请问如何杀死系统守护进程

使用autoruns工具禁用相关驱动？

[quote=引用 6 楼 clever101 的回复:] [quote=引用 5 楼 zhao4zhong1 的回复:] MOVEFILE_DELAY_UNTIL_REBOOT

[quote=引用 5 楼 zhao4zhong1 的回复:] MOVEFILE_DELAY_UNTIL_REBOOT

MOVEFILE_DELAY_UNTIL_REBOOT

[quote=引用 8 楼 zhao4zhong1 的回复:] 使用autoruns工具禁用相关驱动？

MoveFileEx The MoveFileEx function renames an existing file or directory. BOOL MoveFileEx( LPCTSTR lpExistingFileName, // pointer to the name of the existing file LPCTSTR lpNewFileName, // pointer to the new name for the file DWORD dwFlags // flag that specifies how to move file ); Parameters lpExistingFileName Pointer to a null-terminated string that names an existing file or directory on the local machine. lpNewFileName Pointer to a null-terminated string that specifies the new name of lpExistingFileName on the local machine. When moving a file, the destination can be on a different file system or drive. If the destination is on another drive, you must set the MOVEFILE_COPY_ALLOWED flag in dwFlags. When moving a directory, the destination must be on the same drive. If dwFlags specifies MOVEFILE_DELAY_UNTIL_REBOOT, lpNewFileName can be NULL. In this case, MoveFileEx registers the lpExistingFileName file to be deleted when the system reboots. If lpExistingFileName refers to a directory, the system removes the directory at reboot only if the directory is empty. dwFlags Set of bit flags that specify how to move the file. You can specify any combination of the following values: Value Meaning MOVEFILE_COPY_ALLOWED If the file is to be moved to a different volume, the function simulates the move by using the CopyFile and DeleteFile functions. This flag cannot be used with the MOVEFILE_DELAY_UNTIL_REBOOT flag. MOVEFILE_DELAY_UNTIL_REBOOT The function does not move the file until the operating system is restarted. The system moves the file immediately after AUTOCHK is executed, but before creating any paging files. Consequently, this parameter enables the function to delete paging files from previous startups. This flag can only be used if the process is in the context of a user who belongs to the administrator group or the LocalSystem account. This flag cannot be used with the MOVEFILE_COPY_ALLOWED flag. MOVEFILE_REPLACE_EXISTING If a file of the name specified by lpNewFileName already exists, the function replaces its contents with those specified by lpExistingFileName. MOVEFILE_WRITE_THROUGH The function does not return until the file has actually been moved on the disk. Setting this flag guarantees that a move performed as a copy and delete operation is flushed to disk before the function returns. The flush occurs at the end of the copy operation. This flag has no effect if the MOVEFILE_DELAY_UNTIL_REBOOT flag is set. Return Values If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError. Remarks If the dwFlags parameter specifies MOVEFILE_DELAY_UNTIL_REBOOT, MoveFileEx stores the locations of the files to be renamed at reboot in the following registry value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations The function fails if it cannot access the registry. The PendingFileRenameOperations value is of type REG_MULTI_SZ. Each rename operation stores a pair of NULL-terminated strings. The system uses these registry entries to complete the operations at reboot in the same order that they were issued. For example, the following code fragment creates registry entries that delete szDstFile and rename szSrcFile to be szDstFile at reboot: MoveFileEx(szDstFile, NULL, MOVEFILE_DELAY_UNTIL_REBOOT); MoveFileEx(szSrcFile, szDstFile, MOVEFILE_DELAY_UNTIL_REBOOT); The system stores the following entries in PendingFileRenameOperations: szDstFile\0\0 szSrcFile\0szDstFile\0\0 Because the actual move and deletion operations specified with the MOVEFILE_DELAY_UNTIL_REBOOT flag take place after the calling application has ceased running, the return value cannot reflect success or failure in moving or deleting the file. Rather, it reflects success or failure in placing the appropriate entries into the registry. The system deletes a directory tagged for deletion with the MOVEFILE_DELAY_UNTIL_REBOOT flag only if it is empty. To ensure deletion of directories, move or delete all files from the directory before attempting to delete it. Files may be in the directory at boot time, but they must be deleted or moved before the system can delete the directory. Windows 95 and Windows 98: The MoveFileEx function is not supported. To rename or delete a file at reboot, use the following procedure. To rename or delete a file on Windows 95 and Windows 98 Check for the existence of the WININIT.INI file in the Windows directory. If WININIT.INI exists, open it and add new entries to the existing [rename] section. If the file does not exist, create the file and create a [rename] section. Add lines of the following format to the [rename] section: DestinationFileName=SourceFileName Both DestinationFileName and SourceFileName must be short filenames. To delete a file, use NUL as the value for DestinationFileName. The system processes WININIT.INI during system boot. After WININIT.INI has been processed, the system names it WININIT.BAK. QuickInfo Windows NT: Requires version 3.1 or later. Windows: Unsupported. Windows CE: Unsupported. Header: Declared in winbase.h. Import Library: Use kernel32.lib. Unicode: Implemented as Unicode and ANSI versions on Windows NT. See Also File I/O Overview, File Functions, CopyFile, DeleteFile,GetWindowsDirectory, WritePrivateProfileString 外加重启

是不是底层还有个文件过滤驱动程序？