{01AFE3DC-2242-436E-9B44-6DD1C664E828}><01AFE3DC.dll> [N/A]
<{7E983C60-EBF5-4A36-BE25-EA26ED55052B}><7E983C60.dll> [N/A]
<{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll> [N/A]
<{34A25F04-008D-403E-8EE6-2307BC02FA2E}><34A25F04.dll> [N/A]
驱动程序(病毒驱动)
[6457aed / 6457aed][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\6457aed.sys><N/A>
[b71fe93 / b71fe93][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\b71fe93.sys><N/A>
[NPF / NPF][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\44.tmp><N/A>
[NsPsDk00 / NsPsDk00][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\NsPass0.sys><N/A>
[NsPsDk01 / NsPsDk01][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\NsPass1.sys><N/A>
[NsPsDk02 / NsPsDk02][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\NsPass2.sys><N/A>
[NsPsDk03 / NsPsDk03][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\NsPass3.sys><N/A>
[NsPsDk04 / NsPsDk04][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\NsPass4.sys><N/A>
[NsRk1 / NsRk1][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Nskhelper2.sys><N/A>
正在运行的进程
[PID: 1136][C:\DOCUME~1\16061392\LOCALS~1\Temp\Loader.exe] [aigo, 1, 2, 2, 4874]
爱国者的东西?怀疑中……
