WmpUpdate.exe

显示全部楼层 · 发表于 2008-9-23 23:54:08

卡巴报 Trojan-Downloader.Win32.Agent.agiy

报的很少

[ 本帖最后由浪滔天于 2008-10-29 21:49 编辑 ]

显示全部楼层 · 发表于 2008-9-24 01:01:39

怎么看都像是KAV误报

显示全部楼层 · 发表于 2008-9-24 10:21:38

ess3.0不报

显示全部楼层 · 发表于 2008-9-24 11:44:40

是个自解压文件;下面的注释包含自释放脚本命令

Path=%windir%\system32\
SavePath
Setup=rundll32 %WinDir%\System32\WmpUpdate.dll CheckUpdate
Silent=1
Overwrite=2

就三个dll文件

显示全部楼层 · 发表于 2008-9-24 19:43:36

WmpUpdate.exe （事件： 115）
2008-09-24 19:31:22 WmpUpdate.exe 启动进程 F:\病毒样本\WmpUpdate.exe
2008-09-24 19:31:26 WmpUpdate.exe 自动运行
2008-09-24 19:31:30 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2008-09-24 19:31:30 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2008-09-24 19:31:30 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:35 WmpUpdate.exe 读取 C:\WINDOWS\system32\SHELL32.dll
2008-09-24 19:31:35 WmpUpdate.exe 读取 C:\WINDOWS\win.ini
2008-09-24 19:31:36 WmpUpdate.exe 创建 C:\WINDOWS\system32\WmpUpdate.dll
2008-09-24 19:31:36 WmpUpdate.exe 创建 C:\WINDOWS\system32\WmpUpdate.dll
2008-09-24 19:31:36 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:36 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:36 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:36 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:36 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:36 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:36 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:36 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:36 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
2008-09-24 19:31:36 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:40 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 C:\WINDOWS\system32\shdocvw.dll
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 C:\WINDOWS\system32\WININET.dll
2008-09-24 19:31:40 WmpUpdate.exe 读取 C:\WINDOWS\system32\shdocvw.dll
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32
2008-09-24 19:31:40 WmpUpdate.exe 读取 C:\WINDOWS\system32\urlmon.dll
2008-09-24 19:31:40 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32
2008-09-24 19:31:43 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
2008-09-24 19:31:43 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
2008-09-24 19:31:43 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2008-09-24 19:31:43 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2008-09-24 19:31:43 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\exefile\shell\open\command
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\exefile\shell\open\command
2008-09-24 19:31:44 WmpUpdate.exe 读取 hklm\SOFTWARE\Classes\exefile\shell\open\command
2008-09-24 19:31:44 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:50 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:50 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:50 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:50 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:50 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:50 WmpUpdate.exe 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
2008-09-24 19:31:50 WmpUpdate.exe 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:31:50 WmpUpdate.exe 读取 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:32:01 WmpUpdate.exe 启动进程 c:\windows\system32\rundll32.exe
2008-09-24 19:32:02 WmpUpdate.exe 退出进程 F:\病毒样本\WmpUpdate.exe

显示全部楼层 · 发表于 2008-9-24 19:44:16

Generic Host Process for Win32 Services （事件： 31）
2008-09-24 19:33:07 Generic Host Process for Win32 Services 创建 HKEY_USERS\REGISTRY\USER\S-1-5-21-2025429265-308236825-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\TELEPHONY\HANDOFFPRIORITIES\MEDIAMODES
2008-09-24 19:33:07 Generic Host Process for Win32 Services 创建 HKEY_USERS\REGISTRY\USER\S-1-5-21-2025429265-308236825-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\TELEPHONY\HANDOFFPRIORITIES\MEDIAMODES
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpRetryStatus
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Epoch/Epoch
2008-09-24 19:40:59 Generic Host Process for Win32 Services 删除 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters/DhcpNameServer
2008-09-24 19:40:59 Generic Host Process for Win32 Services 删除 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpNameServer
2008-09-24 19:40:59 Generic Host Process for Win32 Services 删除 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters/DhcpDomain
2008-09-24 19:40:59 Generic Host Process for Win32 Services 删除 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpDomain
2008-09-24 19:40:59 Generic Host Process for Win32 Services 删除 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpSubnetMaskOpt
2008-09-24 19:40:59 Generic Host Process for Win32 Services 删除 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}\Parameters\Tcpip/DhcpSubnetMaskOpt
2008-09-24 19:40:59 Generic Host Process for Win32 Services 删除 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpDefaultGateway
2008-09-24 19:40:59 Generic Host Process for Win32 Services 删除 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}\Parameters\Tcpip/DhcpDefaultGateway
2008-09-24 19:40:59 Generic Host Process for Win32 Services 创建 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters/DhcpNameServer
2008-09-24 19:40:59 Generic Host Process for Win32 Services 创建 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpNameServer
2008-09-24 19:40:59 Generic Host Process for Win32 Services 创建 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpDefaultGateway
2008-09-24 19:40:59 Generic Host Process for Win32 Services 创建 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}\Parameters\Tcpip/DhcpDefaultGateway
2008-09-24 19:40:59 Generic Host Process for Win32 Services 创建 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters/DhcpDomain
2008-09-24 19:40:59 Generic Host Process for Win32 Services 创建 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpDomain
2008-09-24 19:40:59 Generic Host Process for Win32 Services 创建 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpSubnetMaskOpt
2008-09-24 19:40:59 Generic Host Process for Win32 Services 创建 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}\Parameters\Tcpip/DhcpSubnetMaskOpt
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Dhcp\Parameters/{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/LeaseObtainedTime
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}\Parameters\Tcpip/LeaseObtainedTime
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/T1
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}\Parameters\Tcpip/T1
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/T2
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}\Parameters\Tcpip/T2
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/LeaseTerminatesTime
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}\Parameters\Tcpip/LeaseTerminatesTime
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FC9660D4-97DA-4840-9ADA-CFDD196EFE5D}/DhcpRetryStatus
2008-09-24 19:40:59 Generic Host Process for Win32 Services 修改 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Epoch/Epoch

显示全部楼层 · 发表于 2008-9-24 19:45:08

Microsoft(C) Register Server （事件： 126）
2008-09-24 19:32:43 Microsoft(C) Register Server 启动进程 C:\WINDOWS\system32\regsvr32.exe
2008-09-24 19:32:52 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\NTDLL.DLL
2008-09-24 19:32:52 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\KERNEL32.DLL
2008-09-24 19:32:52 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\MSVCRT.DLL
2008-09-24 19:32:52 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\REGSVR32.EXE
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\REGSVR32.EXE
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\ADVAPI32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\RPCRT4.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\SECUR32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\USER32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\GDI32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\OLE32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\SHIMENG.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\APPPATCH\ACGENRAL.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\WINMM.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\OLEAUT32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\MSACM32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\VERSION.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\SHELL32.dll
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\SHLWAPI.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\USERENV.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\UXTHEME.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\IMM32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\LPK.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\USP10.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\PSAPI.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\COMCTL32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\COMCTL32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\RPCSS.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\MSCTF.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\CRYPT32.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\MSASN1.DLL
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\WININET.dll
2008-09-24 19:33:00 Microsoft(C) Register Server 读取 C:\WINDOWS\APPPATCH\ACGENRAL.DLL
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:18 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\SHELL32.dll
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\COMCTL32.DLL
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 C:\WINDOWS\system32\WININET.dll
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Classes\CLSID\{5569e7f5-424b-4b93-89ca-79d17924689a}\InprocServer32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Classes\CLSID\{5569e7f5-424b-4b93-89ca-79d17924689a}\InprocServer32
2008-09-24 19:33:19 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Classes\CLSID\{5569e7f5-424b-4b93-89ca-79d17924689a}
2008-09-24 19:33:27 Microsoft(C) Register Server 读取 hklm\SOFTWARE\Classes\CLSID\{5569e7f5-424b-4b93-89ca-79d17924689a}\InprocServer32
2008-09-24 19:33:28 Microsoft(C) Register Server 创建 HKEY_CLASSES_ROOT\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}
2008-09-24 19:33:28 Microsoft(C) Register Server 修改 hklm\SOFTWARE\Classes\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}
2008-09-24 19:33:28 Microsoft(C) Register Server 创建 HKEY_CLASSES_ROOT\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}/(Default)
2008-09-24 19:33:28 Microsoft(C) Register Server 创建 HKEY_CLASSES_ROOT\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}\INPROCSERVER32
2008-09-24 19:33:28 Microsoft(C) Register Server 修改 hklm\SOFTWARE\Classes\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}\InprocServer32
2008-09-24 19:33:28 Microsoft(C) Register Server 创建 HKEY_CLASSES_ROOT\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}\InprocServer32/(Default)
2008-09-24 19:33:28 Microsoft(C) Register Server 修改 hklm\SOFTWARE\Classes\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}\InprocServer32
2008-09-24 19:33:28 Microsoft(C) Register Server 创建 HKEY_CLASSES_ROOT\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}\InprocServer32/ThreadingModel
2008-09-24 19:33:28 Microsoft(C) Register Server 退出进程 C:\WINDOWS\system32\regsvr32.exe

显示全部楼层 · 发表于 2008-9-24 19:49:20

Run a DLL as an App

2008-09-24 19:32:47 Run a DLL as an App 启动进程 c:\windows\system32\regsvr32.exe
2008-09-24 19:32:56 Run a DLL as an App 修改 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2008-09-24 19:32:56 Run a DLL as an App 创建 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run/Sys_Update
2008-09-24 19:33:06 Run a DLL as an App 创建 C:\Documents and Settings\GWH\Cookies\index.dat
2008-09-24 19:33:06 Run a DLL as an App 创建 C:\Documents and Settings\GWH\Cookies\index.dat
2008-09-24 19:33:06 Run a DLL as an App 读取 C:\Documents and Settings\GWH\Local Settings\History\History.IE5
2008-09-24 19:33:06 Run a DLL as an App 创建 C:\Documents and Settings\GWH\Local Settings\History\History.IE5\index.dat
2008-09-24 19:33:06 Run a DLL as an App 创建 C:\Documents and Settings\GWH\Local Settings\History\History.IE5\index.dat
2008-09-24 19:33:07 Run a DLL as an App 读取 C:\WINDOWS\system32\mlang.dll
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9

2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003

2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 hklm\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2008-09-24 19:33:07 Run a DLL as an App 读取 C:\WINDOWS\system32\TAPI32.dll
2008-09-24 19:33:07 Run a DLL as an App 读取 C:\autoexec.bat
2008-09-24 19:33:07 Run a DLL as an App 读取 C:\autoexec.bat
2008-09-24 19:33:07 Run a DLL as an App 修改 HKEY_USERS\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections/SavedLegacySettings
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2008-09-24 19:33:23 Run a DLL as an App 读取 hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2008-09-24 19:33:54 Run a DLL as an App 使用 DNS 系统服务功能隐藏发送数据到网络地址 upd.zbcb.istreaming.cn
2008-09-24 19:33:55 Run a DLL as an App 退出进程 C:\WINDOWS\system32\rundll32.exe
2008-09-24 19:36:18 Run a DLL as an App 读取 hklm\SOFTWARE\Classes\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}\InprocServer32
2008-09-24 19:36:18 Run a DLL as an App 读取 hklm\SOFTWARE\Classes\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}\InprocServer32
2008-09-24 19:36:18 Run a DLL as an App 读取 hklm\SOFTWARE\Classes\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}
2008-09-24 19:36:25 Run a DLL as an App 读取 hklm\SOFTWARE\Classes\CLSID\{52056C28-5E38-4424-8D4C-56656A73B6B2}\InprocServer32
2008-09-24 19:36:25 Run a DLL as an App 读取 C:\WINDOWS\system32\WININET.dll
2008-09-24 19:36:25 Run a DLL as an App 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2008-09-24 19:36:25 Run a DLL as an App 读取 hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2008-09-24 19:36:44 Run a DLL as an App 安装钩子 C:\WINDOWS\system32\HdtVideoPlugin.dll

显示全部楼层 · 发表于 2008-9-24 20:01:28

McAfee miss

显示全部楼层 · 发表于 2008-9-24 20:03:50

原帖由 BING126 于 2008-9-24 20:01 发表
McAfee miss

[病毒样本] WmpUpdate.exe

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块