祝元旦快乐，顺便肢解MSE2.0~

显示全部楼层 · 发表于 2011-12-19 00:46:40

本帖最后由飞霜流华于 2011-12-30 16:39 编辑

帖子早就开了，翻译也不是很困难，无奈最近尼玛事情实在太多，各种年终活动总结+考试，所以开晚了

不过正好赶在元旦，也算小小的贺礼吧

文章有点老，所以MSE的版本的版本也比较老，2.0的，不过和2.1正式版差别不大，翻译见：2楼

Microsoft Security Essentials

Security Essentials Version: 2.0.657.0
Antimalware Client Version: 3.0.8107.0
Engine Version: 1.1.6402.0
Antivirus definition: 1.95.4181.0
Antispyware definition: 1.95.4181.0

http://www.microsoft.com/security_essentials

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

The Windows boot time has become slow than usually. Difference = 36%.

MSSECES.EXE
Description: Microsoft Security Client User Interface Microsoft Corporation Microsoft Security Client 2.0.0657.0
MD5= 1D6174DE4DED26E5D91B9B66E0FE4DAC
File is signed and the signature was verified.
File size= 997408
Related registry changes:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\F901D882BACCD4F4B9108823ADB5ED91\4C677A77F01DD614880F352F9DCD9D3B: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSC: “”C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE” -HIDE -RUNKEY”
HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\REMEDIATIONEXE: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE“

MPCMDRUN.EXE
Description: Microsoft Malware Protection Command Line Utility Microsoft Corporation Microsoft Malware Protection 3.0.8107.0
MD5= 73B875C45457F5EB04EC892678E91A11
File is signed and the signature was verified.
File size= 226984
Related registry changes:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\CC3B95501AB799046BF51FEB06E417CA\4D880477777087D409D44E533B815F2D: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPCMDRUN.EXE“

MPFILTER.SYS
Description: Driver Microsoft Malware Protection Driver Microsoft On-Access Malware Protection Mini-Filter Driver Start Type: loaded automatically at Kernel initialization Microsoft antimalware file system filter driver Microsoft Corporation Microsoft Malware Protection 3.0.8007.0
MD5= 7E34BFA1A7B60BBA1DA03D677F16CD63
File is signed and the signature was verified.
File size= 165264
Related registry changes:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\E36AA351DFB3C5943AF5586F660541D1\4D880477777087D409D44E533B815F2D: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER\MPFILTER.SYS”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPFILTER\IMAGEPATH: “SYSTEM32\DRIVERS\MPFILTER.SYS“

MSMPENG.EXE
Description: Service Microsoft Antimalware Service Helps protect users from malware and other potentially unwanted software Start Type: loaded automatically by Server Manager Antimalware Service Executable Microsoft Corporation Microsoft Malware Protection 3.0.8107.0
MD5= 90DC23D940551DB35367FB1E40575B25
File is signed and the signature was verified.
File size= 11736
Related registry changes:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\EF374A3F802F8614DA7AEB27861167E9\4D880477777087D409D44E533B815F2D: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPENG.EXE”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MSMPSVC\IMAGEPATH: “”C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPENG.EXE“”

SHELLEXT.DLL
Description: Microsoft Security Client Shell Extension Microsoft Corporation Microsoft Security Client 2.0.0657.0
MD5= 647FC72551BEF58D0ACBF465363C8751
File is signed and the signature was verified.
File size= 300616
Related registry changes:
HKLM\SOFTWARE\CLASSES\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\INPROCSERVER32\: “C:\PROGRA~1\MICROS~2\SHELLEXT.DLL”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\22C1E077F939771499229BCC0B0817BF\4C677A77F01DD614880F352F9DCD9D3B: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\SHELLEXT.DLL.MUI”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\9EE09A0126ECC924E955C10C317DA8C6\4C677A77F01DD614880F352F9DCD9D3B: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SHELLEXT.DLL“

FILES ADDED:151

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPASBASE.VDM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPASDLTA.VDM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPAVBASE.VDM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPAVDLTA.VDM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPENGINE.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-1.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS\RESOURCE\{13524B0B-3E46-43F2-BE89-C5B7F7FDFDFB}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS\RESOURCE\{3F6FDAB0-4AC0-4FB0-9E96-F9A12E23C69E}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS\RESOURCE\{C078ACB9-8AF0-4472-8697-8859DADE9E2C}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\SERVICE\UNKNOWN.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPDIAG.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPCACHESTATS.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPDETECTION-01182011-201213.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPLOG-01182011-201213.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPWPPTRACING-01182011-201213-00000003-FFFFFFFF.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPWPPTRACING-01182011-202111-00000003-FFFFFFFF.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\APPLICATION.ETL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\EPPSETUP.ETL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\EPPSETUP.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\EPPSETUPRESULT.INI
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\MSSECURITYCLIENT_SETUP_DW20SHARED_INSTALL.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\MSSECURITYCLIENT_SETUP_EPP_INSTALL.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\MSSECURITYCLIENT_SETUP_MP_AMBITS_INSTALL.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WINDOWS GENUINE ADVANTAGE\DATA\DATA.DAT
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MICROSOFT SECURITY ESSENTIALS.LNK
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\MPCMDRUN.LOG
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1026\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1027\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1029\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1030\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1032\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1035\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1037\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1038\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1043\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1044\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1045\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1046\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1048\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1049\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1050\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1051\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1053\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1054\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1055\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1058\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1060\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1061\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1062\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1063\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1081\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2068\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2070\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2074\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\3076\DWINTL20.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER\MPFILTER.CAT
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER\MPFILTER.INF
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER\MPFILTER.SYS
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPNWMON\MPNWMON.CAT
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPNWMON\MPNWMON.INF
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPNWMON\MPNWMON.SYS
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\EN-US\MPASDESC.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\EN-US\MPEVMSG.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPASDESC.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPCLIENT.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPCMDRUN.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPCOMMU.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPEVMSG.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPOAV.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPRTP.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPSVC.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPCOM.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPENG.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPLICS.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\AMHELP.CHM
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\EPPLOC.CAB
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\EPPLOC_X86.MSI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\EULA.RTF
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\SETUPRES.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EPPMANIFEST.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\SETUPRES.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\DW20SHARED.MSI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\EPP.MSI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\LEGITLIB.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\MP_AMBITS.MSI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\SETUP.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\SQMAPI.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\WINDOWS6.0-KB981889-V2.MSU
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\WINDOWS6.1-KB981889.MSU
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\CLEANUPPOLICY.XML
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\CONFIGSECURITYPOLICY.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\AMHELP.CHM
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\EULA.RTF
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\MSMPRES.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\SETUPRES.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\SHELLEXT.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EPPMANIFEST.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\LEGITLIB.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPRES.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSEWAT.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SETUP.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SETUPRES.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SHELLEXT.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SQMAPI.DLL
C:\WINDOWS\INF\AER_1026.ADM
C:\WINDOWS\INF\AER_1027.ADM
C:\WINDOWS\INF\AER_1029.ADM
C:\WINDOWS\INF\AER_1030.ADM
C:\WINDOWS\INF\AER_1032.ADM
C:\WINDOWS\INF\AER_1035.ADM
C:\WINDOWS\INF\AER_1037.ADM
C:\WINDOWS\INF\AER_1038.ADM
C:\WINDOWS\INF\AER_1043.ADM
C:\WINDOWS\INF\AER_1044.ADM
C:\WINDOWS\INF\AER_1045.ADM
C:\WINDOWS\INF\AER_1046.ADM
C:\WINDOWS\INF\AER_1048.ADM
C:\WINDOWS\INF\AER_1049.ADM
C:\WINDOWS\INF\AER_1050.ADM
C:\WINDOWS\INF\AER_1051.ADM
C:\WINDOWS\INF\AER_1053.ADM
C:\WINDOWS\INF\AER_1054.ADM
C:\WINDOWS\INF\AER_1055.ADM
C:\WINDOWS\INF\AER_1058.ADM
C:\WINDOWS\INF\AER_1060.ADM
C:\WINDOWS\INF\AER_1061.ADM
C:\WINDOWS\INF\AER_1062.ADM
C:\WINDOWS\INF\AER_1063.ADM
C:\WINDOWS\INF\AER_1081.ADM
C:\WINDOWS\INF\AER_2068.ADM
C:\WINDOWS\INF\AER_2070.ADM
C:\WINDOWS\INF\AER_2074.ADM
C:\WINDOWS\INF\AER_3076.ADM
C:\WINDOWS\INF\OEM8.INF
C:\WINDOWS\INF\OEM8.PNF
C:\WINDOWS\INSTALLER\1D8EC.MSI
C:\WINDOWS\INSTALLER\1D8F1.MSI
C:\WINDOWS\INSTALLER\1D8F7.MSI
C:\WINDOWS\INSTALLER\WIX{774088D4-0777-4D78-904D-E435B318F5D2}.SCHEDSERVICECONFIG.RMI
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{9F500421-2FE6-4F1F-AC12-E8360BB265F1}.BIN
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{E35996F0-31B2-4E28-9DF8-843CB6BB0FE6}.BIN
C:\WINDOWS\SYSTEM32\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\OEM8.CAT
C:\WINDOWS\SYSTEM32\DRIVERS\MPFILTER.SYS
C:\WINDOWS\SYSTEM32\MPSIGSTUB.EXE
C:\WINDOWS\TASKS\MP SCHEDULED SCAN.JOB
C:\WINDOWS\TASKS\MPIDLETASK.JOB
C:\WINDOWS\TEMP\DW.LOG
C:\WINDOWS\TEMP\MPCMDRUN.LOG
C:\WINDOWS\TEMP\MPSIGSTUB.LOG
C:\WINDOWS\EPPLAUNCHER.MIF

FILES[ATTR]MODIFIED:23

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GDIPFONTCACHEV1.DAT
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\FEEDS CACHE\INDEX.DAT
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CE4CF87733651BF1F44DD1E02FC1A8E8
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1025\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1028\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1031\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1033\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1036\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1040\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1041\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1042\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2052\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\3082\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\DW20.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\DWDCW20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\DWTRIG20.EXE
C:\WINDOWS\INF\AER_1025.ADM
C:\WINDOWS\INF\AER_1028.ADM
C:\WINDOWS\INF\AER_1031.ADM
C:\WINDOWS\INF\AER_1036.ADM
C:\WINDOWS\INF\AER_1042.ADM
C:\WINDOWS\SOFTWAREDISTRIBUTION\REPORTINGEVENTS.LOG
C:\WINDOWS\SYSTEM32\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TIMESTAMP

FOLDERS ADDED:63

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\BACKUP
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\UPDATES
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\LOCALCOPY
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\QUARANTINE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS\RESOURCE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\SERVICE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\STORE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\RTSIGS
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\RTSIGS\DATA
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WINDOWS GENUINE ADVANTAGE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WINDOWS GENUINE ADVANTAGE\DATA
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1026
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1027
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1029
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1030
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1032
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1035
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1037
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1038
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1043
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1044
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1045
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1046
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1048
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1049
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1050
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1051
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1053
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1054
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1055
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1058
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1060
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1061
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1062
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1063
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1081
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2068
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2070
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2074
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\3076
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPNWMON
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\EN-US
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US
C:\WINDOWS\SOFTWAREDISTRIBUTION\WUREDIR
C:\WINDOWS\SOFTWAREDISTRIBUTION\WUREDIR\9482F4B4-E343-43B6-B170-9A65BC822C77
C:\WINDOWS\TEMP\MPTELEMETRYSUBMIT

显示全部楼层 · 发表于 2011-12-26 23:32:40

本帖最后由飞霜流华于 2011-12-30 16:21 编辑

Microsoft Security Essentials

MSE版本: 2.0.657.0
反病毒客户端版本: 3.0.8107.0
引擎版本: 1.1.6402.0
反病毒定义: 1.95.4181.0
反间谍定义: 1.95.4181.0

http://www.microsoft.com/security_essentials

MSE给您的家用电脑提供实时保护，免受病毒、间谍软件以及其他恶意软件侵害。

Microsoft Security Essentials 可直接从微软网站下载，安装简便，容易使用，并且始终保持更新使您的电脑处于最新的技术的保护下。它能很简单地告诉您，您的电脑是否安全——当你的托盘图标是绿色的，就是安全的，就这么简单！

MSE静默高效运行于后台，您可以用您喜欢的方式自由运行windows基础的电脑，而不会被打扰或者长时间等待。

windows启动速度会比平常慢，差异在36%。

MSSECES.EXE
描述：微软安全客户端用户界面，微软公司安全客户端 2.0.0657.0
MD5= 1D6174DE4DED26E5D91B9B66E0FE4DAC
文件有签名并进行了签名验证
文件大小= 997408
相关的注册表变化：
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\F901D882BACCD4F4B9108823ADB5ED91\4C677A77F01DD614880F352F9DCD9D3B: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSC: “”C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE” -HIDE -RUNKEY”
HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\REMEDIATIONEXE: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE“

MPCMDRUN.EXE
描述：微软恶意软件防护命令行实用工具，微软公司恶意软件防护版本 3.0.8107.0
MD5= 73B875C45457F5EB04EC892678E91A11
文件有签名并进行了签名验证
文件大小= 226984
相关的注册表变化：
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\CC3B95501AB799046BF51FEB06E417CA\4D880477777087D409D44E533B815F2D: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPCMDRUN.EXE“

MPFILTER.SYS
描述：驱动类程序，微软恶意软件保护驱动，微软访问恶意软件防护小型过滤器驱动，启动类型：自动加载内核初始化微软反恶意软件文件系统过滤驱动程序，微软公司恶意软件防护版本 3.0.8007.0
MD5= 7E34BFA1A7B60BBA1DA03D677F16CD63
文件有签名并进行了签名验证
文件大小=165264
相关的注册表变化：
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\E36AA351DFB3C5943AF5586F660541D1\4D880477777087D409D44E533B815F2D: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER\MPFILTER.SYS”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPFILTER\IMAGEPATH: “SYSTEM32\DRIVERS\MPFILTER.SYS“

MSMPENG.EXE
描述：微软反恶意软件服务，有助于使用者免受恶意软件或其他可能不需要的软件的危害。启动类型：自动加载服务器管理器的反恶意软件服务。微软公司恶意软件防护版本：3.0.8107.0
MD5= 90DC23D940551DB35367FB1E40575B25
文件有签名并进行了签名验证
文件大小=11736
相关的注册表变化：
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\EF374A3F802F8614DA7AEB27861167E9\4D880477777087D409D44E533B815F2D: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPENG.EXE”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MSMPSVC\IMAGEPATH: “”C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPENG.EXE“”

SHELLEXT.DLL
描述：微软安全客户端外壳扩展，微软安全客户端版本 2.0.0657.0
MD5= 647FC72551BEF58D0ACBF465363C8751
文件有签名并进行了签名验证
文件大小=300616
相关注册表变化：
HKLM\SOFTWARE\CLASSES\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\INPROCSERVER32\: “C:\PROGRA~1\MICROS~2\SHELLEXT.DLL”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\22C1E077F939771499229BCC0B0817BF\4C677A77F01DD614880F352F9DCD9D3B: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\SHELLEXT.DLL.MUI”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\9EE09A0126ECC924E955C10C317DA8C6\4C677A77F01DD614880F352F9DCD9D3B: “C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SHELLEXT.DLL“

添加的文件：151
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPASBASE.VDM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPASDLTA.VDM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPAVBASE.VDM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPAVDLTA.VDM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}\MPENGINE.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-1.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS\RESOURCE\{13524B0B-3E46-43F2-BE89-C5B7F7FDFDFB}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS\RESOURCE\{3F6FDAB0-4AC0-4FB0-9E96-F9A12E23C69E}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS\RESOURCE\{C078ACB9-8AF0-4472-8697-8859DADE9E2C}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\SERVICE\UNKNOWN.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPDIAG.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPCACHESTATS.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPDETECTION-01182011-201213.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPLOG-01182011-201213.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPWPPTRACING-01182011-201213-00000003-FFFFFFFF.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT\MPWPPTRACING-01182011-202111-00000003-FFFFFFFF.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\APPLICATION.ETL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\EPPSETUP.ETL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\EPPSETUP.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\EPPSETUPRESULT.INI
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\MSSECURITYCLIENT_SETUP_DW20SHARED_INSTALL.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\MSSECURITYCLIENT_SETUP_EPP_INSTALL.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT\MSSECURITYCLIENT_SETUP_MP_AMBITS_INSTALL.LOG
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WINDOWS GENUINE ADVANTAGE\DATA\DATA.DAT
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MICROSOFT SECURITY ESSENTIALS.LNK
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\MPCMDRUN.LOG
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1026\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1027\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1029\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1030\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1032\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1035\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1037\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1038\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1043\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1044\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1045\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1046\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1048\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1049\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1050\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1051\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1053\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1054\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1055\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1058\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1060\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1061\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1062\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1063\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1081\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2068\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2070\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2074\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\3076\DWINTL20.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER\MPFILTER.CAT
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER\MPFILTER.INF
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER\MPFILTER.SYS
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPNWMON\MPNWMON.CAT
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPNWMON\MPNWMON.INF
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPNWMON\MPNWMON.SYS
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\EN-US\MPASDESC.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\EN-US\MPEVMSG.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPASDESC.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPCLIENT.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPCMDRUN.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPCOMMU.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPEVMSG.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPOAV.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPRTP.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MPSVC.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPCOM.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPENG.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPLICS.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\AMHELP.CHM
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\EPPLOC.CAB
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\EPPLOC_X86.MSI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\EULA.RTF
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US\SETUPRES.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EPPMANIFEST.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\SETUPRES.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\DW20SHARED.MSI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\EPP.MSI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\LEGITLIB.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\MP_AMBITS.MSI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\SETUP.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\SQMAPI.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\WINDOWS6.0-KB981889-V2.MSU
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86\WINDOWS6.1-KB981889.MSU
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\CLEANUPPOLICY.XML
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\CONFIGSECURITYPOLICY.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\AMHELP.CHM
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\EULA.RTF
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\MSMPRES.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\SETUPRES.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US\SHELLEXT.DLL.MUI
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EPPMANIFEST.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\LEGITLIB.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPRES.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSEWAT.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SETUP.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SETUPRES.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SHELLEXT.DLL
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\SQMAPI.DLL
C:\WINDOWS\INF\AER_1026.ADM
C:\WINDOWS\INF\AER_1027.ADM
C:\WINDOWS\INF\AER_1029.ADM
C:\WINDOWS\INF\AER_1030.ADM
C:\WINDOWS\INF\AER_1032.ADM
C:\WINDOWS\INF\AER_1035.ADM
C:\WINDOWS\INF\AER_1037.ADM
C:\WINDOWS\INF\AER_1038.ADM
C:\WINDOWS\INF\AER_1043.ADM
C:\WINDOWS\INF\AER_1044.ADM
C:\WINDOWS\INF\AER_1045.ADM
C:\WINDOWS\INF\AER_1046.ADM
C:\WINDOWS\INF\AER_1048.ADM
C:\WINDOWS\INF\AER_1049.ADM
C:\WINDOWS\INF\AER_1050.ADM
C:\WINDOWS\INF\AER_1051.ADM
C:\WINDOWS\INF\AER_1053.ADM
C:\WINDOWS\INF\AER_1054.ADM
C:\WINDOWS\INF\AER_1055.ADM
C:\WINDOWS\INF\AER_1058.ADM
C:\WINDOWS\INF\AER_1060.ADM
C:\WINDOWS\INF\AER_1061.ADM
C:\WINDOWS\INF\AER_1062.ADM
C:\WINDOWS\INF\AER_1063.ADM
C:\WINDOWS\INF\AER_1081.ADM
C:\WINDOWS\INF\AER_2068.ADM
C:\WINDOWS\INF\AER_2070.ADM
C:\WINDOWS\INF\AER_2074.ADM
C:\WINDOWS\INF\AER_3076.ADM
C:\WINDOWS\INF\OEM8.INF
C:\WINDOWS\INF\OEM8.PNF
C:\WINDOWS\INSTALLER\1D8EC.MSI
C:\WINDOWS\INSTALLER\1D8F1.MSI
C:\WINDOWS\INSTALLER\1D8F7.MSI
C:\WINDOWS\INSTALLER\WIX{774088D4-0777-4D78-904D-E435B318F5D2}.SCHEDSERVICECONFIG.RMI
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{9F500421-2FE6-4F1F-AC12-E8360BB265F1}.BIN
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{E35996F0-31B2-4E28-9DF8-843CB6BB0FE6}.BIN
C:\WINDOWS\SYSTEM32\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\OEM8.CAT
C:\WINDOWS\SYSTEM32\DRIVERS\MPFILTER.SYS
C:\WINDOWS\SYSTEM32\MPSIGSTUB.EXE
C:\WINDOWS\TASKS\MP SCHEDULED SCAN.JOB
C:\WINDOWS\TASKS\MPIDLETASK.JOB
C:\WINDOWS\TEMP\DW.LOG
C:\WINDOWS\TEMP\MPCMDRUN.LOG
C:\WINDOWS\TEMP\MPSIGSTUB.LOG
C:\WINDOWS\EPPLAUNCHER.MIF

文件[ATTR]修改：23
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GDIPFONTCACHEV1.DAT
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\FEEDS CACHE\INDEX.DAT
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CE4CF87733651BF1F44DD1E02FC1A8E8
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1025\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1028\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1031\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1033\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1036\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1040\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1041\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1042\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2052\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\3082\DWINTL20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\DW20.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\DWDCW20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\DWTRIG20.EXE
C:\WINDOWS\INF\AER_1025.ADM
C:\WINDOWS\INF\AER_1028.ADM
C:\WINDOWS\INF\AER_1031.ADM
C:\WINDOWS\INF\AER_1036.ADM
C:\WINDOWS\INF\AER_1042.ADM
C:\WINDOWS\SOFTWAREDISTRIBUTION\REPORTINGEVENTS.LOG
C:\WINDOWS\SYSTEM32\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TIMESTAMP

FOLDERS增加值：63
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\BACKUP
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\UPDATES
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{774A28D5-7AEA-4F6E-A08A-FFDDA1236B53}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\LOCALCOPY
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\QUARANTINE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\RESULTS\RESOURCE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\SERVICE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\STORE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\RTSIGS
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\RTSIGS\DATA
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SUPPORT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT SECURITY CLIENT\SUPPORT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WINDOWS GENUINE ADVANTAGE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WINDOWS GENUINE ADVANTAGE\DATA
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1026
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1027
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1029
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1030
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1032
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1035
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1037
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1038
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1043
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1044
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1045
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1046
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1048
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1049
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1050
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1051
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1053
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1054
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1055
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1058
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1060
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1061
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1062
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1063
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1081
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2068
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2070
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2074
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\3076
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPFILTER
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\DRIVERS\MPNWMON
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\EN-US
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\EN-US
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\BACKUP\X86
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\EN-US
C:\WINDOWS\SOFTWAREDISTRIBUTION\WUREDIR
C:\WINDOWS\SOFTWAREDISTRIBUTION\WUREDIR\9482F4B4-E343-43B6-B170-9A65BC822C77
C:\WINDOWS\TEMP\MPTELEMETRYSUBMIT

显示全部楼层 · 发表于 2011-12-30 18:44:44

肢解是技术活呀。呵呵。
楼主莫非会反编译？

显示全部楼层 · 发表于 2011-12-30 18:45:34

感谢我的发现，感谢小獅子的翻译功夫！！~
不过，不知道4.0版本会不会有神马变化。

显示全部楼层 · 发表于 2011-12-30 18:48:19

不一定发表于 2011-12-30 18:44
肢解是技术活呀。呵呵。
楼主莫非会反编译？

taotao找到的国外的一篇文章，我顺手翻译一下

反编译，就算把代码弄出来，我也未必看得懂。。。。

显示全部楼层 · 发表于 2011-12-30 18:48:48

一大堆路径表示压力很大。。。MS对普通用户没啥用。。咱还是占座吧

显示全部楼层 · 发表于 2011-12-30 20:00:17

白狮子做活动干脆顺便把4.0也肢解了！

显示全部楼层 · 发表于 2012-1-1 18:32:18

谁能把所有都看下来，太多了，。

显示全部楼层 · 发表于 2012-1-1 19:35:00

这文章太给力了
谢谢分享

显示全部楼层 · 发表于 2012-1-2 21:42:43

强大、看不懂

[技术探讨] 祝元旦快乐，顺便肢解MSE2.0~

评分

评分

评分