收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 ------------穿透冰点还原--------------
1234下一页
返回列表 发新帖
楼主: langzi2009
 收起左侧

[病毒样本] ------------穿透冰点还原--------------

  [复制链接]
星晨
发表于 2010-9-20 09:41:38 | 显示全部楼层
BitDefender沒反應
回复

举报

chz3
发表于 2010-9-20 10:53:51 | 显示全部楼层
红伞监控干掉
回复

举报

尝微听几
头像被屏蔽
发表于 2010-9-20 10:57:44 | 显示全部楼层
毒霸干掉
回复

举报

fatezero
发表于 2010-9-20 10:59:19 | 显示全部楼层
KIS
Trojan-Downloader.Win32.Geral.ssc
回复

举报

网名丢失
发表于 2010-9-20 11:11:41 | 显示全部楼层
质量不高
回复

举报

wck317
发表于 2010-9-20 11:34:28 | 显示全部楼层
铁壳11表示压力不大

回复

举报

KOI9009
发表于 2010-9-20 12:24:45 | 显示全部楼层
半个多月之前的瑞星 2011 就可以干掉
关闭监控之后 主防一击必杀
回复

举报

thelordisone
发表于 2010-9-20 12:38:47 | 显示全部楼层
MSE杀!
回复

举报

liulangzhecgr
发表于 2010-9-20 13:16:48 | 显示全部楼层
本帖最后由 liulangzhecgr 于 2010.9.20 13:21 编辑

运行样本后创建两个explorer.exe进程...



Installation Report: 疯狂下载者
Generated by InCtrl5, version 1.0.0.0
Install program: E:\downloads\疯狂下载者\疯狂下载者.exe
9-20-2010 11:19 AM
------------------------------------------------------------
Registry
********
Keys ignored: 0
---------------
* (none)
Keys added: 18
--------------
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\CCTEST
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\CCTEST\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\CCTEST\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_8086&DEV_2445&SUBSYS_4730414C&REV_05#3&13C0B0C5&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Shares\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\CCTEST
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\CCTEST\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\CCTEST\0000\Control
Keys deleted: 9
---------------
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_8086&DEV_2445&SUBSYS_4730414C&REV_05#3&13C0B0C5&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\?
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\淺
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\淺
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\淺
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\?
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\?
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Shares\\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Shares\\\
Values added: 72
----------------
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "C:\WINDOWS\system32\reg.exe"
  Type: REG_SZ
  Data: Registry Console Tool
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "C:\WINDOWS\system32\sc.exe"
  Type: REG_SZ
  Data: A tool to aid in developing services for WindowsNT
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "E:\downloads\疯狂下载者\疯狂下载者.exe"
  Type: REG_SZ
  Data: 疯狂下载者
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local "ActivePolicy"
  Type: REG_SZ
  Data: SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb} "ClassName"
  Type: REG_SZ
  Data: ipsecFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb} "ipsecData"
  Type: REG_BINARY
  Data: (data too large: 2265 bytes)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb} "ipsecDataType"
  Type: REG_DWORD
  Data: 00, 01, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb} "ipsecID"
  Type: REG_SZ
  Data: {f2fd0bda-3962-428d-9d06-34c2b19568bb}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb} "ipsecName"
  Type: REG_SZ
  Data: disable connect ip filter list
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb} "ipsecOwnersReference"
  Type: REG_MULTI_SZ
  Data: 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 50, 6F, 6C, 69, 63, 69, 65, 73, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 49, 50, 53, 65, 63, 5C, 50, 6F, 6C, 69, 63, 79, 5C, 4C, 6F, 63, 61, 6C, 5C, 69, 70, 73, 65, 63, 4E, 46, 41, 7B, 37, 37, 64, 39, 33, 62, 32, 31, 2D, 33, 35, 30, 63, 2D, 34, 36, 34, 39, 2D, 62, 38, 66, 64, 2D, 33, 62, 35, 34, 32, 38, 61, 66, 37, 62, 38, 64, 7D, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb} "name"
  Type: REG_SZ
  Data: ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb} "whenChanged"
  Type: REG_DWORD
  Data: BD, 98, 94, 4B
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7} "ClassName"
  Type: REG_SZ
  Data: ipsecISAKMPPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7} "ipsecData"
  Type: REG_BINARY
  Data: (data too large: 341 bytes)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7} "ipsecDataType"
  Type: REG_DWORD
  Data: 00, 01, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7} "ipsecID"
  Type: REG_SZ
  Data: {c37d0b66-13e0-4bf0-a103-e09908ece1b7}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7} "ipsecOwnersReference"
  Type: REG_MULTI_SZ
  Data: 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 50, 6F, 6C, 69, 63, 69, 65, 73, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 49, 50, 53, 65, 63, 5C, 50, 6F, 6C, 69, 63, 79, 5C, 4C, 6F, 63, 61, 6C, 5C, 69, 70, 73, 65, 63, 50, 6F, 6C, 69, 63, 79, 7B, 35, 38, 37, 37, 31, 36, 64, 34, 2D, 38, 33, 66, 37, 2D, 34, 61, 30, 32, 2D, 39, 37, 63, 32, 2D, 36, 31, 33, 37, 64, 39, 34, 35, 65, 38, 36, 61, 7D, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7} "name"
  Type: REG_SZ
  Data: ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7} "whenChanged"
  Type: REG_DWORD
  Data: 60, 27, 6D, 4B
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "ClassName"
  Type: REG_SZ
  Data: ipsecNegotiationPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "ipsecData"
  Type: REG_BINARY
  Data: (data too large: 345 bytes)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "ipsecDataType"
  Type: REG_DWORD
  Data: 00, 01, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "ipsecID"
  Type: REG_SZ
  Data: {56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "ipsecName"
  Type: REG_SZ
  Data: disable connect ip filter action
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "ipsecNegotiationPolicyAction"
  Type: REG_SZ
  Data: {3f91a819-7647-11d1-864d-d46a00000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "ipsecNegotiationPolicyType"
  Type: REG_SZ
  Data: {62f49e10-6c37-11d1-864c-14a300000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "ipsecOwnersReference"
  Type: REG_MULTI_SZ
  Data: 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 50, 6F, 6C, 69, 63, 69, 65, 73, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 49, 50, 53, 65, 63, 5C, 50, 6F, 6C, 69, 63, 79, 5C, 4C, 6F, 63, 61, 6C, 5C, 69, 70, 73, 65, 63, 4E, 46, 41, 7B, 37, 37, 64, 39, 33, 62, 32, 31, 2D, 33, 35, 30, 63, 2D, 34, 36, 34, 39, 2D, 62, 38, 66, 64, 2D, 33, 62, 35, 34, 32, 38, 61, 66, 37, 62, 38, 64, 7D, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "name"
  Type: REG_SZ
  Data: ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f} "whenChanged"
  Type: REG_DWORD
  Data: 60, 27, 6D, 4B
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8} "ClassName"
  Type: REG_SZ
  Data: ipsecNegotiationPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8} "ipsecData"
  Type: REG_BINARY
  Data: (data too large: 505 bytes)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8} "ipsecDataType"
  Type: REG_DWORD
  Data: 00, 01, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8} "ipsecID"
  Type: REG_SZ
  Data: {a664b054-eebd-4697-aee0-a38f35bc4eb8}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8} "ipsecNegotiationPolicyAction"
  Type: REG_SZ
  Data: {8a171dd3-77e3-11d1-8659-a04f00000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8} "ipsecNegotiationPolicyType"
  Type: REG_SZ
  Data: {62f49e13-6c37-11d1-864c-14a300000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8} "ipsecOwnersReference"
  Type: REG_MULTI_SZ
  Data: 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 50, 6F, 6C, 69, 63, 69, 65, 73, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 49, 50, 53, 65, 63, 5C, 50, 6F, 6C, 69, 63, 79, 5C, 4C, 6F, 63, 61, 6C, 5C, 69, 70, 73, 65, 63, 4E, 46, 41, 7B, 66, 36, 30, 35, 30, 31, 34, 37, 2D, 39, 38, 37, 61, 2D, 34, 35, 39, 32, 2D, 38, 64, 31, 34, 2D, 65, 38, 61, 65, 65, 37, 65, 37, 37, 62, 64, 34, 7D, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8} "name"
  Type: REG_SZ
  Data: ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8} "whenChanged"
  Type: REG_DWORD
  Data: 4C, 27, 6D, 4B
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "ClassName"
  Type: REG_SZ
  Data: ipsecNFA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "ipsecData"
  Type: REG_BINARY
  Data: 00, AC, BB, 11, 8D, 49, D1, 11, 86, 39, 00, A0, 24, 8D, 30, 21, 2A, 00, 00, 00, 01, 00, 00, 00, 05, 00, 00, 00, 02, 00, 00, 00, 00, 00, FD, FF, FF, FF, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 02, 00, 00, 00, 00, 00, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 00, 00, 00, 05, 00, 00, 00, 00, 00, 00, 00, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 02, 01, 00, 00, 00, 00, 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "ipsecDataType"
  Type: REG_DWORD
  Data: 00, 01, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "ipsecFilterReference"
  Type: REG_MULTI_SZ
  Data: 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 50, 6F, 6C, 69, 63, 69, 65, 73, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 49, 50, 53, 65, 63, 5C, 50, 6F, 6C, 69, 63, 79, 5C, 4C, 6F, 63, 61, 6C, 5C, 69, 70, 73, 65, 63, 46, 69, 6C, 74, 65, 72, 7B, 66, 32, 66, 64, 30, 62, 64, 61, 2D, 33, 39, 36, 32, 2D, 34, 32, 38, 64, 2D, 39, 64, 30, 36, 2D, 33, 34, 63, 32, 62, 31, 39, 35, 36, 38, 62, 62, 7D, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "ipsecID"
  Type: REG_SZ
  Data: {77d93b21-350c-4649-b8fd-3b5428af7b8d}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "ipsecName"
  Type: REG_SZ
  Data: disable connect ip
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "ipsecNegotiationPolicyReference"
  Type: REG_SZ
  Data: SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "ipsecOwnersReference"
  Type: REG_MULTI_SZ
  Data: 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 50, 6F, 6C, 69, 63, 69, 65, 73, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 49, 50, 53, 65, 63, 5C, 50, 6F, 6C, 69, 63, 79, 5C, 4C, 6F, 63, 61, 6C, 5C, 69, 70, 73, 65, 63, 50, 6F, 6C, 69, 63, 79, 7B, 35, 38, 37, 37, 31, 36, 64, 34, 2D, 38, 33, 66, 37, 2D, 34, 61, 30, 32, 2D, 39, 37, 63, 32, 2D, 36, 31, 33, 37, 64, 39, 34, 35, 65, 38, 36, 61, 7D, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "name"
  Type: REG_SZ
  Data: ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d} "whenChanged"
  Type: REG_DWORD
  Data: 68, 27, 6D, 4B
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4} "ClassName"
  Type: REG_SZ
  Data: ipsecNFA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4} "ipsecData"
  Type: REG_BINARY
  Data: 00, AC, BB, 11, 8D, 49, D1, 11, 86, 39, 00, A0, 24, 8D, 30, 21, 2A, 00, 00, 00, 01, 00, 00, 00, 05, 00, 00, 00, 02, 00, 00, 00, 00, 00, FD, FF, FF, FF, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 00, 00, 00, 05, 00, 00, 00, 00, 00, 00, 00, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 02, 01, 00, 00, 00, 00, 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4} "ipsecDataType"
  Type: REG_DWORD
  Data: 00, 01, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4} "ipsecID"
  Type: REG_SZ
  Data: {f6050147-987a-4592-8d14-e8aee7e77bd4}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4} "ipsecNegotiationPolicyReference"
  Type: REG_SZ
  Data: SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4} "ipsecOwnersReference"
  Type: REG_MULTI_SZ
  Data: 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 50, 6F, 6C, 69, 63, 69, 65, 73, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 49, 50, 53, 65, 63, 5C, 50, 6F, 6C, 69, 63, 79, 5C, 4C, 6F, 63, 61, 6C, 5C, 69, 70, 73, 65, 63, 50, 6F, 6C, 69, 63, 79, 7B, 35, 38, 37, 37, 31, 36, 64, 34, 2D, 38, 33, 66, 37, 2D, 34, 61, 30, 32, 2D, 39, 37, 63, 32, 2D, 36, 31, 33, 37, 64, 39, 34, 35, 65, 38, 36, 61, 7D, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4} "name"
  Type: REG_SZ
  Data: ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4} "whenChanged"
  Type: REG_DWORD
  Data: 4C, 27, 6D, 4B
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "ClassName"
  Type: REG_SZ
  Data: ipsecPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "description"
  Type: REG_SZ
  Data: 对所有 IP 通讯总是使用 Kerberos 信任请求安全。不允许与不被信任的客户端的不安全通讯。
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "ipsecData"
  Type: REG_BINARY
  Data: 63, 21, 20, 22, 4C, 4F, D1, 11, 86, 3B, 00, A0, 24, 8D, 30, 21, 04, 00, 00, 00, 30, 2A, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "ipsecDataType"
  Type: REG_DWORD
  Data: 00, 01, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "ipsecID"
  Type: REG_SZ
  Data: {587716d4-83f7-4a02-97c2-6137d945e86a}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "ipsecISAKMPReference"
  Type: REG_SZ
  Data: SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "ipsecName"
  Type: REG_SZ
  Data: 安全网络策略 (需要安全)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "ipsecNFAReference"
  Type: REG_MULTI_SZ
  Data: 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 50, 6F, 6C, 69, 63, 69, 65, 73, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 49, 50, 53, 65, 63, 5C, 50, 6F, 6C, 69, 63, 79, 5C, 4C, 6F, 63, 61, 6C, 5C, 69, 70, 73, 65, 63, 4E, 46, 41, 7B, 37, 37, 64, 39, 33, 62, 32, 31, 2D, 33, 35, 30, 63, 2D, 34, 36, 34, 39, 2D, 62, 38, 66, 64, 2D, 33, 62, 35, 34, 32, 38, 61, 66, 37, 62, 38, 64, 7D, 00, 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 50, 6F, 6C, 69, 63, 69, 65, 73, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 49, 50, 53, 65, 63, 5C, 50, 6F, 6C, 69, 63, 79, 5C, 4C, 6F, 63, 61, 6C, 5C, 69, 70, 73, 65, 63, 4E, 46, 41, 7B, 66, 36, 30, 35, 30, 31, 34, 37, 2D, 39, 38, 37, 61, 2D, 34, 35, 39, 32, 2D, 38, 64, 31, 34, 2D, 65, 38, 61, 65, 65, 37, 65, 37, 37, 62, 64, 34, 7D, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "name"
  Type: REG_SZ
  Data: ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a} "whenChanged"
  Type: REG_DWORD
  Data: BF, 98, 94, 4B
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\CCTEST\0000 "ClassGUID"
  Type: REG_SZ
  Data: {D4A133FE-C9E5-4F11-A812-FED74DA86ED5}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\CCTEST\0000 "HardwareID"
  Type: REG_MULTI_SZ
  Data: 2A, 43, 43, 54, 65, 73, 74, 44, 65, 76, 69, 63, 65, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum "0"
  Type: REG_SZ
  Data: SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\CCTEST\0000 "ClassGUID"
  Type: REG_SZ
  Data: {D4A133FE-C9E5-4F11-A812-FED74DA86ED5}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\CCTEST\0000 "HardwareID"
  Type: REG_MULTI_SZ
  Data: 2A, 43, 43, 54, 65, 73, 74, 44, 65, 76, 69, 63, 65, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum "0"
  Type: REG_SZ
  Data: SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}
Values deleted: 1
-----------------
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\?"Time"
  Type: REG_BINARY
  Data: 苄s?U?
Values changed: 13
------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG "Seed"
  Old type: REG_BINARY
  New type: REG_BINARY
  Old data: 43, 2F, 2C, 52, A4, 53, 1A, C5, 04, B9, 79, 6C, 79, 20, 46, 56, A2, 36, A7, 01, A9, C5, 21, 5B, 1C, 20, 60, 2F, D8, F7, 96, D1, BF, 8E, A9, 1D, 4D, 4F, B9, C1, BF, 84, 51, 77, 87, C7, F3, DE, C7, 19, 43, C3, AA, 87, 28, 5D, 18, 0A, 22, 97, 39, 11, 29, FC, 96, E1, 45, 68, 32, EA, 90, AF, CA, BB, 2B, B3, C8, ED, 2A, 59
  New data: C7, 92, E8, 77, 00, AE, 30, BF, AB, E5, 3E, 8C, 79, 18, 91, 1A, FE, 69, CF, 24, AF, AF, AD, 4C, 2D, EC, AB, A5, EC, DA, 20, 02, 8E, 1D, A0, 54, E8, C8, 59, 45, EC, 52, 5D, 6A, EE, 07, CB, 5B, 18, 8E, 99, 8B, 22, 12, 3E, 7B, 66, D0, 2E, 10, C8, E0, 86, CE, 93, 00, 71, DC, 23, 64, 57, 71, 4A, CA, 1A, 76, 06, 70, 41, 97
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} "ipsecData"
  Old type: REG_BINARY
  New type: REG_BINARY
  Old data: B5, 20, DC, 80, C8, 2E, D1, 11, A8, 9E, 00, A0, 24, 8D, 30, 21, 52, 00, 00, 00, 01, 00, 00, 00, 02, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 0A, 00, 00, 00, 49, 00, 43, 00, 4D, 00, 50, 00, 00, 00, 2B, FA, 4F, 7A, 53, B5, A7, 4F, 84, 91, 59, 2A, C6, C1, EA, 13, 01, 00, 00, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00
  New data: B5, 20, DC, 80, C8, 2E, D1, 11, A8, 9E, 00, A0, 24, 8D, 30, 21, 52, 00, 00, 00, 01, 00, 00, 00, 02, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 0A, 00, 00, 00, 49, 00, 43, 00, 4D, 00, 50, 00, 00, 00, 09, D0, 93, BB, 4F, F1, 73, 49, 83, 41, C6, BE, 02, 49, 50, 21, 01, 00, 00, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} "whenChanged"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 3D, EF, 75, 4C
  New data: CE, 3D, EE, 46
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} "ipsecData"
  Old type: REG_BINARY
  New type: REG_BINARY
  Old data: B5, 20, DC, 80, C8, 2E, D1, 11, A8, 9E, 00, A0, 24, 8D, 30, 21, 4A, 00, 00, 00, 01, 00, 00, 00, 02, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, E4, 1E, 9C, 8E, AF, A4, 01, 42, A4, DF, 09, D7, 5B, A7, 91, CB, 01, 00, 00, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00
  New data: B5, 20, DC, 80, C8, 2E, D1, 11, A8, 9E, 00, A0, 24, 8D, 30, 21, 4A, 00, 00, 00, 01, 00, 00, 00, 02, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 51, C1, CF, 1D, 66, 37, 8D, 48, BF, 69, C7, 8B, B0, 1B, D4, 8F, 01, 00, 00, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} "whenChanged"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 3D, EF, 75, 4C
  New data: CE, 3D, EE, 46
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} "whenChanged"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 3D, EF, 75, 4C
  New data: CE, 3D, EE, 46
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} "whenChanged"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 3D, EF, 75, 4C
  New data: CE, 3D, EE, 46
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} "whenChanged"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 3D, EF, 75, 4C
  New data: CE, 3D, EE, 46
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} "whenChanged"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 3D, EF, 75, 4C
  New data: CE, 3D, EE, 46
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum "Count"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 00, 00, 00, 00
  New data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum "NextInstance"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 00, 00, 00, 00
  New data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum "Count"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 00, 00, 00, 00
  New data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum "NextInstance"
  Old type: REG_DWORD
  New type: REG_DWORD
  Old data: 00, 00, 00, 00
  New data: 01, 00, 00, 00
------------------------------------------------------------
Disk contents
*************
Drives tracked: 3
-----------------
* c:\
* d:\
* e:\
Folders added: 1
----------------
c:\Program Files\RAV
Files added: 7
--------------
c:\Program Files\RAV\CCtest.inf
  Date: 9-20-2010 11:19 AM
  Size: 4,141 bytes
c:\Program Files\RAV\CCtest.sys
  Date: 9-20-2010 11:19 AM
  Size: 7,808 bytes
c:\WINDOWS\setupapi.log
  Date: 9-20-2010 11:19 AM
  Size: 255 bytes
c:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf
  Date: 9-20-2010 11:19 AM
  Size: 10,972 bytes
c:\WINDOWS\Prefetch\SC.EXE-012262AF.pf
  Date: 9-20-2010 11:19 AM
  Size: 11,270 bytes
c:\WINDOWS\Prefetch\疯狂下载者.EXE-30D256E1.pf
  Date: 9-20-2010 11:19 AM
  Size: 5,988 bytes
c:\WINDOWS\system32\CatRoot2\tmp.edb
  Date: 9-20-2010 11:19 AM
  Size: 1,056,768 bytes
Files changed: 9
----------------
c:\Documents and Settings\Administrator\ntuser.dat.LOG
  Old date: 9-20-2010 11:18 AM
  New date: 9-20-2010 11:19 AM
  Old size: 1,024 bytes
  New size: 1,024 bytes
c:\Program Files\Kingsoft\webshield\kse\kse_wfsdata\KSWebShield_tmpa0.dat
  Old date: 9-20-2010 11:19 AM
  New date: 9-20-2010 11:19 AM
  Old size: 0 bytes
  New size: 0 bytes
c:\Program Files\Kingsoft\webshield\webui\icon\btbg.gif
  Old date: 9-20-2010 11:19 AM
  New date: 9-20-2010 11:19 AM
  Old size: 1,069 bytes
  New size: 1,069 bytes
c:\WINDOWS\system32\CatRoot2\edb.log
  Old date: 9-20-2010 11:17 AM
  New date: 9-20-2010 11:19 AM
  Old size: 131,072 bytes
  New size: 131,072 bytes
c:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
  Old date: 9-20-2010 11:00 AM
  New date: 9-20-2010 11:19 AM
  Old size: 3,153,920 bytes
  New size: 3,153,920 bytes
c:\WINDOWS\system32\config\software.LOG
  Old date: 9-20-2010 11:18 AM
  New date: 9-20-2010 11:19 AM
  Old size: 1,024 bytes
  New size: 1,024 bytes
c:\WINDOWS\system32\config\system.LOG
  Old date: 9-20-2010 11:18 AM
  New date: 9-20-2010 11:19 AM
  Old size: 1,024 bytes
  New size: 1,024 bytes
c:\WINDOWS\system32\wbem\Logs\wbemess.log
  Old date: 9-20-2010 11:17 AM
  New date: 9-20-2010 11:19 AM
  Old size: 14,031 bytes
  New size: 14,886 bytes
c:\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG
  Old date: 9-20-2010 10:56 AM
  New date: 9-20-2010 11:19 AM
  Old size: 20 bytes
  New size: 20 bytes
------------------------------------------------------------
INI file
********
Ini files tracked: 4
--------------------
* C:\boot.ini
* c:\windows\control.ini
* c:\windows\system.ini
* c:\windows\win.ini
------------------------------------------------------------
Text file
*********
Text files tracked: 2
---------------------
* c:\windows\system32\autoexec.nt
* c:\windows\system32\config.nt
------------------------------------------------------------
InCtrl5, Copyright ?2000 by Ziff Davis Media, Inc.
Written by Neil J. Rubenking
First published in PC Magazine, December 5, 2000.

回复

举报

lyqzg
发表于 2010-9-20 15:56:13 | 显示全部楼层
红伞拦截,TR/Crypt.XDR.Gen
回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-27 02:07 , Processed in 0.105656 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表