开机后会在注册表创建一堆流氓软件的信息

无聊的味道

rt，电脑在开机后，会在\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\目录下创建一大堆流氓软件的安装信息，但是并没有任何的安装文件和值。

注册表

用进程监视器看了下，大概是开机后会有概率性的，C:\WINDOWS\system32\svchost.exe会用RegSetInfoKey操作创建。
小白筛选一番后也得不出啥有用信息，看了下svchost.exe也是正常目录，签名也是微软的。无奈只求助了，谢谢大佬。


下面是一些详细信息(随便挑一个了，都一样)：

描述: Windows 服务主进程
公司: Microsoft Corporation
名称: svchost.exe
版本: 10.0.26100.2308 (WinBuild.160101.0800)
路径: C:\WINDOWS\system32\svchost.exe
命令行: C:\WINDOWS\system32\svchost.exe -k InvSvcGroup -p -s InventorySvc
PID: 30100
父 PID: 1608
会话 ID: 0
用户: NT AUTHORITY\SYSTEM
认证 ID: 00000000:000003e7
架构: 64 位
虚拟化: False
完整性: Mandatory Label\System Mandatory Level
开始: 2025-03-04 13:12:01
结束: 2025-03-04 13:17:06
模块:
svchost.exe 0x7ff70b660000 0x13000 C:\Windows\System32\svchost.exe Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 1968-10-06 22:08:25
nonarpinv.dll 0x7fff32c30000 0x76000 C:\Windows\System32\nonarpinv.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 1991-02-05 04:32:48
InventorySvc.dll 0x7fff32cf0000 0x57000 C:\Windows\System32\InventorySvc.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 2007-09-17 22:18:35
aeinv.dll 0x7fff93140000 0x124000 C:\Windows\System32\aeinv.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 1993-05-15 08:00:46
DiagnosticDataSettings.dll 0x7fffbf990000 0xf000 C:\Windows\System32\DiagnosticDataSettings.dll Microsoft Corporation 10.0.26100.1150 (WinBuild.160101.0800) 1913-05-01 19:23:19
srvcli.dll 0x7fffc8110000 0x29000 C:\Windows\System32\srvcli.dll Microsoft Corporation 10.0.26100.1150 (WinBuild.160101.0800) 1977-08-09 05:00:31
iertutil.dll 0x7fffc8140000 0x2c9000 C:\Windows\System32\iertutil.dll Microsoft Corporation 11.00.26100.2308 (WinBuild.160101.0800) 1953-05-25 03:46:41
aepic.dll 0x7fffc9cf0000 0x9b000 C:\Windows\System32\aepic.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 1911-06-29 22:14:02
CorePrivacySettingsStore.dll 0x7fffcaea0000 0x30000 C:\Windows\System32\CorePrivacySettingsStore.dll Microsoft Corporation 10.0.26100.1882 (WinBuild.160101.0800) 1928-04-08 17:01:37
tdh.dll 0x7fffd0610000 0x77000 C:\Windows\System32\tdh.dll Microsoft Corporation 10.0.26100.2894 (WinBuild.160101.0800) 2004-08-29 17:44:55
msi.dll 0x7fffd07d0000 0x348000 C:\Windows\System32\msi.dll Microsoft Corporation 5.0.26100.3194 1928-10-13 00:29:56
version.dll 0x7fffde790000 0xb000 C:\Windows\System32\version.dll Microsoft Corporation 10.0.26100.1150 (WinBuild.160101.0800) 1905-12-31 10:12:48
msvcp110_win.dll 0x7fffe0af0000 0x91000 C:\Windows\System32\msvcp110_win.dll Microsoft Corporation 10.0.26100.1150 (WinBuild.160101.0800) 1943-09-04 17:38:34
policymanager.dll 0x7fffe0c90000 0xc2000 C:\Windows\System32\policymanager.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 1932-10-28 05:07:26
rmclient.dll 0x7fffe37f0000 0x35000 C:\Windows\System32\rmclient.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 2006-01-22 15:58:55
netutils.dll 0x7fffe4970000 0xd000 C:\Windows\System32\netutils.dll Microsoft Corporation 10.0.26100.1882 (WinBuild.160101.0800) 1997-06-09 16:30:00
IPHLPAPI.DLL 0x7fffe4bb0000 0x32000 C:\Windows\System32\IPHLPAPI.DLL Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 1941-07-05 21:04:57
umpdc.dll 0x7fffe4e10000 0x14000 C:\Windows\System32\umpdc.dll Microsoft Corporation 10.0.26100.1301 (WinBuild.160101.0800) 1976-09-20 16:55:10
powrprof.dll 0x7fffe4e40000 0x4e000 C:\Windows\System32\powrprof.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 2028-05-27 17:58:32
kernel.appcore.dll 0x7fffe5100000 0x1a000 C:\Windows\System32\kernel.appcore.dll Microsoft Corporation 10.0.26100.1591 (WinBuild.160101.0800) 1986-09-02 16:23:55
ntmarta.dll 0x7fffe5220000 0x35000 C:\Windows\System32\ntmarta.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 1943-07-23 05:02:44
bcrypt.dll 0x7fffe5af0000 0x26000 C:\Windows\System32\bcrypt.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 2008-08-06 13:46:36
bcryptprimitives.dll 0x7fffe61c0000 0x99000 C:\Windows\System32\bcryptprimitives.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 2002-07-13 03:45:23
ucrtbase.dll 0x7fffe6260000 0x14c000 C:\Windows\System32\ucrtbase.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 1904-05-06 20:52:13
win32u.dll 0x7fffe6530000 0x27000 C:\Windows\System32\win32u.dll Microsoft Corporation 10.0.26100.3194 (WinBuild.160101.0800) 1978-03-05 23:01:26
KernelBase.dll 0x7fffe6560000 0x3c7000 C:\Windows\System32\KernelBase.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 1983-01-13 07:52:46
gdi32full.dll 0x7fffe6a80000 0x12b000 C:\Windows\System32\gdi32full.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 1936-08-26 15:11:41
msvcp_win.dll 0x7fffe6bb0000 0xa3000 C:\Windows\System32\msvcp_win.dll Microsoft Corporation 10.0.26100.1882 (WinBuild.160101.0800) 1913-11-14 22:36:32
kernel32.dll 0x7fffe7070000 0xc7000 C:\Windows\System32\kernel32.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 2011-01-12 12:03:31
msvcrt.dll 0x7fffe71e0000 0xa9000 C:\Windows\System32\msvcrt.dll Microsoft Corporation 7.0.26100.1882 (WinBuild.160101.0800) 1995-02-03 12:30:44
shlwapi.dll 0x7fffe7290000 0x5d000 C:\Windows\System32\shlwapi.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 1976-05-15 02:02:00
rpcrt4.dll 0x7fffe7350000 0x116000 C:\Windows\System32\rpcrt4.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 1938-06-13 06:58:28
ole32.dll 0x7fffe7520000 0x195000 C:\Windows\System32\ole32.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 1902-07-11 05:08:48
advapi32.dll 0x7fffe7860000 0xb4000 C:\Windows\System32\advapi32.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 2001-08-07 06:03:48
user32.dll 0x7fffe7920000 0x1c9000 C:\Windows\System32\user32.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 1990-06-09 14:22:11
oleaut32.dll 0x7fffe7b30000 0xd6000 C:\Windows\System32\oleaut32.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 1904-07-11 19:58:46
sechost.dll 0x7fffe7c90000 0xa6000 C:\Windows\System32\sechost.dll Microsoft Corporation 10.0.26100.1 (WinBuild.160101.0800) 1962-10-28 13:49:30
SHCore.dll 0x7fffe81d0000 0xe9000 C:\Windows\System32\SHCore.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 1926-06-20 14:07:57
gdi32.dll 0x7fffe82c0000 0x2a000 C:\Windows\System32\gdi32.dll Microsoft Corporation 10.0.26100.2033 (WinBuild.160101.0800) 1912-10-14 07:11:26
combase.dll 0x7fffe82f0000 0x37e000 C:\Windows\System32\combase.dll Microsoft Corporation 10.0.26100.2308 (WinBuild.160101.0800) 1928-02-18 02:43:40
shell32.dll 0x7fffe8680000 0x704000 C:\Windows\System32\shell32.dll Microsoft Corporation 10.0.26100.3037 (WinBuild.160101.0800) 1934-09-16 14:27:09
ntdll.dll 0x7fffe8e20000 0x263000 C:\Windows\System32\ntdll.dll Microsoft Corporation 10.0.26100.2454 (WinBuild.160101.0800) 1913-08-06 00:51:21

堆栈：
0        ntoskrnl.exe        CmCallbackGetKeyObjectIDEx + 0x814e        0xfffff804bb02ae3e        C:\WINDOWS\system32\ntoskrnl.exe
1        ntoskrnl.exe        RtlUpcaseUnicodeChar + 0xdce5        0xfffff804bb071cb5        C:\WINDOWS\system32\ntoskrnl.exe
2        ntoskrnl.exe        setjmpex + 0x9288        0xfffff804bae8c558        C:\WINDOWS\system32\ntoskrnl.exe
3        ntdll.dll        ZwSetInformationKey + 0x14        0x7fffe8f82d04        C:\Windows\System32\ntdll.dll
4        KernelBase.dll        MapPredefinedHandleInternal + 0xee8        0x7fffe658a7c8        C:\Windows\System32\KernelBase.dll
5        KernelBase.dll        RegOpenKeyExInternalW + 0x13c        0x7fffe65895ac        C:\Windows\System32\KernelBase.dll
6        KernelBase.dll        RegOpenKeyExW + 0x1c        0x7fffe658945c        C:\Windows\System32\KernelBase.dll
7        aeinv.dll        aeinv.dll + 0x1d3c6        0x7fff9315d3c6        C:\Windows\System32\aeinv.dll
8        aeinv.dll        aeinv.dll + 0x1eeeb        0x7fff9315eeeb        C:\Windows\System32\aeinv.dll
9        aeinv.dll        aeinv.dll + 0x1d16d        0x7fff9315d16d        C:\Windows\System32\aeinv.dll
10        aeinv.dll        aeinv.dll + 0x404fe        0x7fff931804fe        C:\Windows\System32\aeinv.dll
11        aeinv.dll        UpdateSoftwareInventoryWTCEx + 0x1fe7b        0x7fff931ca1cb        C:\Windows\System32\aeinv.dll
12        aeinv.dll        UpdateSoftwareInventoryWTCEx + 0x1fdb9        0x7fff931ca109        C:\Windows\System32\aeinv.dll
13        aeinv.dll        GetAppInventory + 0xd94        0x7fff9319ae34        C:\Windows\System32\aeinv.dll
14        InventorySvc.dll        SvchostPushServiceGlobalsEx + 0x1c8fa        0x7fff32d2108a        C:\Windows\System32\InventorySvc.dll
15        InventorySvc.dll        SvchostPushServiceGlobalsEx + 0x1d785        0x7fff32d21f15        C:\Windows\System32\InventorySvc.dll
16        rpcrt4.dll        NdrServerCallNdr64 + 0x1c23        0x7fffe7421913        C:\Windows\System32\rpcrt4.dll
17        rpcrt4.dll        Ndr64AsyncClientCall + 0x193e        0x7fffe742618e        C:\Windows\System32\rpcrt4.dll
18        rpcrt4.dll        NdrServerCallAll + 0x3c        0x7fffe73d5cdc        C:\Windows\System32\rpcrt4.dll
19        rpcrt4.dll        I_RpcFreeBuffer + 0x107        0x7fffe73d3897        C:\Windows\System32\rpcrt4.dll
20        rpcrt4.dll        NDRSContextUnmarshall2 + 0xa24        0x7fffe73860f4        C:\Windows\System32\rpcrt4.dll
21        rpcrt4.dll        NDRSContextUnmarshall2 + 0x1a38        0x7fffe7387108        C:\Windows\System32\rpcrt4.dll
22        rpcrt4.dll        TowerConstruct + 0x38f4        0x7fffe73800b4        C:\Windows\System32\rpcrt4.dll
23        rpcrt4.dll        TowerConstruct + 0x7e7a        0x7fffe738463a        C:\Windows\System32\rpcrt4.dll
24        rpcrt4.dll        RpcImpersonateClient + 0x123c        0x7fffe738a65c        C:\Windows\System32\rpcrt4.dll
25        rpcrt4.dll        RpcImpersonateClient + 0x3c3        0x7fffe73897e3        C:\Windows\System32\rpcrt4.dll
26        rpcrt4.dll        I_RpcGetBufferWithObject + 0x678        0x7fffe7388788        C:\Windows\System32\rpcrt4.dll
27        ntdll.dll        TpCallbackMayRunLong + 0x1184        0x7fffe8e85544        C:\Windows\System32\ntdll.dll
28        ntdll.dll        TpCallbackMayRunLong + 0x1b53        0x7fffe8e85f13        C:\Windows\System32\ntdll.dll
29        kernel32.dll        BaseThreadInitThunk + 0x17        0x7fffe709e8d7        C:\Windows\System32\kernel32.dll
30        ntdll.dll        RtlUserThreadStart + 0x2c        0x7fffe8edbf2c        C:\Windows\System32\ntdll.dll

虚幻魔王

典型的2345全家桶

虚幻魔王

优化思路:1开机启动项优化,包含注册表,服务,先关掉除系统外的所有,然后删除所有2345的文件.然后再删除360 换装火绒

han163426

电脑得经常看着点，不知道什么时候悄悄地干坏事

寒冰飞雪

操作系统吧  一劳永逸

zhuxiangyu1024

看启动项，能干这么多事的软件基本一眼就可以找出来是哪个软件。

实在搞不定装个360，杀毒清理，启动项都来一遍，不想要360用完就卸载就是了。

流浪情人

装的软件多了  开机垃圾就多

moonlunar

svchost.exe是系统自带的，如果是官方镜像就没有问题
把UAC打开，然后有软件要管理员权限的时候会弹窗让你确认，普通软件不会随便要管理员权限的，因为管理员权限一般用不到。
查计划任务和启动项还有服务。
关键的是查服务，服务是可以用svchost做事情的。
win+r输入services.msc打开服务设置

user_0628

直接重装系统 注意一定要原版的 不要图方便使用那些所谓的纯净版