00409EF2 mov eax, 0040A08C accept: */*
00409F07 push 0040A098 http/1.0
00409F15 push 0040A0A4 post
00409F3A push 0040A0AC content-type: application/x-www-form-urlencoded
0040A518 push 0040A6BC nothing
0040A5D8 mov ecx, 0040A6CC .dat
0040A628 push 0040A6DC da
0040A771 push 0040A7D8 ntdll.dll
0040A792 push 0040A7E4 zwunmapviewofsection
0040AC39 push 0040AC54 virtualallocex
0040AC3E push 0040AC64 kernel32.dll
0040BA3B mov edx, 0040BA90 error! maybe can't get all data out!\n
0040C033 push 0040C09C http://
0040C0CB mov eax, 0040C134 vxq5:v5pgtfp5:s5:t57
0040C0DE mov eax, 0040C154 75+5{`y
0040C1FC push 0040C25C sedebugprivilege
0040C58C mov edx, 0040C660 =
0040C8CD mov ecx, 0040C95C \
0040C8DA mov eax, 0040C968 :
0040C900 mov eax, 0040C968 :
0040C918 mov ecx, 0040C974 \program files\internet explorer\iexplore.exe
0040CA7B mov edx, 0040CC48 hello
0040CB20 mov edx, 0040CC58 200
0040CCFD mov ecx, 0040CD38 \
0040D412 mov edx, 0040D490 $
0040D61D push 0040D828 rpcrt4.dll
0040D66C push 0040D834 uuidcreate
0040D682 push 0040D840 uuidcreatesequential
0040D699 push 0040D834 uuidcreate
0040D6AB push 0040D840 uuidcreatesequential
0040D73F push 0040D860 -
0040D75C push 0040D860 -
0040D779 push 0040D860 -
0040D796 push 0040D860 -
0040D7B3 push 0040D860 -
0040D95B mov edx, 0040D9E0 unknown
0040D969 mov edx, 0040D9F0 windows 95
0040D977 mov edx, 0040DA04 windows 98
0040D985 mov edx, 0040DA18 windows 98 se
0040D993 mov edx, 0040DA30 windows me
0040D9A1 mov edx, 0040DA44 windows nt
0040D9AF mov edx, 0040DA58 windows 2000
0040D9BD mov edx, 0040DA70 windows xp
0040D9CB mov edx, 0040DA84 未知数据
0040DC8A push 0040DDE0 afx:400000:0
0040DCA0 push 0040DDF0 q360safemonclass
0040DCB2 push 0040DE04 允许此动作
0040DCB7 push 0040DE10 button
0040DCC6 push 0040DE18 重启前对该项采用相同操作,不再进行提示
0040DCCB push 0040DE10 button
0040DCDB push 0040DE40 确定
0040DCE0 push 0040DE10 button
0040DCF1 push 0040DE48 richedit
0040DE91 mov edx, 0040DF24 <
0040DECA mov edx, 0040DF30 </
0040E4E0 mov ecx, 0040E6BC %
0040E4E5 mov edx, 0040E6BC %
0040E509 push 0040E6BC %
0040E511 push 0040E6BC %
0040E56B push 0040E6C8 ‰
0040E573 push 0040E6C8 ‰
0040E59B push 0040E6BC %
0040E5A3 push 0040E6BC %
0040E60B mov ecx, 0040E6BC %
0040E610 mov edx, 0040E6BC %
0040E632 mov eax, 0040E6C8 ‰
0040E647 mov edx, 0040E6CC ‰
0040E66A mov ecx, 0040E6BC %
0040E79E mov edx, 0040E81C $
0040E86F mov eax, 0040E8D0 config
0040E8F3 push 0040E914 sharedaccess
0040EF46 mov edx, 0040EF8C dkdkdkdkdkdk
0040EF59 mov edx, 0040EFA4 dddddddddddd
0040EFCA mov edx, 0040F01C aiaiaiaiaiai
0040EFDC push 0040F02C aidm
0040F04A mov edx, 0040F09C fdfdfdfdfd
0040F05C push 0040F0A8 fdus
0040F0C6 mov edx, 0040F10C wfwfwfwfwf
0040F0D9 mov edx, 0040F120 wwwwwwwwwww
0040F142 mov edx, 0040F194 mbmbmbmbmb
0040F154 push 0040F1A0 mbvh
0040F1FD mov edx, 0040F404 http://aa.9234.net/processid.txt?
0040F239 mov edx, 0040F430 http://aa.9234.net/iename.txt?
0040F388 mov ecx, 0040F458 "
0040F38D mov edx, 0040F464 checktimer="
0040F492 push 0040F5C0 mac=
0040F4AD push 0040F5D0 &name=
0040F4C8 push 0040F5E0 &os=
0040F4E3 push 0040F5F0 &ver=
0040F4F8 push 0040F600 &userid=
0040F50D push 0040F614 &flag=
0040F577 mov ecx, 0040F624 send ok!
0040F646 mov edx, 0040F68C vbvbvbvbvbvb
0040F659 mov edx, 0040F6A4 vvvvvvvvvvvv
0040F6CA mov edx, 0040F71C qeqeqeqeqeqe
0040F6DC push 0040F72C qedc
0040F74A mov edx, 0040F790 rvrvrvrvrvrvrv
0040F75D mov edx, 0040F7A8 rrrrrrrrrrrr
0040F92F mov edx, 00412698 过卡吧免杀
0040F967 mov edx, 004126AC wefwefwefwefwefwefwfwef
0040F974 mov edx, 004126C4 settings
0040F979 mov eax, 004126D0 config
0040F9FE mov edx, 004126E0 log.txt
0040FA1C push 004126E8 -update
0040FA45 mov edx, 004126F8 fuckkugoo
0040FA56 mov edx, 0041270C kugoo
0040FA65 mov edx, 0041271C update!mylove...
0040FA78 mov edx, 00412744 configurl
0040FAA8 mov edx, 00412758 statcounturl
0040FAD8 mov edx, 00412770 execounturl
0040FB08 mov edx, 00412784 existscounturl
0040FB38 mov edx, 0041279C resetcounturl
0040FB68 mov edx, 004127B4 exename
0040FB98 mov edx, 004127C4 configname
0040FBC8 mov edx, 004127D8 checktimer
0040FBF2 mov edx, 004127EC delaytimer
0040FC19 mov edx, 00412800 serverver
0040FC4C mov edx, 00412814 checkid
0040FC82 mov edx, 00412824 userid
0040FD1D mov edx, 00412834 recordini.ini
0040FD54 push 0041284C ~
0040FD6F push 00412858 .dat
0040FDD9 mov ecx, 0041284C ~
0040FE16 push 0041284C ~
0040FE31 push 00412868 .update
0040FE73 mov edx, 00412878 .bak!
0040FED7 push 00412888 .txt
0040FF20 mov eax, 00412898 qg|cpgfiwppe;flf
0040FF63 mov edx, 004128B4 spoolsv.exe
0040FF97 mov edx, 004128C8 resettest.txt
0040FFBD mov edx, 004128E0 0
00410066 mov edx, 004128EC 1
0041014A push 00410174 j
004102C8 mov eax, 004128F8 updateurl
004102FE mov ecx, 0041290C "
00410303 mov edx, 00412918 ver="
00410344 mov ecx, 0041290C "
00410349 mov edx, 00412928 sleep="
0041038A mov ecx, 00412938 </
0041038F mov edx, 00412944 >
004103B5 mov eax, 00412950 counturl
004103EB mov ecx, 0041290C "
004103F0 mov edx, 00412964 switch="
00410430 mov ecx, 00412938 </
00410435 mov edx, 00412944 >
0041045B mov eax, 00412978 startpage
00410491 mov ecx, 0041290C "
00410496 mov edx, 0041298C lock="
004104D6 mov ecx, 0041290C "
004104DB mov edx, 0041299C rerun="
0041051B mov ecx, 00412938 </
00410520 mov edx, 00412944 >
00410546 mov eax, 004129AC file
0041058A mov ecx, 0041290C "
0041058F mov edx, 004129BC run="
004105CA mov ecx, 0041290C "
004105CF mov edx, 004129CC max="
0041060D mov ecx, 0041290C "
00410612 mov edx, 004129DC show="
00410650 mov ecx, 0041290C "
00410655 mov edx, 004129EC noexists="
004106A2 mov ecx, 0041290C "
004106A7 mov edx, 00412928 sleep="
004106E8 mov ecx, 0041290C "
004106ED mov edx, 00412A00 exever="
00410703 mov edx, 004128E0 0
0041073F mov ecx, 0041290C "
00410744 mov edx, 00412A14 being="
00410782 mov ecx, 0041290C "
00410787 mov edx, 00412A24 cqaz="
004107C5 mov ecx, 0041290C "
004107CA mov edx, 00412A34 userid="
00410817 mov ecx, 00412938 </
0041081C mov edx, 00412944 >
00410858 mov ecx, 0041290C "
0041085D mov edx, 00412A48 name="
004108C3 mov eax, 00412A58 \
00410921 mov edx, 00412A5C popurl
00410976 mov ecx, 00412938 </
0041097B mov edx, 00412944 >
004109BC mov ecx, 0041290C "
004109C1 mov edx, 00412A6C pop="
00410A02 mov ecx, 0041290C "
00410A07 mov edx, 004129DC show="
00410A4B mov ecx, 0041290C "
00410A50 mov edx, 00412A7C close="
00410A97 mov ecx, 0041290C "
00410A9C mov edx, 00412928 sleep="
00410AE3 mov ecx, 0041290C "
00410AE8 mov edx, 004129CC max="
00410B2C mov ecx, 0041290C "
00410B31 mov edx, 0041299C rerun="
00410B5F mov edx, 00412A84 config
00410B9C mov ecx, 0041290C "
00410BA1 mov edx, 00412A94 execount="
00410D4C mov edx, 00412AA8 exever=
00410D63 push 00412AB0 noexists
00410DC7 push 00412AC4 mac=
00410DEE push 00412AD4 &exever=
00410E07 push 00412AE8 &being=
00410E0C push 004128EC 1
00410E11 push 00412AF8 &userid=
00410E2C push 00412B0C &flag=
00410E45 push 004128EC 1
00410EC2 mov ecx, 00412B1C send ok!
00410EF2 push 00412AB0 noexists
00410F72 mov edx, 004128E0 0
004110BC mov edx, 004128E0 0
004110F6 push 00412AC4 mac=
0041111D push 00412B30 &name=
00411144 push 00412AD4 &exever=
0041115D push 00412B40 &ver=
00411178 push 00412AF8 &userid=
00411193 push 00412B0C &flag=
00411230 mov ecx, 00412B1C send ok!
004112E3 mov edx, 004128EC 1
00411309 push 00412B48 start page
0041130E push 00412B54 software\microsoft\internet explorer\main
0041136C mov edx, 00412B48 start page
00411383 mov edx, 00412B54 software\microsoft\internet explorer\main
004113B0 push 00412B80 fuckpage
004113B5 push 00412B54 software\microsoft\internet explorer\main
00411413 mov edx, 00412B48 start page
0041142A mov edx, 00412B54 software\microsoft\internet explorer\main
00411469 mov edx, 00412B80 fuckpage
00411480 mov edx, 00412B54 software\microsoft\internet explorer\main
004114DD mov edx, 004128E0 0
00411509 push 00412B8C software\zdkkdz\pop
00411553 push 00412BA8 "
0041155B push 0041290C "
0041160B mov edx, 00412B8C software\zdkkdz\pop
0041164D push 00412BAC count2
00411652 push 00412BB4 software\zdkkdz
0041166E mov edx, 004128EC 1
004116C9 push 004128EC 1
004116CE push 00412BCC count2
004116D9 mov edx, 00412BB4 software\zdkkdz
00411800 mov edx, 004128EC 1
00411894 mov ecx, 0041290C "
00411899 mov edx, 00412BDC delaytimer="
004118D6 mov ecx, 0041290C "
004118DB mov edx, 00412BF4 checktimer="
00411986 mov ecx, 0041290C "
0041198B mov edx, 00412C0C resetcount="
004119F2 push 00412C24 ver=
00411A0D push 00412C34 &mac=
00411A34 push 00412AF8 &userid=
00411A4F push 00412C44 &is_old=
00411A6A push 00412B0C &flag=
00411B05 mov ecx, 00412B1C send ok!
00411B9B mov ecx, 0041290C "
00411BA0 mov edx, 00412964 switch="
00411BC3 push 00412964 switch="
00411BDE push 00412C58 ">
00411C2F mov ecx, 00412938 </
00411C9D push 00412C5C count1
00411CA2 push 00412BB4 software\zdkkdz
00411CBE mov edx, 004128EC 1
00411CCF push 004128EC 1
00411CD4 push 00412C6C count1
00411CDF mov edx, 00412BB4 software\zdkkdz
00411D3E mov edx, 00412C74 http://aa.9234.net/processid.txt
00411D8C mov edx, 00412CA0 http://aa.9234.net/iename.txt?
0041209D push 00412CC8
004120A2 push 00412CD4 -update
00412104 mov eax, 00412CDC beep
0041216A mov eax, 00412CDC beep
004122E5 push 00412CC8
004122EA push 00412CEC -start
004123D1 mov edx, 00412CF4 software\microsoft\windows\currentversion\run
004123EC push 00412D2C .exe
004123F1 push 00412D3C modriskfiletypes
004123FC mov edx, 00412D50 software\microsoft\windows\currentversion\policies\associations
0041245C push 004126E8 -update
004124A1 push 00412D90 -start
004124CF push 004126E8 -update
00412553 mov ecx, 00412D98 pop
00412558 mov edx, 00412D9C software\zdkkdz\
0041259F mov edx, 00412CC8 |
发表于 2009-3-15 19:47:31
发表于 2009-3-15 19:50:31
发表于 2009-3-15 19:51:53
楼主
发表于 2009-3-15 20:24:30
