eva玩具的hs编码是:xp系统在进入滚动条界面后就重起,连安全模式也无法进入!

来源:百度文库 编辑:杭州交通信息网 时间:2024/03/29 06:37:03
经检查没有发现cnsminkp.sys文件!
我不想通过重装系统了事,我只想修复它,找出其中的原因。但是将系统盘放入光驱,选择修复,重启后仍不能进入!因而修复不能继续。而用ghost进行还原后,却能成功启动!由此可知这不是硬件问题,那问题到底出在哪儿呢?

我的电脑前一段时间也出现过这种情况。经过分析,我初步怀疑是因为我安装了一个叫影子系统的软件引起的。我现在还在研究,它到底是如何损害系统的。下面是我跟踪软件安装过程得到的信息,希望它对你有所帮助!

已监视的应用程序
shadowuser pro 2.5

已监视的应用程序路径
"C:\Documents and Settings\1\桌面\shadowuser pro 2.5\shadowuser pro 2.5\ShadowUser"

已发现的更改
文件系统
已创建的文件夹 : 4
已删除的文件夹 : 0
已创建的文件 : 21
已删除的文件 : 0
已修改的文件 : 12
注册表
已创建的键 : 51
已删除的键 : 0
已创建的值 : 184
已删除的值 : 0
已修改的值 : 9

文件系统详细信息 [查看: 全部详细信息] (全部)
--------------------------
(文件夹) C:\Documents and Settings\1
(*)(文件) ntuser.dat.LOG
2006-6-2 21:53, 1024 字节 ==> 2006-6-2 21:55, 1024 字节
(+)(文件夹) C:\Documents and Settings\All Users\「开始」菜单\程序\ShadowUser
(+)(文件) Help.lnk = 2006-6-2 21:55, 1806 字节
(+)(文件) ShadowUser Pro Edition.lnk = 2006-6-2 21:55, 1775 字节
(+)(文件) Uninstall.lnk = 2006-6-2 21:55, 687 字节
(文件夹) C:\Documents and Settings\All Users\「开始」菜单\程序\启动
(+)(文件) ShadowUser Pro Edition.lnk = 2006-6-2 21:55, 1787 字节
(+)(文件夹) C:\Program Files\ShadowStor
(+)(文件夹) C:\Program Files\ShadowStor\ShadowUser
(+)(文件) ShadowUser.exe = 2005-1-12 23:49, 921600 字节
(+)(文件) ShadowUser_Wallpaper_005.jpg = 2004-12-4 0:20, 52327 字节
(+)(文件) ShadowUserPro.chm = 2005-1-29 13:41, 453733 字节
(+)(文件) suatshut.exe = 2005-1-12 23:49, 40960 字节
(文件夹) C:\WINDOWS
(*)(文件) WindowsUpdate.log
2006-8-2 21:38, 17005 字节 ==> 2006-6-2 21:53, 17078 字节
(文件夹) C:\WINDOWS\Installer
(+)(文件) efb2c.msi = 2006-6-2 21:55, 2767872 字节
(+)(文件夹) C:\WINDOWS\Installer\{8DD1701B-EEB5-4687-B442-2E5333D831EE}
(+)(文件) ARPPRODUCTICON.exe = 2006-6-2 21:55, 40960 字节
(+)(文件) NewShortcut1_CED30FDD7B9A4BC3B02586B27B0993F8_1.exe = 2006-6-2 21:55, 40960 字节
(+)(文件) NewShortcut2_CED30FDD7B9A4BC3B02586B27B0993F8_2.exe = 2006-6-2 21:55, 40960 字节
(+)(文件) NewShortcut3_69034DA8023548D7B41FF753DCE6FB27.chm = 2006-6-2 21:55, 40960 字节
(文件夹) C:\WINDOWS\Prefetch
(*)(文件) MSIEXEC.EXE-2F8A8CAE.pf
2006-7-31 20:30, 24164 字节 ==> 2006-6-2 21:55, 29212 字节
(*)(文件) REGSVR32.EXE-25EEFE2F.pf
2006-7-31 20:32, 21818 字节 ==> 2006-6-2 21:55, 19304 字节
(+)(文件) SHADOWUSER.EXE-182C1513.pf = 2006-6-2 21:55, 15914 字节
(+)(文件) SHADOWUSER_TRIAL.EXE-25DC6716.pf = 2006-6-2 21:54, 14432 字节
(文件夹) C:\WINDOWS\system32
(+)(文件) shadowapi.dll = 2005-1-18 0:44, 28672 字节
(+)(文件) suappl.cpl = 2005-1-12 20:47, 24576 字节
(+)(文件) sunotify.dll = 2005-1-12 23:49, 90112 字节
(+)(文件) SUShell.dll = 2005-1-12 23:49, 73728 字节
(+)(文件) vsmvhk.dll = 2005-1-12 20:49, 126976 字节
(文件夹) C:\WINDOWS\system32\config
(*)(文件) software.LOG
2006-8-2 21:49, 1024 字节 ==> 2006-6-2 21:55, 1024 字节
(*)(文件) software
2006-8-2 21:48, 9437184 字节 ==> 2006-6-2 21:55, 9437184 字节
(*)(文件) system.LOG
2006-8-2 21:39, 1024 字节 ==> 2006-6-2 21:55, 1024 字节
(文件夹) C:\WINDOWS\system32\drivers
(+)(文件) shadow.sys = 2005-1-25 19:21, 114624 字节
(文件夹) C:\WINDOWS\system32\wbem\Logs
(*)(文件) wbemess.log
2006-8-2 21:39, 27940 字节 ==> 2006-6-2 21:54, 28035 字节
(文件夹) C:\WINDOWS\system32\wbem\Repository\FS
(*)(文件) INDEX.MAP
2006-8-2 21:43, 700 字节 ==> 2006-6-2 21:54, 700 字节
(*)(文件) MAPPING.VER
2006-8-2 21:43, 4 字节 ==> 2006-6-2 21:54, 4 字节
(*)(文件) MAPPING1.MAP
2006-8-2 21:39, 4236 字节 ==> 2006-6-2 21:54, 4236 字节
(*)(文件) OBJECTS.MAP
2006-8-2 21:43, 3536 字节 ==> 2006-6-2 21:54, 3536 字节

注册表详细信息 [查看: 全部详细信息] (全部)
-------------------------
(+)(注册表键) HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShadowContextHandler
(+)(注册表值) (默认) = REG_SZ, "{94B10CD5-41DD-4a59-A3EC-B0197338433F}"
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>67k)4s6tf(JR`qF-Q9q. "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}
(*)(注册表值) (默认)
REG_SZ, "字体特性页" ==> REG_SZ, "Font Property Page"
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>=3&5,B^pf(V%eqFgkW_B "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}
(*)(注册表值) (默认)
REG_SZ, "颜色特性页" ==> REG_SZ, "Color Property Page"
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>=3&5,B^pf(V%eqFgkW_B "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}
(*)(注册表值) (默认)
REG_SZ, "图片特性页" ==> REG_SZ, "Picture Property Page"
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>=3&5,B^pf(V%eqFgkW_B "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(注册表键) HKEY_CLASSES_ROOT\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(+)(注册表键) HKEY_CLASSES_ROOT\CLSID\{94B10CD5-41DD-4a59-A3EC-B0197338433F}
(+)(注册表值) (默认) = REG_SZ, "ShadowUser Context Menu Handler Class"
(+)(注册表键) HKEY_CLASSES_ROOT\CLSID\{94B10CD5-41DD-4a59-A3EC-B0197338433F}\InprocServer32
(+)(注册表值) (默认) = REG_SZ, "C:\WINDOWS\system32\SuShell.dll"
(+)(注册表值) ThreadingModel = REG_SZ, "both"
(+)(注册表键) HKEY_CLASSES_ROOT\CLSID\{94B10CD5-41DD-4a59-A3EC-B0197338433F}\ProgID
(+)(注册表值) (默认) = REG_SZ, "SUShell.SuConMenu.1"
(+)(注册表键) HKEY_CLASSES_ROOT\CLSID\{94B10CD5-41DD-4a59-A3EC-B0197338433F}\VersionIndependentProgID
(+)(注册表值) (默认) = REG_SZ, "SUShell.SuConMenu"
(注册表键) HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
(+)(注册表值) InprocServer32 = REG_MULTI_SZ, "idBYUELoa=KKJgBTF6Wu>M5KDYSUnf(HA*L[xeX)y "
(+)(注册表键) HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\ShadowContextHandler
(+)(注册表值) (默认) = REG_SZ, "{94B10CD5-41DD-4a59-A3EC-B0197338433F}"
(+)(注册表键) HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShadowContextHandler
(+)(注册表值) (默认) = REG_SZ, "{94B10CD5-41DD-4a59-A3EC-B0197338433F}"
(+)(注册表键) HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\ShadowContextHandler
(+)(注册表值) (默认) = REG_SZ, "{94B10CD5-41DD-4a59-A3EC-B0197338433F}"
(+)(注册表键) HKEY_CLASSES_ROOT\Installer\Features\B1071DD85BEE78644B24E235338D13EE
(+)(注册表值) AlwaysInstall = REG_SZ, ""
(+)(注册表键) HKEY_CLASSES_ROOT\Installer\Products\B1071DD85BEE78644B24E235338D13EE
(+)(注册表值) AdvertiseFlags = REG_DWORD, 388
(+)(注册表值) Assignment = REG_DWORD, 1
(+)(注册表值) AuthorizedLUAApp = REG_DWORD, 0
(+)(注册表值) Clients = REG_MULTI_SZ, ": "
(+)(注册表值) InstanceType = REG_DWORD, 0
(+)(注册表值) Language = REG_DWORD, 1033
(+)(注册表值) PackageCode = REG_SZ, "CE1523C76C259234D9C6C142EE904F9C"
(+)(注册表值) ProductIcon = REG_SZ, "C:\WINDOWS\Installer\{8DD1701B-EEB5-4687-B442-2E5333D831EE}\ARPPRODUCTICON.exe"
(+)(注册表值) ProductName = REG_SZ, "ShadowUser Pro 2.5"
(+)(注册表值) Version = REG_DWORD, 33882112
(+)(注册表键) HKEY_CLASSES_ROOT\Installer\Products\B1071DD85BEE78644B24E235338D13EE\SourceList
(+)(注册表值) LastUsedSource = REG_EXPAND_SZ, "n;1;C:\DOCUME~1\1\LOCALS~1\Temp\_is2\"
(+)(注册表值) PackageName = REG_SZ, "ShadowUser Pro 2.5.msi"
(+)(注册表键) HKEY_CLASSES_ROOT\Installer\Products\B1071DD85BEE78644B24E235338D13EE\SourceList\Media
(+)(注册表值) 1 = REG_SZ, "DISK1;1"
(+)(注册表值) DiskPrompt = REG_SZ, "[1]"
(+)(注册表键) HKEY_CLASSES_ROOT\Installer\Products\B1071DD85BEE78644B24E235338D13EE\SourceList\Net
(+)(注册表值) 1 = REG_EXPAND_SZ, "C:\DOCUME~1\1\LOCALS~1\Temp\_is2\"
(+)(注册表键) HKEY_CLASSES_ROOT\Installer\UpgradeCodes\2A836B94E4A6A2F479AE5D241A3E84B1
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, ""
(+)(注册表键) HKEY_CLASSES_ROOT\SUShell.SuConMenu.1
(+)(注册表值) (默认) = REG_SZ, "ShadowUser Context Menu Handler Class"
(+)(注册表键) HKEY_CLASSES_ROOT\SUShell.SuConMenu.1\CLSID
(+)(注册表值) (默认) = REG_SZ, "{94B10CD5-41DD-4a59-A3EC-B0197338433F}"
(+)(注册表键) HKEY_CLASSES_ROOT\SUShell.SuConMenu
(+)(注册表值) (默认) = REG_SZ, "ShadowUser Context Menu Handler Class"
(+)(注册表键) HKEY_CLASSES_ROOT\SUShell.SuConMenu\CLSID
(+)(注册表值) (默认) = REG_SZ, "{94B10CD5-41DD-4a59-A3EC-B0197338433F}"
(注册表键) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
(*)(注册表值) HRZR_EHACNGU
REG_BINARY, ....N... ..~:... ==> REG_BINARY, ....O...P..!;...
(+)(注册表值) HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\1\桌面\funqbjhfre ceb 2.5\funqbjhfre ceb 2.5\FunqbjHfre\funqbjhfre_gevny.rkr = REG_BINARY, .........%.!;...
(+)(注册表值) HRZR_EHACVQY:%pfvqy2%\FunqbjHfre = REG_BINARY, ................
(+)(注册表值) HRZR_EHACVQY:%pfvqy2%\FunqbjHfre\FunqbjHfre Ceb Rqvgvba.yax = REG_BINARY, ................
(+)(注册表值) HRZR_EHACVQY:%pfvqy2%\FunqbjHfre\Havafgnyy.yax = REG_BINARY, ................
(+)(注册表值) HRZR_EHACVQY:%pfvqy2%\FunqbjHfre\Uryc.yax = REG_BINARY, ................
(+)(注册表值) HRZR_EHACVQY:%pfvqy2%\启动\FunqbjHfre Ceb Rqvgvba.yax = REG_BINARY, ................
(注册表键) HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU
(*)(注册表值) MRUListEx
REG_BINARY, ................................ ==> REG_BINARY, ................................
(注册表键) HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\20\Shell
(+)(注册表值) Col = REG_DWORD, 4294967295
(+)(注册表值) ColInfo = REG_BINARY, ........................(...4.H...........................`.x.x.............................................................
(+)(注册表值) Mode = REG_DWORD, 6
(+)(注册表值) ScrollPos896x600(1).x = REG_DWORD, 0
(+)(注册表值) ScrollPos896x600(1).y = REG_DWORD, 0
(+)(注册表值) Sort = REG_DWORD, 0
(+)(注册表值) SortDir = REG_DWORD, 1
(注册表键) HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
(+)(注册表值) C:\Documents and Settings\1\桌面\shadowuser pro 2.5\shadowuser pro 2.5\ShadowUser\shadowuser_trial.exe = REG_SZ, "Setup Launcher"
(+)(注册表值) C:\WINDOWS\system32\MSIEXEC.EXE = REG_SZ, "Windows? installer"
(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG
(*)(注册表值) Seed
REG_BINARY, cr.0.|){L.p....G*;..0.B.0.9BR....a......Fg....Q<.....vK8..iP..g"...Z+....B...u.< ==> REG_BINARY, ..=FH....!B.u.....*78..i.9...a$..p..@..?...$.o&+,O:..PD...j...0.%."v.5......2E..
(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
(+)(注册表值) C:\Documents and Settings\All Users\「开始」菜单\程序\ShadowUser\ = REG_SZ, ""
(+)(注册表值) C:\Program Files\ShadowStor\ = REG_SZ, "1"
(+)(注册表值) C:\Program Files\ShadowStor\ShadowUser\ = REG_SZ, "1"
(+)(注册表值) C:\WINDOWS\Installer\{8DD1701B-EEB5-4687-B442-2E5333D831EE}\ = REG_SZ, ""
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\2A836B94E4A6A2F479AE5D241A3E84B1
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, ""
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B150AC107B12D11A9DD0006794C4E25
(+)(注册表值) 00000000000000000000000000000000 = REG_SZ, "C?\WINDOWS\system32\msvcrt.dll"
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\msvcrt.dll"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B1D70235E082D119BD50006794CED42
(+)(注册表值) 00000000000000000000000000000000 = REG_SZ, "C?\WINDOWS\system32\comcat.dll"
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\comcat.dll"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F16F47424372D111A99000A9CA05BF0
(+)(注册表值) 00000000000000000000000000000000 = REG_SZ, "C?\WINDOWS\system32\stdole2.tlb"
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\stdole2.tlb"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206CFB94536683841A6E28CFEAB9D2DE
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C:\WINDOWS\system32\"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\269AF799760E1D113969000A9CF0729F
(+)(注册表值) 00000000000000000000000000000000 = REG_SZ, "C?\WINDOWS\system32\oleaut32.dll"
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\oleaut32.dll"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B150AC107B12D11A9DD0006794C4E25
(+)(注册表值) 00000000000000000000000000000000 = REG_SZ, "C?\WINDOWS\system32\mfc42.dll"
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\mfc42.dll"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3178400169C22D11A9790006794C4E25
(+)(注册表值) 00000000000000000000000000000000 = REG_SZ, "C?\WINDOWS\system32\olepro32.dll"
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\olepro32.dll"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B2C15B070478824DB94307D34F88CC1
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C:\WINDOWS\system32\drivers\"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45CFA614E1A09EC4E87B09490640A7B6
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C:\WINDOWS\system32\drivers\shadow.sys"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52C288DF89058F042A7C753911080F1B
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C:\Program Files\ShadowStor\ShadowUser\"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60DA42DEDF2947546A1E001B5213BC39
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C:\Program Files\ShadowStor\ShadowUser\ShadowUserPro.chm"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6BDA16BDE6E8AA5469706194EC6E9D34
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\sunotify.dll"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\718504F7210480E4DB0B46FAA3E10825
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C:\Program Files\ShadowStor\ShadowUser\suatshut.exe"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\867F448CFC8791A4FBDCCAA0A8DF6C3C
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C:\Program Files\ShadowStor\ShadowUser\ShadowUser.exe"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC4BC9D7E89A95547AF3F24A023873AD
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\SUShell.dll"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1BF282FF897BE546997AE2D65FDEE15
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\vsmvhk.dll"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCE1043ED962734459EA378561E9D1B1
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C?\WINDOWS\system32\shadowapi.dll"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E347347AD643B2C4A8FA070BA40D2E9F
(+)(注册表值) B1071DD85BEE78644B24E235338D13EE = REG_SZ, "C:\Program Files\ShadowStor\ShadowUser\"
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B1071DD85BEE78644B24E235338D13EE
(+)(注册表键) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B1071DD85BEE78644B24E235338D13EE\Features
(+)(注册表值) AlwaysInstall = REG_SZ, "qWNi^AzpP@)m0eavi[By{C0%9,u+f@=H_hWs-0VJO=hd?D6}5?+*D1z4oM7uPl7_&of[H9`]v+n14D9,U!6QzJ3vs8!n8FW]?,4bncYGPT]X@=4{Dj].`M.o@k.Gi$uBn?mS^L&7aKwgCmQ6usfMC=ciUta.cWRW3c7&rhOXw94`JLDkSje+W,GuP}+i)AUtVGaSnnSBu7=SokH5I={W^Q?P^]m9ah0yvc8.P=K-~klIDCDB67k)4s6tf(JR`qF-Q9q.=3&5,B^pf(V%eqFgkW_B83&5,B^pf(V%eqFgkW_B'jY0(z7qf(fVbqFgkW_BhY,w=mgsf(YJ*L[lj+'(M5KDYSUnf(HA

重装系统,最好全部格式化

这不是硬件问题,如7楼的朋友说的,是3721垃圾软件造成的,cnsminkp.sys这个控件注册进系统启动动态库里,只要卸载3721就会碰到这个问题,我的也是...

CnsMinKP.sys 并不是windows提供的系统文件,而是一个第三方(3721网络实名)的驱动文件,在文件的属性里有某互联网公司的相关信息。驱动程序一般都是在系统的最底层工作,如果出现问题极其容易引起系统的不稳定。
此次现象还并不是病毒行为,也不会传染。如果出现此现象,只需用带引导的光盘启动后删除
%System%\drivers\CnsMinKP.sys
文件即可。
注:此处的%System% 是一个变量默认位置为 C:\Windows\System (Windows 95/98/Me),C:\Winnt\System32 (Windows NT/2000),或 C:\Windows\System32 (Windows XP)。

启动系统文件丢失 请您从新把系统恢复一下。

内存问题 主版电池耗尽