syfwxmh 来又一强毒过卡巴4D防御

显示全部楼层 · 发表于 2009-4-11 23:34:23

虚拟机有快照还原...几秒中的时～～so我爱虚拟机

显示全部楼层 · 发表于 2009-4-11 23:34:42

不过个人感觉R0现在Syser最强，静态IDA最强，动态都不强..

显示全部楼层 · 发表于 2009-4-11 23:34:53

丁丁牛大大

显示全部楼层 · 发表于 2009-4-11 23:35:03

好久在样本区没看到这么长的帖子了..
还引来好多人..

显示全部楼层 · 发表于 2009-4-11 23:35:03

原帖由 丁丁牛 于 2009-4-11 23:33 发表

弱弱的问下。。。什么是硬盘炸弹。。。好玩吗。。。

很好玩。。很黄很暴力

我也给自己留了份。。下次警察叔叔来查我的时候

就给自己运行...刷几十万次硬盘。直接刷光所有证据

显示全部楼层 · 发表于 2009-4-11 23:35:24

相比这个样本我对你的硬盘炸弹更感兴趣，最好是穿影子和还原的那种。

显示全部楼层 · 发表于 2009-4-11 23:35:35

你那硬盘也该报废了

显示全部楼层 · 发表于 2009-4-11 23:36:24

90S的产物

Processes:
PID ParentPID User Path
--------------------------------------------------
0 0
4 0
556 4 NT AUTHORITY:SYSTEM C:\WINDOWS\System32\smss.exe
612 556 NT AUTHORITY:SYSTEM C:\WINDOWS\system32\csrss.exe
636 556 NT AUTHORITY:SYSTEM C:\WINDOWS\system32\winlogon.exe
680 636 NT AUTHORITY:SYSTEM C:\WINDOWS\system32\services.exe
692 636 NT AUTHORITY:SYSTEM C:\WINDOWS\system32\lsass.exe
852 680 NT AUTHORITY:SYSTEM C:\WINDOWS\system32\svchost.exe
920 680 C:\WINDOWS\system32\svchost.exe
1012 680 NT AUTHORITY:SYSTEM C:\WINDOWS\System32\svchost.exe
1056 680 C:\WINDOWS\system32\svchost.exe
1080 680 C:\WINDOWS\system32\svchost.exe
1452 1396 CHINA-95A132230:Administrator C:\WINDOWS\Explorer.EXE
1640 1452 CHINA-95A132230:Administrator C:\Program Files\VMware\VMware Tools\VMwareTray.exe
1648 1452 CHINA-95A132230:Administrator C:\Program Files\VMware\VMware Tools\VMwareUser.exe
1656 1452 CHINA-95A132230:Administrator C:\WINDOWS\system32\ctfmon.exe
1664 1452 CHINA-95A132230:Administrator C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
1872 680 NT AUTHORITY:SYSTEM C:\Program Files\VMware\VMware Tools\VMwareService.exe
320 680 NT AUTHORITY:SYSTEM C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
504 320 NT AUTHORITY:SYSTEM C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
548 320 NT AUTHORITY:SYSTEM C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
472 1452 CHINA-95A132230:Administrator C:\Program Files\Maxthon2\Maxthon.exe
1308 1452 CHINA-95A132230:Administrator C:\Program Files\WinRAR\WinRAR.exe
468 1452 CHINA-95A132230:Administrator C:\Program Files\WinRAR\WinRAR.exe
752 1088 CHINA-95A132230:Administrator C:\iDEFENSE\SysAnalyzer\sniff_hit.exe
208 1452 CHINA-95A132230:Administrator C:\iDEFENSE\SysAnalyzer\sysAnalyzer.exe

Ports:
Port PID Type Path
--------------------------------------------------
135 920 TCP C:\WINDOWS\system32\svchost.exe
500 692 UDP C:\WINDOWS\system32\lsass.exe
1027 472 UDP C:\Program Files\Maxthon2\Maxthon.exe
4500 692 UDP C:\WINDOWS\system32\lsass.exe

Explorer Dlls:
DLL Path Company Name File Description
--------------------------------------------------
C:\WINDOWS\Explorer.EXE Microsoft Corporation Windows Explorer
C:\WINDOWS\system32\ntdll.dll Microsoft Corporation NT Layer DLL
C:\WINDOWS\system32\kernel32.dll Microsoft Corporation Windows NT BASE API Client DLL
C:\WINDOWS\system32\ADVAPI32.dll Microsoft Corporation Advanced Windows 32 Base API
C:\WINDOWS\system32\RPCRT4.dll Microsoft Corporation Remote Procedure Call Runtime
C:\WINDOWS\system32\Secur32.dll Microsoft Corporation Security Support Provider Interface
C:\WINDOWS\system32\BROWSEUI.dll Microsoft Corporation Shell Browser UI Library
C:\WINDOWS\system32\GDI32.dll Microsoft Corporation GDI Client DLL
C:\WINDOWS\system32\USER32.dll Microsoft Corporation Windows XP USER API Client DLL
C:\WINDOWS\system32\msvcrt.dll Microsoft Corporation Windows NT CRT DLL
C:\WINDOWS\system32\ole32.dll Microsoft Corporation Microsoft OLE for Windows
C:\WINDOWS\system32\SHLWAPI.dll Microsoft Corporation Shell Light-weight Utility Library
C:\WINDOWS\system32\OLEAUT32.dll Microsoft Corporation
C:\WINDOWS\system32\SHDOCVW.dll Microsoft Corporation Shell Doc Object and Control Library
C:\WINDOWS\system32\CRYPT32.dll Microsoft Corporation Crypto API32
C:\WINDOWS\system32\MSASN1.dll Microsoft Corporation ASN.1 Runtime APIs
C:\WINDOWS\system32\CRYPTUI.dll Microsoft Corporation Microsoft Trust UI Provider
C:\WINDOWS\system32\NETAPI32.dll Microsoft Corporation Net Win32 API DLL
C:\WINDOWS\system32\VERSION.dll Microsoft Corporation Version Checking and File Installation Libraries
C:\WINDOWS\system32\WININET.dll Microsoft Corporation Internet Extensions for Win32
C:\WINDOWS\system32\WINTRUST.dll Microsoft Corporation Microsoft Trust Verification APIs
C:\WINDOWS\system32\IMAGEHLP.dll Microsoft Corporation Windows NT Image Helper
C:\WINDOWS\system32\WLDAP32.dll Microsoft Corporation Win32 LDAP API DLL
C:\WINDOWS\system32\SHELL32.dll Microsoft Corporation Windows Shell Common Dll
C:\WINDOWS\system32\UxTheme.dll Microsoft Corporation Microsoft UxTheme Library
C:\WINDOWS\system32\ShimEng.dll Microsoft Corporation Shim Engine DLL
C:\WINDOWS\AppPatch\AcGenral.DLL Microsoft Corporation Windows Compatibility DLL
C:\WINDOWS\system32\WINMM.dll Microsoft Corporation MCI API DLL
C:\WINDOWS\system32\MSACM32.dll Microsoft Corporation Microsoft ACM Audio Filter
C:\WINDOWS\system32\USERENV.dll Microsoft Corporation Userenv
C:\WINDOWS\system32\IMM32.DLL Microsoft Corporation Windows XP IMM32 API Client DLL
C:\WINDOWS\system32\LPK.DLL Microsoft Corporation Language Pack
C:\WINDOWS\system32\USP10.dll Microsoft Corporation Uniscribe Unicode script processor
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll Microsoft Corporation User Experience Controls Library
C:\WINDOWS\system32\comctl32.dll Microsoft Corporation Common Controls Library
C:\WINDOWS\system32\msctfime.ime Microsoft Corporation Microsoft Text Frame Work Service IME
C:\WINDOWS\system32\appHelp.dll Microsoft Corporation Application Compatibility Client Library
C:\WINDOWS\system32\CLBCATQ.DLL Microsoft Corporation
C:\WINDOWS\system32\COMRes.dll Microsoft Corporation
C:\WINDOWS\System32\cscui.dll Microsoft Corporation Client Side Caching UI
C:\WINDOWS\System32\CSCDLL.dll Microsoft Corporation Offline Network Agent
C:\WINDOWS\system32\themeui.dll Microsoft Corporation Windows Theme API
C:\WINDOWS\system32\MSIMG32.dll Microsoft Corporation GDIEXT Client DLL
C:\WINDOWS\system32\xpsp2res.dll Microsoft Corporation Service Pack 2 Messages
C:\WINDOWS\system32\msutb.dll Microsoft Corporation MSUTB Server DLL
C:\WINDOWS\system32\MSCTF.dll Microsoft Corporation MSCTF Server DLL
C:\WINDOWS\system32\SAMLIB.dll Microsoft Corporation SAM Library DLL
C:\WINDOWS\system32\ntshrui.dll Microsoft Corporation Shell extensions for sharing
C:\WINDOWS\system32\ATL.DLL Microsoft Corporation ATL Module for Windows XP (Unicode)
C:\WINDOWS\system32\msi.dll Microsoft Corporation Windows Installer
C:\WINDOWS\system32\SETUPAPI.dll Microsoft Corporation Windows Setup API
C:\WINDOWS\system32\LINKINFO.dll Microsoft Corporation Windows Volume Tracking
C:\WINDOWS\system32\urlmon.dll Microsoft Corporation OLE32 Extensions for Win32
C:\WINDOWS\system32\WINSTA.dll Microsoft Corporation Winstation Library
C:\WINDOWS\system32\webcheck.dll Microsoft Corporation Web Site Monitor
C:\WINDOWS\system32\WSOCK32.dll Microsoft Corporation Windows Socket 32-Bit DLL
C:\WINDOWS\system32\WS2_32.dll Microsoft Corporation Windows Socket 2.0 32-Bit DLL
C:\WINDOWS\system32\WS2HELP.dll Microsoft Corporation Windows Socket 2.0 Helper for Windows NT
C:\WINDOWS\system32\stobject.dll Microsoft Corporation Systray shell service object
C:\WINDOWS\system32\BatMeter.dll Microsoft Corporation Battery Meter Helper DLL
C:\WINDOWS\system32\POWRPROF.dll Microsoft Corporation Power Profile Helper DLL
C:\WINDOWS\system32\WTSAPI32.dll Microsoft Corporation Windows Terminal Server SDK APIs
C:\WINDOWS\system32\wdmaud.drv Microsoft Corporation WDM Audio driver mapper
C:\WINDOWS\system32\msacm32.drv Microsoft Corporation Microsoft Sound Mapper
C:\WINDOWS\system32\midimap.dll Microsoft Corporation Microsoft MIDI Mapper
C:\WINDOWS\system32\NETSHELL.dll Microsoft Corporation Network Connections Shell
C:\WINDOWS\system32\credui.dll Microsoft Corporation Credential Manager User Interface
C:\WINDOWS\system32\dot3api.dll Microsoft Corporation 802.3 自动配置 API
C:\WINDOWS\system32\rtutils.dll Microsoft Corporation Routing Utilities
C:\WINDOWS\system32\dot3dlg.dll Microsoft Corporation 802.3 UI 帮助程序
C:\WINDOWS\system32\OneX.DLL Microsoft Corporation IEEE 802.1X 请求方库
C:\WINDOWS\system32\eappcfg.dll Microsoft Corporation EAP 对等配置
C:\WINDOWS\system32\MSVCP60.dll Microsoft Corporation Microsoft (R) C++ Runtime Library
C:\WINDOWS\system32\eappprxy.dll Microsoft Corporation Microsoft EAPHost Peer Client DLL
C:\WINDOWS\system32\iphlpapi.dll Microsoft Corporation IP Helper API
C:\WINDOWS\system32\RASDLG.dll Microsoft Corporation Remote Access Common Dialog API
C:\WINDOWS\system32\MPRAPI.dll Microsoft Corporation Windows NT MP Router Administration DLL
C:\WINDOWS\system32\ACTIVEDS.dll Microsoft Corporation ADs Router Layer DLL
C:\WINDOWS\system32\adsldpc.dll Microsoft Corporation ADs LDAP Provider C DLL
C:\WINDOWS\system32\RASAPI32.dll Microsoft Corporation Remote Access API
C:\WINDOWS\system32\rasman.dll Microsoft Corporation Remote Access Connection Manager
C:\WINDOWS\system32\TAPI32.dll Microsoft Corporation Microsoft(R) Windows(TM) Telephony API Client DLL
C:\WINDOWS\system32\msv1_0.dll Microsoft Corporation Microsoft Authentication Package v1.0
C:\WINDOWS\system32\SXS.DLL Microsoft Corporation Fusion 2.5
C:\WINDOWS\system32\shdoclc.dll Microsoft Corporation Shell Doc Object and Control Library
C:\Program Files\WinRAR\rarext.dll
C:\WINDOWS\system32\NTMARTA.DLL Microsoft Corporation Windows NT MARTA provider
C:\WINDOWS\system32\rsaenh.dll Microsoft Corporation Microsoft Enhanced Cryptographic Provider

IE Dlls:
DLL Path Company Name File Description
--------------------------------------------------
IE PID Not found

Loaded Drivers:
Driver File Company Name Description
--------------------------------------------------
c:\WINDOWS\system32\ntkrnlpa.exe Microsoft Corporation NT Kernel & System
c:\WINDOWS\system32\hal.dll Microsoft Corporation Hardware Abstraction Layer DLL
c:\WINDOWS\system32\KDCOM.DLL Microsoft Corporation Kernel Debugger HW Extension DLL
c:\WINDOWS\system32\BOOTVID.dll Microsoft Corporation VGA Boot Driver
C:\WINDOWS\system32\drivers\ACPI.sys Microsoft Corporation ACPI Driver for NT
c:\WINDOWS\system32\DRIVERS\WMILIB.SYS Microsoft Corporation WMILIB WMI support library Dll
C:\WINDOWS\system32\drivers\pci.sys Microsoft Corporation NT Plug and Play PCI Enumerator
C:\WINDOWS\system32\drivers\isapnp.sys Microsoft Corporation PNP ISA Bus Driver
C:\WINDOWS\system32\drivers\compbatt.sys Microsoft Corporation Composite Battery Driver
c:\WINDOWS\system32\DRIVERS\BATTC.SYS Microsoft Corporation Battery Class Driver
C:\WINDOWS\system32\drivers\intelide.sys Microsoft Corporation Intel PCI IDE Driver
c:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Microsoft Corporation PCI IDE Bus Driver Extension
C:\WINDOWS\system32\drivers\MountMgr.sys Microsoft Corporation Mount Manager
C:\WINDOWS\system32\drivers\ftdisk.sys Microsoft Corporation FT Disk Driver
C:\WINDOWS\system32\drivers\dmload.sys Microsoft Corp., Veritas Software. NT Disk Manager Startup Driver
C:\WINDOWS\system32\drivers\dmio.sys Microsoft Corp., Veritas Software NT Disk Manager I/O Driver
C:\WINDOWS\system32\drivers\PartMgr.sys Microsoft Corporation Partition Manager
C:\WINDOWS\system32\drivers\VolSnap.sys Microsoft Corporation Volume Shadow Copy Driver
C:\WINDOWS\system32\drivers\atapi.sys Microsoft Corporation IDE/ATAPI Port Driver
C:\WINDOWS\system32\drivers\vmscsi.sys VMware, Inc. VMware SCSI Controller Driver
c:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS Microsoft Corporation SCSI Port Driver
C:\WINDOWS\system32\drivers\disk.sys Microsoft Corporation PnP Disk Driver
c:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Microsoft Corporation SCSI Class System Dll
C:\WINDOWS\system32\drivers\fltMgr.sys Microsoft Corporation Microsoft Filesystem Filter Manager
C:\WINDOWS\system32\drivers\sr.sys Microsoft Corporation System Restore Filesystem Filter Driver
C:\WINDOWS\system32\drivers\KSecDD.sys Microsoft Corporation Kernel Security Support Provider Interface
C:\WINDOWS\system32\drivers\Ntfs.sys Microsoft Corporation NT File System Driver
C:\WINDOWS\system32\drivers\NDIS.sys Microsoft Corporation NDIS 5.1 wrapper driver
C:\WINDOWS\system32\drivers\Mup.sys Microsoft Corporation Multiple UNC Provider driver
C:\WINDOWS\system32\drivers\agp440.sys Microsoft Corporation 440 NT AGP Filter
C:\WINDOWS\system32\DRIVERS\intelppm.sys Microsoft Corporation Processor Device Driver
C:\WINDOWS\system32\DRIVERS\i8042prt.sys Microsoft Corporation i8042 Port Driver
C:\WINDOWS\system32\DRIVERS\kbdclass.sys Microsoft Corporation Keyboard Class Driver
C:\WINDOWS\system32\DRIVERS\vmmouse.sys VMware, Inc. VMware Pointing Device Driver
C:\WINDOWS\system32\DRIVERS\mouclass.sys Microsoft Corporation Mouse Class Driver
C:\WINDOWS\system32\DRIVERS\parport.sys Microsoft Corporation Parallel Port Driver
C:\WINDOWS\system32\DRIVERS\serial.sys Microsoft Corporation Serial Device Driver
C:\WINDOWS\system32\DRIVERS\serenum.sys Microsoft Corporation Serial Port Enumerator
C:\WINDOWS\system32\DRIVERS\fdc.sys Microsoft Corporation Floppy Disk Controller Driver
C:\WINDOWS\system32\DRIVERS\cdrom.sys Microsoft Corporation SCSI CD-ROM Driver
C:\WINDOWS\system32\DRIVERS\redbook.sys Microsoft Corporation Redbook Audio Filter Driver
C:\WINDOWS\system32\DRIVERS\ks.sys Microsoft Corporation Kernel CSA Library
C:\WINDOWS\system32\DRIVERS\usbuhci.sys Microsoft Corporation UHCI USB Miniport Driver
C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Microsoft Corporation USB 1.1 & 2.0 Port Driver
C:\WINDOWS\system32\DRIVERS\vmx_svga.sys VMware, Inc. VMware SVGA II Miniport
C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Microsoft Corporation Video Port Driver
C:\WINDOWS\system32\DRIVERS\vmxnet.sys VMware, Inc. VMware PCI Ethernet Adapter
C:\WINDOWS\system32\drivers\es1371mp.sys Creative Technology Ltd. ENSONIQ AudioPCI 97 WDM Audio Miniport
C:\WINDOWS\system32\drivers\portcls.sys Microsoft Corporation Port Class (Class Driver for Port/Miniport Devices)
C:\WINDOWS\system32\drivers\drmk.sys Microsoft Corporation Microsoft Kernel DRM Descrambler Filter
C:\WINDOWS\system32\DRIVERS\usbehci.sys Microsoft Corporation EHCI eUSB Miniport Driver
C:\WINDOWS\system32\DRIVERS\CmBatt.sys Microsoft Corporation Control Method Battery Driver
C:\WINDOWS\system32\DRIVERS\fsvga.sys Microsoft Corporation Full Screen Video Driver
C:\WINDOWS\system32\DRIVERS\audstub.sys Microsoft Corporation AudStub Driver
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Microsoft Corporation RAS L2TP mini-port/call-manager driver
C:\WINDOWS\system32\DRIVERS\ndistapi.sys Microsoft Corporation NDIS 3.0 connection wrapper driver
C:\WINDOWS\system32\DRIVERS\ndiswan.sys Microsoft Corporation MS PPP Framing Driver (Strong Encryption)
C:\WINDOWS\system32\DRIVERS\raspppoe.sys Microsoft Corporation RAS PPPoE mini-port/call-manager driver
C:\WINDOWS\system32\DRIVERS\raspptp.sys Microsoft Corporation Peer-to-Peer Tunneling Protocol
C:\WINDOWS\system32\DRIVERS\TDI.SYS Microsoft Corporation TDI Wrapper
C:\WINDOWS\system32\DRIVERS\psched.sys Microsoft Corporation MS QoS Packet Scheduler
C:\WINDOWS\system32\DRIVERS\msgpc.sys Microsoft Corporation MS General Packet Classifier
C:\WINDOWS\system32\DRIVERS\ptilink.sys Parallel Technologies, Inc. Parallel Technologies DirectParallel IO Library
C:\WINDOWS\system32\DRIVERS\raspti.sys Microsoft Corporation PTI DirectParallel(R) mini-port/call-manager driver
C:\WINDOWS\system32\DRIVERS\rdpdr.sys Microsoft Corporation Microsoft RDP Device redirector
C:\WINDOWS\system32\DRIVERS\termdd.sys Microsoft Corporation Terminal Server Driver
C:\WINDOWS\system32\DRIVERS\swenum.sys Microsoft Corporation Plug and Play Software Device Enumerator
C:\WINDOWS\system32\DRIVERS\update.sys Microsoft Corporation Update Driver
C:\WINDOWS\system32\DRIVERS\mssmbios.sys Microsoft Corporation System Management BIOS Driver
C:\WINDOWS\system32\DRIVERS\usbhub.sys Microsoft Corporation Default Hub Driver for USB
C:\WINDOWS\system32\DRIVERS\USBD.SYS Microsoft Corporation Universal Serial Bus Driver
C:\WINDOWS\System32\Drivers\NDProxy.SYS Microsoft Corporation NDIS Proxy
C:\WINDOWS\system32\DRIVERS\flpydisk.sys Microsoft Corporation Floppy Driver
C:\WINDOWS\system32\DRIVERS\gameenum.sys Microsoft Corporation Game Port Enumerator
C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Microsoft Corporation File System Recognizer Driver
C:\WINDOWS\System32\Drivers\Null.SYS Microsoft Corporation NULL Driver
C:\WINDOWS\System32\Drivers\Beep.SYS Microsoft Corporation BEEP Driver
C:\WINDOWS\System32\drivers\vga.sys Microsoft Corporation VGA/Super VGA Video Driver
C:\WINDOWS\System32\Drivers\mnmdd.SYS Microsoft Corporation Frame buffer simulator
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Microsoft Corporation RDP Miniport
C:\WINDOWS\System32\Drivers\Msfs.SYS Microsoft Corporation Mailslot driver
C:\WINDOWS\System32\Drivers\Npfs.SYS Microsoft Corporation NPFS Driver
C:\WINDOWS\system32\DRIVERS\rasacd.sys Microsoft Corporation RAS Automatic Connection Driver
C:\WINDOWS\system32\DRIVERS\ipsec.sys Microsoft Corporation IPSec Driver
C:\WINDOWS\system32\DRIVERS\tcpip.sys Microsoft Corporation TCP/IP Protocol Driver
C:\WINDOWS\system32\DRIVERS\netbt.sys Microsoft Corporation MBT Transport driver
C:\WINDOWS\System32\drivers\afd.sys Microsoft Corporation Ancillary Function Driver for WinSock
C:\WINDOWS\system32\DRIVERS\wanarp.sys Microsoft Corporation MS Remote Access and Routing ARP Driver
C:\WINDOWS\system32\DRIVERS\netbios.sys Microsoft Corporation NetBIOS interface driver
C:\WINDOWS\system32\DRIVERS\rdbss.sys Microsoft Corporation Redirected Drive Buffering SubSystem Driver
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Microsoft Corporation Windows NT SMB Minirdr
C:\WINDOWS\System32\Drivers\Fips.SYS Microsoft Corporation FIPS Crypto Driver
C:\WINDOWS\System32\Drivers\Cdfs.SYS Microsoft Corporation CD-ROM File System Driver
C:\WINDOWS\System32\Drivers\dump_atapi.sys
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
C:\WINDOWS\System32\win32k.sys Microsoft Corporation Multi-User Win32 Driver
C:\WINDOWS\System32\drivers\Dxapi.sys Microsoft Corporation DirectX API Driver
C:\WINDOWS\System32\watchdog.sys Microsoft Corporation Watchdog Driver
C:\WINDOWS\System32\drivers\dxg.sys Microsoft Corporation DirectX Graphics Driver
C:\WINDOWS\System32\drivers\dxgthk.sys Microsoft Corporation DirectX Graphics Driver Thunk
C:\WINDOWS\System32\vmx_fb.dll VMware, Inc. VMware SVGA II Display Driver
C:\WINDOWS\System32\DRIVERS\hgfs.sys VMware, Inc. VMware HGFS File System Driver
C:\WINDOWS\system32\drivers\wdmaud.sys Microsoft Corporation MMSYSTEM Wave/Midi API mapper
C:\WINDOWS\system32\drivers\sysaudio.sys Microsoft Corporation System Audio WDM Filter
C:\WINDOWS\System32\Drivers\Fastfat.SYS Microsoft Corporation Fast FAT File System Driver
C:\WINDOWS\system32\DRIVERS\mrxdav.sys Microsoft Corporation Windows NT WebDav Minirdr
C:\WINDOWS\system32\Drivers\lgtosync.sys VMware, Inc. VMware/Legato sync Driver
C:\WINDOWS\System32\Drivers\ParVdm.SYS Microsoft Corporation VDM Parallel Driver
C:\WINDOWS\system32\Drivers\vmdesched.sys VMware, Inc. VMware Descheduled Time Accounting Service [driver]
C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys VMware, Inc. VMware server memory controller
C:\WINDOWS\system32\DRIVERS\srv.sys Microsoft Corporation Server driver
C:\WINDOWS\system32\drivers\kmixer.sys Microsoft Corporation Kernel Mode Audio Mixer
c:\WINDOWS\system32\ntdll.dll Microsoft Corporation NT Layer DLL

Monitored RegKeys
Registry Key Value
--------------------------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run PC Suite Tray="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKLM\Software\Microsoft\Windows\CurrentVersion\Run VMware Tools=C:\Program Files\VMware\VMware Tools\VMwareTray.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run VMware User Process=C:\Program Files\VMware\VMware Tools\VMwareUser.exe
Hklm\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars {4D5C8C25-D075-11d0-B416-00C04FB90376}
Hklm\SYSTEM\CurrentControlSet\Services Abiosdsk
Hklm\SYSTEM\CurrentControlSet\Services abp480n5
Hklm\SYSTEM\CurrentControlSet\Services ACPI
Hklm\SYSTEM\CurrentControlSet\Services ACPIEC
Hklm\SYSTEM\CurrentControlSet\Services adpu160m
Hklm\SYSTEM\CurrentControlSet\Services aec
Hklm\SYSTEM\CurrentControlSet\Services AFD
Hklm\SYSTEM\CurrentControlSet\Services agp440
Hklm\SYSTEM\CurrentControlSet\Services Aha154x
Hklm\SYSTEM\CurrentControlSet\Services aic78u2
Hklm\SYSTEM\CurrentControlSet\Services aic78xx
Hklm\SYSTEM\CurrentControlSet\Services ALG
Hklm\SYSTEM\CurrentControlSet\Services AliIde
Hklm\SYSTEM\CurrentControlSet\Services amsint
Hklm\SYSTEM\CurrentControlSet\Services AppMgmt
Hklm\SYSTEM\CurrentControlSet\Services asc
Hklm\SYSTEM\CurrentControlSet\Services asc3350p
Hklm\SYSTEM\CurrentControlSet\Services asc3550
Hklm\SYSTEM\CurrentControlSet\Services AsyncMac
Hklm\SYSTEM\CurrentControlSet\Services atapi
Hklm\SYSTEM\CurrentControlSet\Services Atdisk
Hklm\SYSTEM\CurrentControlSet\Services AudioSrv
Hklm\SYSTEM\CurrentControlSet\Services audstub
Hklm\SYSTEM\CurrentControlSet\Services BattC
Hklm\SYSTEM\CurrentControlSet\Services Beep
Hklm\SYSTEM\CurrentControlSet\Services BITS
Hklm\SYSTEM\CurrentControlSet\Services Browser
Hklm\SYSTEM\CurrentControlSet\Services cbidf2k
Hklm\SYSTEM\CurrentControlSet\Services cd20xrnt
Hklm\SYSTEM\CurrentControlSet\Services Cdaudio
Hklm\SYSTEM\CurrentControlSet\Services Cdfs
Hklm\SYSTEM\CurrentControlSet\Services Cdrom
Hklm\SYSTEM\CurrentControlSet\Services Changer
Hklm\SYSTEM\CurrentControlSet\Services ClipSrv
Hklm\SYSTEM\CurrentControlSet\Services CmBatt
Hklm\SYSTEM\CurrentControlSet\Services CmdIde
Hklm\SYSTEM\CurrentControlSet\Services Compbatt
Hklm\SYSTEM\CurrentControlSet\Services COMSysApp
Hklm\SYSTEM\CurrentControlSet\Services Cpqarray
Hklm\SYSTEM\CurrentControlSet\Services CryptSvc
Hklm\SYSTEM\CurrentControlSet\Services dac2w2k
Hklm\SYSTEM\CurrentControlSet\Services dac960nt
Hklm\SYSTEM\CurrentControlSet\Services DcomLaunch
Hklm\SYSTEM\CurrentControlSet\Services Dhcp
Hklm\SYSTEM\CurrentControlSet\Services Disk
Hklm\SYSTEM\CurrentControlSet\Services dmadmin
Hklm\SYSTEM\CurrentControlSet\Services dmboot
Hklm\SYSTEM\CurrentControlSet\Services dmio
Hklm\SYSTEM\CurrentControlSet\Services dmload
Hklm\SYSTEM\CurrentControlSet\Services dmserver
Hklm\SYSTEM\CurrentControlSet\Services DMusic
Hklm\SYSTEM\CurrentControlSet\Services Dnscache
Hklm\SYSTEM\CurrentControlSet\Services Dot3svc
Hklm\SYSTEM\CurrentControlSet\Services dpti2o
Hklm\SYSTEM\CurrentControlSet\Services drmkaud
Hklm\SYSTEM\CurrentControlSet\Services EapHost
Hklm\SYSTEM\CurrentControlSet\Services es1371
Hklm\SYSTEM\CurrentControlSet\Services Eventlog
Hklm\SYSTEM\CurrentControlSet\Services EventSystem
Hklm\SYSTEM\CurrentControlSet\Services Fastfat
Hklm\SYSTEM\CurrentControlSet\Services FastUserSwitchingCompatibility
Hklm\SYSTEM\CurrentControlSet\Services Fdc
Hklm\SYSTEM\CurrentControlSet\Services Fips
Hklm\SYSTEM\CurrentControlSet\Services Flpydisk
Hklm\SYSTEM\CurrentControlSet\Services FltMgr
Hklm\SYSTEM\CurrentControlSet\Services FsVga
Hklm\SYSTEM\CurrentControlSet\Services Fs_Rec
Hklm\SYSTEM\CurrentControlSet\Services Ftdisk
Hklm\SYSTEM\CurrentControlSet\Services gameenum
Hklm\SYSTEM\CurrentControlSet\Services Gpc
Hklm\SYSTEM\CurrentControlSet\Services hgfs
Hklm\SYSTEM\CurrentControlSet\Services HidServ
Hklm\SYSTEM\CurrentControlSet\Services hkmsvc
Hklm\SYSTEM\CurrentControlSet\Services hpn
Hklm\SYSTEM\CurrentControlSet\Services HTTP
Hklm\SYSTEM\CurrentControlSet\Services HTTPFilter
Hklm\SYSTEM\CurrentControlSet\Services i2omgmt
Hklm\SYSTEM\CurrentControlSet\Services i2omp
Hklm\SYSTEM\CurrentControlSet\Services i8042prt
Hklm\SYSTEM\CurrentControlSet\Services Imapi
Hklm\SYSTEM\CurrentControlSet\Services ImapiService
Hklm\SYSTEM\CurrentControlSet\Services inetaccs
Hklm\SYSTEM\CurrentControlSet\Services ini910u
Hklm\SYSTEM\CurrentControlSet\Services Inport
Hklm\SYSTEM\CurrentControlSet\Services IntelIde
Hklm\SYSTEM\CurrentControlSet\Services intelppm
Hklm\SYSTEM\CurrentControlSet\Services Ip6Fw
Hklm\SYSTEM\CurrentControlSet\Services IpFilterDriver
Hklm\SYSTEM\CurrentControlSet\Services IpInIp
Hklm\SYSTEM\CurrentControlSet\Services IpNat
Hklm\SYSTEM\CurrentControlSet\Services IPSec
Hklm\SYSTEM\CurrentControlSet\Services IRENUM
Hklm\SYSTEM\CurrentControlSet\Services isapnp
Hklm\SYSTEM\CurrentControlSet\Services Kbdclass
Hklm\SYSTEM\CurrentControlSet\Services kmixer
Hklm\SYSTEM\CurrentControlSet\Services KSecDD
Hklm\SYSTEM\CurrentControlSet\Services LanmanServer
Hklm\SYSTEM\CurrentControlSet\Services lanmanworkstation
Hklm\SYSTEM\CurrentControlSet\Services lbrtfdc
Hklm\SYSTEM\CurrentControlSet\Services ldap
Hklm\SYSTEM\CurrentControlSet\Services LGTO_Sync
Hklm\SYSTEM\CurrentControlSet\Services LicenseService
Hklm\SYSTEM\CurrentControlSet\Services LmHosts
Hklm\SYSTEM\CurrentControlSet\Services Messenger
Hklm\SYSTEM\CurrentControlSet\Services mnmdd
Hklm\SYSTEM\CurrentControlSet\Services mnmsrvc
Hklm\SYSTEM\CurrentControlSet\Services Modem
Hklm\SYSTEM\CurrentControlSet\Services Mouclass
Hklm\SYSTEM\CurrentControlSet\Services MountMgr
Hklm\SYSTEM\CurrentControlSet\Services mraid35x
Hklm\SYSTEM\CurrentControlSet\Services MRxDAV
Hklm\SYSTEM\CurrentControlSet\Services MRxSmb
Hklm\SYSTEM\CurrentControlSet\Services MSDTC
Hklm\SYSTEM\CurrentControlSet\Services Msfs
Hklm\SYSTEM\CurrentControlSet\Services MSIServer
Hklm\SYSTEM\CurrentControlSet\Services MSKSSRV
Hklm\SYSTEM\CurrentControlSet\Services MSPCLOCK
Hklm\SYSTEM\CurrentControlSet\Services MSPQM
Hklm\SYSTEM\CurrentControlSet\Services mssmbios
Hklm\SYSTEM\CurrentControlSet\Services Mup
Hklm\SYSTEM\CurrentControlSet\Services napagent
Hklm\SYSTEM\CurrentControlSet\Services NDIS
Hklm\SYSTEM\CurrentControlSet\Services NdisTapi
Hklm\SYSTEM\CurrentControlSet\Services Ndisuio
Hklm\SYSTEM\CurrentControlSet\Services NdisWan
Hklm\SYSTEM\CurrentControlSet\Services NDProxy
Hklm\SYSTEM\CurrentControlSet\Services NetBIOS
Hklm\SYSTEM\CurrentControlSet\Services NetBT
Hklm\SYSTEM\CurrentControlSet\Services NetDDE
Hklm\SYSTEM\CurrentControlSet\Services NetDDEdsdm
Hklm\SYSTEM\CurrentControlSet\Services Netlogon
Hklm\SYSTEM\CurrentControlSet\Services Netman
Hklm\SYSTEM\CurrentControlSet\Services Nla
Hklm\SYSTEM\CurrentControlSet\Services nmwcd
Hklm\SYSTEM\CurrentControlSet\Services nmwcdc
Hklm\SYSTEM\CurrentControlSet\Services Npfs
Hklm\SYSTEM\CurrentControlSet\Services Ntfs
Hklm\SYSTEM\CurrentControlSet\Services NtLmSsp
Hklm\SYSTEM\CurrentControlSet\Services Null
Hklm\SYSTEM\CurrentControlSet\Services nvgts
Hklm\SYSTEM\CurrentControlSet\Services NwlnkFlt
Hklm\SYSTEM\CurrentControlSet\Services NwlnkFwd
Hklm\SYSTEM\CurrentControlSet\Services ose
Hklm\SYSTEM\CurrentControlSet\Services Parport
Hklm\SYSTEM\CurrentControlSet\Services PartMgr
Hklm\SYSTEM\CurrentControlSet\Services ParVdm
Hklm\SYSTEM\CurrentControlSet\Services pccsmcfd
Hklm\SYSTEM\CurrentControlSet\Services PCI
Hklm\SYSTEM\CurrentControlSet\Services PCIDump
Hklm\SYSTEM\CurrentControlSet\Services PCIIde
Hklm\SYSTEM\CurrentControlSet\Services Pcmcia
Hklm\SYSTEM\CurrentControlSet\Services PCnet
Hklm\SYSTEM\CurrentControlSet\Services PDCOMP
Hklm\SYSTEM\CurrentControlSet\Services PDFRAME
Hklm\SYSTEM\CurrentControlSet\Services PDRELI
Hklm\SYSTEM\CurrentControlSet\Services PDRFRAME
Hklm\SYSTEM\CurrentControlSet\Services perc2
Hklm\SYSTEM\CurrentControlSet\Services perc2hib
Hklm\SYSTEM\CurrentControlSet\Services PerfDisk
Hklm\SYSTEM\CurrentControlSet\Services PerfNet
Hklm\SYSTEM\CurrentControlSet\Services PerfOS
Hklm\SYSTEM\CurrentControlSet\Services PerfProc
Hklm\SYSTEM\CurrentControlSet\Services PlugPlay
Hklm\SYSTEM\CurrentControlSet\Services PolicyAgent
Hklm\SYSTEM\CurrentControlSet\Services PptpMiniport
Hklm\SYSTEM\CurrentControlSet\Services ProtectedStorage
Hklm\SYSTEM\CurrentControlSet\Services PSched
Hklm\SYSTEM\CurrentControlSet\Services Ptilink
Hklm\SYSTEM\CurrentControlSet\Services ql1080
Hklm\SYSTEM\CurrentControlSet\Services Ql10wnt
Hklm\SYSTEM\CurrentControlSet\Services ql12160
Hklm\SYSTEM\CurrentControlSet\Services ql1240
Hklm\SYSTEM\CurrentControlSet\Services ql1280
Hklm\SYSTEM\CurrentControlSet\Services RasAcd
Hklm\SYSTEM\CurrentControlSet\Services RasAuto
Hklm\SYSTEM\CurrentControlSet\Services Rasl2tp
Hklm\SYSTEM\CurrentControlSet\Services RasMan
Hklm\SYSTEM\CurrentControlSet\Services RasPppoe
Hklm\SYSTEM\CurrentControlSet\Services Raspti
Hklm\SYSTEM\CurrentControlSet\Services Rdbss
Hklm\SYSTEM\CurrentControlSet\Services RDPCDD
Hklm\SYSTEM\CurrentControlSet\Services RDPDD
Hklm\SYSTEM\CurrentControlSet\Services rdpdr
Hklm\SYSTEM\CurrentControlSet\Services RDPNP
Hklm\SYSTEM\CurrentControlSet\Services RDPWD
Hklm\SYSTEM\CurrentControlSet\Services RDSessMgr
Hklm\SYSTEM\CurrentControlSet\Services redbook
Hklm\SYSTEM\CurrentControlSet\Services RemoteAccess
Hklm\SYSTEM\CurrentControlSet\Services RemoteRegistry
Hklm\SYSTEM\CurrentControlSet\Services RpcLocator
Hklm\SYSTEM\CurrentControlSet\Services RpcSs
Hklm\SYSTEM\CurrentControlSet\Services RSVP
Hklm\SYSTEM\CurrentControlSet\Services SamSs
Hklm\SYSTEM\CurrentControlSet\Services SCardSvr
Hklm\SYSTEM\CurrentControlSet\Services Schedule
Hklm\SYSTEM\CurrentControlSet\Services Secdrv
Hklm\SYSTEM\CurrentControlSet\Services seclogon
Hklm\SYSTEM\CurrentControlSet\Services SENS
Hklm\SYSTEM\CurrentControlSet\Services serenum
Hklm\SYSTEM\CurrentControlSet\Services Serial
Hklm\SYSTEM\CurrentControlSet\Services ServiceLayer
Hklm\SYSTEM\CurrentControlSet\Services Sfloppy
Hklm\SYSTEM\CurrentControlSet\Services SharedAccess
Hklm\SYSTEM\CurrentControlSet\Services ShellHWDetection
Hklm\SYSTEM\CurrentControlSet\Services Simbad
Hklm\SYSTEM\CurrentControlSet\Services SiSRaid
Hklm\SYSTEM\CurrentControlSet\Services SiSRaid2
Hklm\SYSTEM\CurrentControlSet\Services SiSRaid4
Hklm\SYSTEM\CurrentControlSet\Services Sparrow
Hklm\SYSTEM\CurrentControlSet\Services splitter
Hklm\SYSTEM\CurrentControlSet\Services Spooler
Hklm\SYSTEM\CurrentControlSet\Services Sr
Hklm\SYSTEM\CurrentControlSet\Services srservice
Hklm\SYSTEM\CurrentControlSet\Services Srv
Hklm\SYSTEM\CurrentControlSet\Services SSDPSRV
Hklm\SYSTEM\CurrentControlSet\Services stisvc
Hklm\SYSTEM\CurrentControlSet\Services swenum
Hklm\SYSTEM\CurrentControlSet\Services swmidi
Hklm\SYSTEM\CurrentControlSet\Services SwPrv
Hklm\SYSTEM\CurrentControlSet\Services symc810
Hklm\SYSTEM\CurrentControlSet\Services symc8xx
Hklm\SYSTEM\CurrentControlSet\Services sym_hi
Hklm\SYSTEM\CurrentControlSet\Services sym_u3
Hklm\SYSTEM\CurrentControlSet\Services sysaudio
Hklm\SYSTEM\CurrentControlSet\Services SysmonLog
Hklm\SYSTEM\CurrentControlSet\Services TapiSrv
Hklm\SYSTEM\CurrentControlSet\Services Tcpip
Hklm\SYSTEM\CurrentControlSet\Services TDPIPE
Hklm\SYSTEM\CurrentControlSet\Services TDTCP
Hklm\SYSTEM\CurrentControlSet\Services TermDD
Hklm\SYSTEM\CurrentControlSet\Services TermService
Hklm\SYSTEM\CurrentControlSet\Services Themes
Hklm\SYSTEM\CurrentControlSet\Services TlntSvr
Hklm\SYSTEM\CurrentControlSet\Services TosIde
Hklm\SYSTEM\CurrentControlSet\Services TPAutoConnSvc
Hklm\SYSTEM\CurrentControlSet\Services TrkWks
Hklm\SYSTEM\CurrentControlSet\Services TSDDD
Hklm\SYSTEM\CurrentControlSet\Services Udfs
Hklm\SYSTEM\CurrentControlSet\Services ultra
Hklm\SYSTEM\CurrentControlSet\Services UMWdf
Hklm\SYSTEM\CurrentControlSet\Services Update
Hklm\SYSTEM\CurrentControlSet\Services upnphost
Hklm\SYSTEM\CurrentControlSet\Services usbehci
Hklm\SYSTEM\CurrentControlSet\Services usbhub
Hklm\SYSTEM\CurrentControlSet\Services USBSTOR
Hklm\SYSTEM\CurrentControlSet\Services usbuhci
Hklm\SYSTEM\CurrentControlSet\Services VgaSave
Hklm\SYSTEM\CurrentControlSet\Services ViaIde
Hklm\SYSTEM\CurrentControlSet\Services vmdesched
Hklm\SYSTEM\CurrentControlSet\Services vmdesched-driver
Hklm\SYSTEM\CurrentControlSet\Services VMMEMCTL
Hklm\SYSTEM\CurrentControlSet\Services vmmouse
Hklm\SYSTEM\CurrentControlSet\Services VMscsi
Hklm\SYSTEM\CurrentControlSet\Services VMTools
Hklm\SYSTEM\CurrentControlSet\Services vmxnet
Hklm\SYSTEM\CurrentControlSet\Services vmx_svga
Hklm\SYSTEM\CurrentControlSet\Services VolSnap
Hklm\SYSTEM\CurrentControlSet\Services VSS
Hklm\SYSTEM\CurrentControlSet\Services W32Time
Hklm\SYSTEM\CurrentControlSet\Services W3SVC
Hklm\SYSTEM\CurrentControlSet\Services Wanarp
Hklm\SYSTEM\CurrentControlSet\Services Wdf01000
Hklm\SYSTEM\CurrentControlSet\Services WDICA
Hklm\SYSTEM\CurrentControlSet\Services wdmaud
Hklm\SYSTEM\CurrentControlSet\Services WebClient
Hklm\SYSTEM\CurrentControlSet\Services winmgmt
Hklm\SYSTEM\CurrentControlSet\Services Winsock
Hklm\SYSTEM\CurrentControlSet\Services WinSock2
Hklm\SYSTEM\CurrentControlSet\Services WinTrust
Hklm\SYSTEM\CurrentControlSet\Services WmdmPmSN
Hklm\SYSTEM\CurrentControlSet\Services Wmi
Hklm\SYSTEM\CurrentControlSet\Services WmiApRpl
Hklm\SYSTEM\CurrentControlSet\Services WmiApSrv
Hklm\SYSTEM\CurrentControlSet\Services WS2IFSL
Hklm\SYSTEM\CurrentControlSet\Services wscsvc
Hklm\SYSTEM\CurrentControlSet\Services wuauserv
Hklm\SYSTEM\CurrentControlSet\Services WZCSVC
Hklm\SYSTEM\CurrentControlSet\Services xmlprov
Hklm\SYSTEM\CurrentControlSet\Services {25AC94A2-D45C-427F-ADB0-5E8559ADE7C0}

Kernel31 Api Log

--------------------------------------------------
***** Installing Hooks *****
71a274df    RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\WinSock2\Parameters)
71a280c4    RegOpenKeyExA (Protocol_Catalog9)
71a2777e    RegOpenKeyExA (00000006)
71a2764d    RegOpenKeyExA (Catalog_Entries)
71a27cea    RegOpenKeyExA (000000000001)
71a27cea    RegOpenKeyExA (000000000002)
71a27cea    RegOpenKeyExA (000000000003)
71a27cea    RegOpenKeyExA (000000000004)
71a27cea    RegOpenKeyExA (000000000005)
71a27cea    RegOpenKeyExA (000000000006)
71a27cea    RegOpenKeyExA (000000000007)
71a27cea    RegOpenKeyExA (000000000008)
71a27cea    RegOpenKeyExA (000000000009)
71a27cea    RegOpenKeyExA (000000000010)
71a27cea    RegOpenKeyExA (000000000011)
71a27cea    RegOpenKeyExA (000000000012)
71a27cea    RegOpenKeyExA (000000000013)
71a27cea    RegOpenKeyExA (000000000014)
71a27cea    RegOpenKeyExA (000000000015)
71a22623    WaitForSingleObject(798,0)
71a287c6    RegOpenKeyExA (NameSpace_Catalog5)
71a2777e    RegOpenKeyExA (00000004)
71a2835b    RegOpenKeyExA (Catalog_Entries)
71a284ef    RegOpenKeyExA (000000000001)
71a284ef    RegOpenKeyExA (000000000002)
71a284ef    RegOpenKeyExA (000000000003)
71a22623    WaitForSingleObject(790,0)
71a11af2    RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\Winsock2\Parameters)
71a1198e    GlobalAlloc()
40123c    LoadLibraryA(advapi32)=77da0000
401253    LoadLibraryA(ntdll)=7c920000
40126b    LoadLibraryA(user32)=77d10000
7c80b719    ExitThread()
4018c7    RegOpenKeyExA (HKCU\Software\Microsoft\Active Setup\Installed Components\)
4018d4    RegDeleteKeyA ({5C866437-FC0B-FAE8-6D9C-920BD098F52B})
4014b4    GetCommandLineA()
751d309d    GetCurrentProcessId()=1588
751cc24e    RegOpenKeyExA (HKLM\Software\Microsoft\Advanced INF Setup)
401505    LoadLibraryA(advpack)=751c0000
751cb5bd    LoadLibraryA(advapi32.dll)=77da0000
40155d    CreateMutex()!voxA.I)
7c865b34    GetCurrentProcessId()=1588
401b0e    OpenProcess(pid=1452)
401c37    WriteProcessMemory(h=7e8,len=d0f)
401c37    WriteProcessMemory(h=7e8,len=296)
401c37    WriteProcessMemory(h=7e8,len=c5)
401c37    WriteProcessMemory(h=7e8,len=168)
401c37    WriteProcessMemory(h=7e8,len=3c)
401c37    WriteProcessMemory(h=7e8,len=9b)
401c37    WriteProcessMemory(h=7e8,len=243)
401c37    WriteProcessMemory(h=7e8,len=e6)
401c37    WriteProcessMemory(h=7e8,len=24e)
401c37    WriteProcessMemory(h=7e8,len=20a)
401c37    WriteProcessMemory(h=7e8,len=f74)
401be3    CreateRemoteThread(h=7e8, start=21a0000)
400216    ExitProcess()
***** Injected Process Terminated *****

DirwatchData

--------------------------------------------------
WatchDir Initilized OK
Watching C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
Watching C:\WINDOWS
Watching C:\Program Files
Modifed: C:\WINDOWS\Prefetch\VVV.EXE-050EBA85.pf
Modifed: C:\WINDOWS\system32\config\system.LOG
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET666E.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETA.tmp
Modifed: C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETEC19.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETB.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETB.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETEC19.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET2394.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETC.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETC.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET2394.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFF5.tmp
Modifed: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFF5.tmp
Created: C:\WINDOWS\Prefetch\PROC_ANALYZER.EXE-3974E660.pf
Modifed: C:\WINDOWS\Prefetch\PROC_ANALYZER.EXE-3974E660.pf
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFF5.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET652C.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETD.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETD.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET652C.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET7653.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETE.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETE.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET7653.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET8874.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETF.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JETF.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET8874.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET915D.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET10.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET10.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET915D.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET9729.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET11.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET11.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET9729.tmp

显示全部楼层 · 发表于 2009-4-11 23:36:33

FORMAT不是更好

显示全部楼层 · 发表于 2009-4-11 23:37:08

话说那玩意儿怎么用..

[病毒样本] syfwxmh 来又一强毒过卡巴4D防御

回复 147楼 cici584522 的帖子

回复 149楼丁丁牛的帖子

回复 139楼 cici584522 的帖子

回复 155楼 cici584522 的帖子

回复 157楼 WillBeNextKido 的帖子

[病毒样本] syfwxmh 来 又一强毒过卡巴4D防御