ESET沒發現

电影结束了

TF挂...

电影结束了

The following Registry Keys were created:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C86B82BE-3E84-4F71-8323-F12BB71D9CB2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C86B82BE-3E84-4F71-8323-F12BB71D9CB2}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C86B82BE-3E84-4F71-8323-F12BB71D9CB2}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C86B82BE-3E84-4F71-8323-F12BB71D9CB2}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF50AC63-19DA-487E-AD4A-0B452D823B59}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Iprip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Iprip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iprip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Iprip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip\Enum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF50AC63-19DA-487E-AD4A-0B452D823B59}
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11d0-8301-00AA005B4383}\InProcServer32]
QDZQ = 0x000000B0
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF604EFE-8897-11D1-B944-00A0C90312E1}\InProcServer32]
XBZQ = 0x00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\VersionIndependentProgID]
(Default) = "IEHlprObj.IEHlprObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\ProgID]
(Default) = "IEHlprObj.IEHlprObj.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\InprocServer32]
(Default) = "%System%\fsutk.dll"
ThreadingModel = "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}]
(Default) = "BrowserPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C86B82BE-3E84-4F71-8323-F12BB71D9CB2}\TypeLib]
(Default) = "{4645A0E0-7B59-439A-BB73-D4159321E09B}"
Version = "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C86B82BE-3E84-4F71-8323-F12BB71D9CB2}\ProxyStubClsid32]
(Default) = "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C86B82BE-3E84-4F71-8323-F12BB71D9CB2}\ProxyStubClsid]
(Default) = "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C86B82BE-3E84-4F71-8323-F12BB71D9CB2}]
(Default) = "IIEHlprObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}\1.0\0\win32]
(Default) = "%System%\fsutk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}\1.0\HELPDIR]
(Default) = "%System%\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}\1.0\FLAGS]
(Default) = "0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4645A0E0-7B59-439A-BB73-D4159321E09B}\1.0]
(Default) = "QuickFlash 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer]
(Default) = "IEHlprObj.IEHlprObj.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj]
(Default) = "BrowserPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID]
(Default) = "{BF50AC63-19DA-487E-AD4A-0B452D823B59}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1]
(Default) = "QuickFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF50AC63-19DA-487E-AD4A-0B452D823B59}]
(Default) = ""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Iprip]
(Default) = "Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Iprip]
(Default) = "Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP\0000\Control]
*NewlyCreated* = 0x00000000
ActiveService = "Iprip"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP\0000]
Service = "Iprip"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Remote IPRIP Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP]
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip\Enum]
0 = "Root\LEGACY_IPRIP\0000"
Count = 0x00000001
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip\Parameters]
ServiceDll = "%System%\liprip.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip]
Start = 0x00000002
Type = 0x00000020
ErrorControl = 0x00000001
ImagePath = "%System%\svchost.exe -k netsvcs"
DisplayName = "Remote IPRIP Service"
ObjectName = "LocalSystem"
Description = "Listener reads Remote Routing Information Protocol (RIP) packets"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iprip]
(Default) = "Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Iprip]
(Default) = "Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP\0000\Control]
*NewlyCreated* = 0x00000000
ActiveService = "Iprip"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP\0000]
Service = "Iprip"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Remote IPRIP Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP]
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip\Enum]
0 = "Root\LEGACY_IPRIP\0000"
Count = 0x00000001
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip\Parameters]
ServiceDll = "%System%\liprip.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip]
Start = 0x00000002
Type = 0x00000020
ErrorControl = 0x00000001
ImagePath = "%System%\svchost.exe -k netsvcs"
DisplayName = "Remote IPRIP Service"
ObjectName = "LocalSystem"
Description = "Listener reads Remote Routing Information Protocol (RIP) packets"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF50AC63-19DA-487E-AD4A-0B452D823B59}]
Flags = 0x00000000
Version = "*"
(Default) = ""

http://www.threatexpert.com/report.aspx?md5=a0a5c545977a2df53a6dc61d0860aada
TF服务倒是挺快的

palfan

广告文件

star_xing

ACCESS DENIED
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://bbs.kafan.cn/attachment.p ... d4&t=1211353395

The folowing error was encountered:

The requested object is INFECTED. The following viruses not-a-virus:AdWare.Win32.BHO.ayn were found

Please contact your service provider if you feel this is incorrect.



--------------------------------------------------------------------------------

Generated Wed May 21 15:04:54 2008 by 卡巴斯基反病毒软件 7.0

qigang

RS20.45.22未杀！

BING126

McAfee  MISS

allinwonderi

ArcaVir , FP miss.

尤金卡巴斯基

已删除：广告程序 not-a-virus:AdWare.Win32.BHO.ayn        文件　: G:\Temp\adware.rar/adware.exe8//WISE0005.BIN
已删除：广告程序 not-a-virus:AdWare.Win32.BHO.ayn        文件　: G:\Temp\adware.rar/adware.exe8//WISE0006.BIN
已删除：广告程序 not-a-virus:AdWare.Win32.BHO.ayn        文件　: G:\Temp\adware.rar/adware.exe8//WISE0007.BIN