神马品牌网深大经济学院自考办:流氓软件与注册表残余项?
来源:百度文库 编辑:神马品牌网 时间:2024/04/20 09:42:14
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
打开注册表编辑器发现其下的键值都与CINNIC中文上网有关,但它指向的文件均已不存在.请问哪位高手注册表中这三个子键有什么作用?它们完全是删了CINNIC后留下的注册表残余信息,为什么影响Windows的启动?如何解决这个问题,要不然我以后都不能用"Windows优化大师"的注册表清理功能啦!
谢谢.
有些东西是不能随便删的,好多人都吃过这个亏
35个注册表的自启动位置:
1. HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\Curr entVersion\Run\
All values in this key are executed.
2. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\
All values in this key are executed, and then their autostart reference is deleted.
3. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
All values in this key are executed as services.
4. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\
All values in this key are executed as services, and then their autostart reference is deleted.
5. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
All values in this key are executed.
6. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
All values in this key are executed, and then their autostart reference is deleted.
7. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\
Used only by Setup. Displays a progress dialog box as the keys are run one at a time.
8. HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Similar to the Run key from HKEY_CURRENT_USER.
9. HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Similar to the RunOnce key from HKEY_CURRENT_USER.
10. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
The “Shell” value is monitored. This value is executed after you log in.
11. HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\
All subkeys are monitored, with special attention paid to the “StubPath” value in each subkey.
12. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\VxD\
All subkeys are monitored, with special attention paid to the “StaticVXD” value in each subkey.
13. HKEY_CURRENT_USER\Control Panel\Desktop
The “SCRNSAVE.EXE” value is monitored. This value is launched when your screen saver activates.
14. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager
The “BootExecute” value is monitored. Files listed here are Native Applications that are executed before Windows starts.
15. HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Executed whenever a .VBS file (Visual Basic Script) is run.
16. HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Executed whenever a .VBE file (Encoded Visual Basic Script) is run.
17. HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Executed whenever a .JS file (Javascript) is run.
18. HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Executed whenever a .JSE file (Encoded Javascript) is run.
19. HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Executed whenever a .WSH file (Windows Scripting Host) is run.
20. HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Executed whenever a .WSF file (Windows Scripting File) is run.
21. HKEY_CLASSES_ROOT\exefile\shell\open\command\
Executed whenever a .EXE file (Executable) is run.
22. HKEY_CLASSES_ROOT\comfile\shell\open\command\
Executed whenever a .COM file (Command) is run.
23. HKEY_CLASSES_ROOT\batfile\shell\open\command\
Executed whenever a .BAT file (Batch Command) is run.
24. HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Executed whenever a .SCR file (Screen Saver) is run.
25. HKEY_CLASSES_ROOT\piffile\shell\open\command\
Executed whenever a .PIF file (Portable Interchange Format) is run.
26. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Services marked to startup automatically are executed before user login.
27. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog\Catalog_En tries\
Layered Service Providers, executed before user login.
28. HKEY_LOCAL_MACHINE\System\Control\WOW\cmdline
Executed when a 16-bit Windows executable is executed.
29. HKEY_LOCAL_MACHINE\System\Control\WOW\wowcmdline
Executed when a 16-bit DOS application is executed.
30. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Executed when a user logs in.
31. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\
Executed by explorer.exe as soon as it has loaded.
32. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
Executed when the user logs in.
33. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
Executed when the user logs in.
34. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\run\
Subvalues are executed when Explorer initialises.
35. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\run\
Subvalues are executed when Explorer initialises.
只能说他们和启动有关 手头没有教科书 帮不上你~
这就是流氓软件的流氓之处!
卸载和免疫流氓插件推荐使用upiea
http://www.lumix.cn/upiea/post/17.html
先讲解一下启动集,启动集是系统启动的所有硬件软件信息的汇总,每次系统进入都会运行启动集,获取信息加载所有设备。启动集遭到破坏,系统就无法正常启动。
注册表HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001是名为001的启动集信息,ControlSet002是名为002的启动集信息。你电脑出现的ControlSet003,是CINNIC中文上网软件恶意建立的003启动集信息,而且是个遭到破坏的启动集信息。
在HKEY_LOCAL_MACHINE\SYSTEM\Select下有四个键值,控制着系统启动时加载的启动集信息。进入系统后,键值Current是当前系统的启动集信息,值为1,说明系统是按照ControlSet001的信息进入的。键值Default是下次系统启动加载的启动集信息。键值Failed是系统有错误需要修复的启动集信息,正常情况下值为0。键值LastKnownGood是对有错误的启动集在下次启动时进行修复的启动集信息,值为1,就是对ControlSet001进行修复。
注册表HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet与HKEY_LOCAL_MACHINE\SYSTEM\ControlSet是相对应的,即ControlSet改变,CurrentControlSet也会相应自动调整。所以关键还在于调整HKEY_LOCAL_MACHINE\SYSTEM\Select下的四个键值。
我不清楚你电脑中Select下的四个键值具体是多少,只能提示你看看其中有没有与ControlSet003有关的,如果有改为ControlSet001或ControlSet002,即键值改为1或2,Failed键值改为0,切断ControlSet003对系统的影响。重启后,再试试删除那几个注册表冗余项,看看是否还有问题。注意:修改前请先备份注册表。希望这个办法能够对你的系统有效。