收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 不到一小时又更新了(09021302)
1234
返回列表 发新帖
楼主: ghj89100062
 收起左侧

[病毒样本] 不到一小时又更新了(09021302)

[复制链接]
ghj89100062
 楼主| 发表于 2009-2-13 20:02:15 | 显示全部楼层

回复 30楼 cliffboy 的帖子

saga3721说的是对的
这没什么好争的
回复

举报

黑衣~魂
发表于 2009-2-13 20:09:45 | 显示全部楼层
任何一家廠商在我舉報中都有分析錯誤的經驗

所以靜待其他廠商分析結果

再通知瑞星應該大概就入庫了

有些廠商還會因為理念關係不削對方廠商分析師說的呢


kaspersky、PANDA與sophos這些廠商還爭執過
相互報對方的data file,有時候各家有各家的立場還會吵架勒


[ 本帖最后由 黑衣~魂 于 2009-2-13 20:13 编辑 ]
回复

举报

yunaffx
发表于 2009-2-13 20:45:04 | 显示全部楼层
QvodSetup3.exe  ????貌似以前NOD32报过。。。
回复

举报

sbbdms
发表于 2009-2-13 22:38:03 | 显示全部楼层
当RS回复我上报的BOBO***病毒,说他们不是病毒时,我就已经对RS彻底地失望+汗颜了…………
回复

举报

cliffboy
发表于 2009-2-15 09:45:30 | 显示全部楼层

回复 19楼 kingmuro 的帖子

尊敬的客户,您好!

您的邮件已经收到,感谢您对瑞星的支持。


我们已经详细分析过您的问题和文件,以下是您上传的文件的分析结果:

1、文件名:QvodSetup3.exe

   病毒名:Dropper.Win32.Undef.oz


您所上报的病毒文件将在瑞星2009的21.16.60版本(瑞星2008的20.83.60版本)中处理解决
回复

举报

honker_feng
发表于 2009-2-15 10:06:15 | 显示全部楼层
木马名称:Trojan-Dropper.Win32.Agent.zhp

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\QVODSETUP3\QVODSETUP3.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

解压缩的时候微点报的
回复

举报

xiaojinglf
发表于 2009-2-15 13:27:48 | 显示全部楼层
----------------------------------
删除键:1
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}\Implemented Categories\{00021492-0000-0000-C000-000000000046}

----------------------------------
增加键:71
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40257F7A-370F-464E-8EDB-4695F5612E23}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40257F7A-370F-464E-8EDB-4695F5612E23}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFAD38D7-3A1B-4F44-8E33-4DBBAA3D8F05}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFAD38D7-3A1B-4F44-8E33-4DBBAA3D8F05}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFAD38D7-3A1B-4F44-8E33-4DBBAA3D8F05}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFAD38D7-3A1B-4F44-8E33-4DBBAA3D8F05}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\ipconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\ipconfig\DEBUG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcidump
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcidump\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcidump\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RESSDT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RESSDT\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RESSDT\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sectolr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sectolr\Security
回复

举报

xiaojinglf
发表于 2009-2-15 13:28:15 | 显示全部楼层
----------------------------------
增加值:
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40257F7A-370F-464E-8EDB-4695F5612E23}\InProcServer32\: "C:\WINDOWS\system32\kgilnfna.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40257F7A-370F-464E-8EDB-4695F5612E23}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\VersionIndependentProgID\: "Dnf.dnfatl"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\TypeLib\: "{773D81C4-03C8-4692-BF07-425FEAE88A8B}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\ProgID\: "Dnf.dnfatl.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\InprocServer32\: "C:\WINDOWS\Fonts\fcdgqoas.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\InprocServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647D335-DD98-4472-96D0-9196B86F7B0F}\: "dnfatl Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFAD38D7-3A1B-4F44-8E33-4DBBAA3D8F05}\TypeLib\: "{773D81C4-03C8-4692-BF07-425FEAE88A8B}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFAD38D7-3A1B-4F44-8E33-4DBBAA3D8F05}\TypeLib\Version: "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFAD38D7-3A1B-4F44-8E33-4DBBAA3D8F05}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFAD38D7-3A1B-4F44-8E33-4DBBAA3D8F05}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFAD38D7-3A1B-4F44-8E33-4DBBAA3D8F05}\: "Idnfatl"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}\1.0\0\win32\: "C:\WINDOWS\Fonts\fcdgqoas.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}\1.0\HELPDIR\: "C:\WINDOWS\Fonts\"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}\1.0\FLAGS\: "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{773D81C4-03C8-4692-BF07-425FEAE88A8B}\1.0\: "dnf 1.0 Type Library"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl\CurVer\: "Dnf.dnfatl.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl\CLSID\: "{C647D335-DD98-4472-96D0-9196B86F7B0F}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl\: "dnfatl Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl.1\CLSID\: "{C647D335-DD98-4472-96D0-9196B86F7B0F}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dnf.dnfatl.1\: "dnfatl Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\ipconfig\DEBUG\Trace Level: ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{40257F7A-370F-464E-8EDB-4695F5612E23}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{C647D335-DD98-4472-96D0-9196B86F7B0F}: 00 F6 E1 00 3F 3F 01 00 00 00 7B 43 36 34 37 44 33 33 35 2D 44 44 39 38 2D 34 34 37 32 2D 39 36 44 30 2D 39 31 39 36 42 38 36 46 37 42 30 46 7D 00 00 24 00 00 00 98 F6 3F 80 00 00 00 00 00 00 00 00 00 00 00 4C 00 4E 00 00 AC FD 7F 3F 00 00 C8 F6 3F 3F 83 7C 00 00 00 00 01 00 00 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\40257F7A: "{40257F7A-370F-464E-8EDB-4695F5612E23}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\C:\WINDOWS\Fonts\fcdgqoas.dll: 7B 43 36 34 37 44 33 33 35 2D 44 44 39 38 2D 34 34 37 32 2D 39 36 44 30 2D 39 31 39 36 42 38 36 46 37 42 30 46 7D 00 00 24 00 00 00 98 F6 3F 80 00 00 00 00 00 00 00 00 00 00 00 4C 00 4E 00 00 AC FD 7F 3F 00 00 C8 F6 3F 3F 83 7C 00 00 00 00 01 00 00 00 00 00 00 00 00 AC FD 7F 4E 62 C1 77
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations: 5C 3F 3F 5C 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 42 2E 74 6D 70 00 00 5C 3F 3F 5C 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 42 2E 74 6D 70 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000\Control\*NewlyCreated*: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000\Control\ActiveService: "pcidump"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000\Service: "pcidump"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000\Legacy: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000\ConfigFlags: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000\Class: "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\0000\DeviceDesc: "pcidump"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIDUMP\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000\Control\*NewlyCreated*: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000\Control\ActiveService: "RESSDT"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000\Service: "RESSDT"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000\Legacy: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000\ConfigFlags: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000\Class: "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\0000\DeviceDesc: "RESSDT"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RESSDT\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\Control\*NewlyCreated*: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\Control\ActiveService: "Secdrv"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\Service: "Secdrv"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\Legacy: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\ConfigFlags: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\Class: "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\DeviceDesc: "Secdrv"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv\Enum\0: "Root\LEGACY_SECDRV\0000"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\Temp\QvodSetupPlus3.exe: "C:\Documents and Settings\Administrator\Local Settings\Temp\QvodSetupPlus3.exe:*:Enabled:QVOD"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\Enum\0: "Root\LEGACY_PCIDUMP\0000"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\Type: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\Start: 0x00000004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\ErrorControl: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\ImagePath: "System32\DRIVERS\pcidump.sys"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\DisplayName: "pcidump"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcidump\DeleteFlag: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\Enum\0: "Root\LEGACY_RESSDT\0000"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\Type: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\Start: 0x00000003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\ErrorControl: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\ImagePath: "\??\C:\WINDOWS\system32\drivers\acpiec.sys"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RESSDT\DisplayName: "RESSDT"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\Type: 0x00000010
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\Start: 0x00000002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\ErrorControl: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\ImagePath: "c:\windows\system32\rundll32.exe dbi121.dll,kutfhjpo"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\DisplayName: "Security Control"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\ObjectName: "LocalSystem"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\Description: "控制系统安全设置和配置。"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sectolr\List: 01 00 00 00 64 62 69 31 32 31 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations: 5C 3F 3F 5C 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 42 2E 74 6D 70 00 00 5C 3F 3F 5C 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 42 2E 74 6D 70 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000\Control\*NewlyCreated*: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000\Control\ActiveService: "pcidump"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000\Service: "pcidump"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000\Legacy: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000\ConfigFlags: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000\Class: "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\0000\DeviceDesc: "pcidump"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIDUMP\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000\Control\*NewlyCreated*: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000\Control\ActiveService: "RESSDT"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000\Service: "RESSDT"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000\Legacy: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000\ConfigFlags: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000\Class: "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\0000\DeviceDesc: "RESSDT"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESSDT\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\Control\*NewlyCreated*: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\Control\ActiveService: "Secdrv"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\Service: "Secdrv"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\Legacy: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\ConfigFlags: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\Class: "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\DeviceDesc: "Secdrv"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv\Enum\0: "Root\LEGACY_SECDRV\0000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\Temp\QvodSetupPlus3.exe: "C:\Documents and Settings\Administrator\Local Settings\Temp\QvodSetupPlus3.exe:*:Enabled:QVOD"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcidump\Enum\0: "Root\
回复

举报

xiaojinglf
发表于 2009-2-15 13:28:44 | 显示全部楼层
----------------------------------
修改值:56
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 1F 3F 91 82 35 03 B9 29 F7 9C CB 4E 63 0E CA 16 8C 93 29 AF 41 13 8B 44 40 E6 62 DE BC 0E 54 D9 C0 16 CA 33 55 20 45 29 75 17 92 57 B7 36 AF 7A 93 58 B6 18 03 D8 62 99 90 5F 76 A2 C3 4B 76 CF 4E 8E 04 28 72 D6 DF 5F A4 D4 F7 04 D5 DD 35 D9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: BA D5 AE A0 7F AB E0 CF 3D 60 F1 45 3C 6E C9 F7 31 4C AB 12 3A 1F 5B F5 E2 59 45 34 A9 4A 96 45 75 FA 94 A3 B6 37 99 69 DF 7C A0 89 58 F2 11 83 07 79 C7 B9 D7 15 CD CA C8 E3 C2 B5 3E 34 39 FB B9 C9 9A A0 89 60 C9 FF 6D 5B 1E DB 88 09 0B B7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory: "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory: "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath: "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath: "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath: "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath: "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath: "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath: "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath: "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath: "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x000002CE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x00000301
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x000000B7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x000000C9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: "kgilnfna.dll"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{38A7E5A1-78ED-46F6-95A5-37297860EED0}: 2C 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 C0 A8 CB 02 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 C0 A8 CB 02 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 C0 A8 CB 02 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 E9 A4 97 49 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 C0 A8 CB FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 E9 A4 97 49 05 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{38A7E5A1-78ED-46F6-95A5-37297860EED0}: 2C 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 C0 A8 CB 02 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 C0 A8 CB 02 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 C0 A8 CB 02 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 6E A8 97 49 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 C0 A8 CB FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 6E A8 97 49 05 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x00000017
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x00000019
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\LeaseObtainedTime: 0x49979DE1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\LeaseObtainedTime: 0x4997A166
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\T1: 0x4997A165
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\T1: 0x4997A4EA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\T2: 0x4997A408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\T2: 0x4997A78D
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\LeaseTerminatesTime: 0x4997A4E9
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\LeaseTerminatesTime: 0x4997A86E
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\LeaseObtainedTime: 0x49979DE1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\LeaseObtainedTime: 0x4997A166
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\T1: 0x4997A165
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\T1: 0x4997A4EA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\T2: 0x4997A408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\T2: 0x4997A78D
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\LeaseTerminatesTime: 0x4997A4E9
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\LeaseTerminatesTime: 0x4997A86E
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{38A7E5A1-78ED-46F6-95A5-37297860EED0}: 2C 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 C0 A8 CB 02 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 C0 A8 CB 02 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 C0 A8 CB 02 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 E9 A4 97 49 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 E9 A4 97 49 C0 A8 CB FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 E9 A4 97 49 05 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{38A7E5A1-78ED-46F6-95A5-37297860EED0}: 2C 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 C0 A8 CB 02 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 C0 A8 CB 02 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 C0 A8 CB 02 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 6E A8 97 49 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 6E A8 97 49 C0 A8 CB FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 6E A8 97 49 05 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x00000017
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x00000019
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\LeaseObtainedTime: 0x49979DE1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\LeaseObtainedTime: 0x4997A166
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\T1: 0x4997A165
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\T1: 0x4997A4EA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\T2: 0x4997A408
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\T2: 0x4997A78D
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\LeaseTerminatesTime: 0x4997A4E9
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\LeaseTerminatesTime: 0x4997A86E
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\LeaseObtainedTime: 0x49979DE1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\LeaseObtainedTime: 0x4997A166
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\T1: 0x4997A165
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\T1: 0x4997A4EA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\T2: 0x4997A408
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\T2: 0x4997A78D
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\LeaseTerminatesTime: 0x4997A4E9
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{38A7E5A1-78ED-46F6-95A5-37297860EED0}\Parameters\Tcpip\LeaseTerminatesTime: 0x4997A86E

HKEY_USERS\S-1-5-21-823518204-651377827-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: 0x00000001
HKEY_USERS\S-1-5-21-823518204-651377827-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: 0x00000002
HKEY_USERS\S-1-5-21-823518204-651377827-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0x00000001
HKEY_USERS\S-1-5-21-823518204-651377827-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0x00000000

----------------------------------
文件增加:40
----------------------------------
C:\WINDOWS\system32\drivers\pcidump.sys
C:\WINDOWS\system32\drivers\1.txt
C:\WINDOWS\system32\drivers\2.txt
C:\WINDOWS\system32\drivers\3.txt
C:\WINDOWS\system32\drivers\4.txt
C:\WINDOWS\system32\sadfasdf.jpg
C:\WINDOWS\system32\killkb.dll
C:\WINDOWS\system32\kgilnfna.dll
C:\WINDOWS\system32\dbi121.dll
C:\WINDOWS\Fonts\fcdgqoas.dll
C:\WINDOWS\Fonts\dnf0209.dat
C:\WINDOWS\Fonts\pwqrimwd.dat
C:\WINDOWS\update.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\C__DOCUME~1_ADMINI~1_LOCALS~1_Temp_QvodSetupPlus.exe.mem
C:\Documents and Settings\Administrator\Local Settings\Temp\3385d1.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\349722.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\188bt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\188bt.exe.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\qd.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\QvodSetupPlus.exe.!qd
C:\Documents and Settings\Administrator\Local Settings\Temp\C__DOCUME~1_ADMINI~1_LOCALS~1_Temp_QvodSetupPlus.exe.torrent
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BPIX40VY\index[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BPIX40VY\ystat[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BPIX40VY\pic[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0R218ZW1\downs[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0R218ZW1\CA6JGD63.htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KBA723E5\ystat[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KBA723E5\stat[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ODER45UJ\downs[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ODER45UJ\CAYO4F55.htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ODER45UJ\stat[1].htm
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Documents and Settings\Administrator\Recent\QvodSetup3.part2.rar.lnk
C:\Documents and Settings\Administrator\桌面\注册表监视器\注册表监视器.exe
C:\Documents and Settings\Administrator\桌面\注册表监视器\第一次运行程序前请导入.reg
C:\Documents and Settings\Administrator\桌面\注册表监视器\22.reg
C:\Documents and Settings\Administrator\Cookies\administrator@cnzz[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@188bt[2].txt
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A



----------------------------------
文件修改:
----------------------------------
C:\WINDOWS\system32\drivers\etc\hosts
C:\WINDOWS\system32\drivers\acpiec.sys
C:\WINDOWS\inf\intl.PNF

----------------------------------
目录增加:18
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\..
C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Adobe\.
C:\Documents and Settings\Administrator\Application Data\Adobe\..
C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player
C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\.
C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\..
C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache
C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache\.
C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache\..
C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache\LEH342LD
C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache\LEH342LD\.
C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache\LEH342LD\..
回复

举报

1234
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-7-16 12:27 , Processed in 0.089535 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表