这exe谁的杀软能杀掉？

显示全部楼层 · 发表于 2009-8-26 21:01:37

诺顿杀

显示全部楼层 · 发表于 2009-8-26 21:02:12

显示全部楼层 · 发表于 2009-8-26 21:03:13

(Drive) \Device\CdRom0
(Drive) \Device\HarddiskVolume1
(Drive) \Device\HarddiskVolume2
(Drive) \Device\HarddiskVolume3
(Drive) \Device\HarddiskVolume4
(Unk)    00000022 \Device\SandboxieDriverApi
(Unk)    00000039 \Device\KsecDD
(Unk)    00000040 \FileSystem\Filters\FltMgrMsg
(Unk)    000000F1 \Device\RasAcd
Clsid    -------------------------------
Clsid    {172BDDF8-CEEA-11D1-8B05-00600806D9B6} Wbem Scripting Object Path
Clsid    {25336920-03F9-11CF-8FD0-00AA00686F13} HTML Document
Clsid    {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} http: Asychronous Pluggable Protocol Handler
Clsid    {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Windows Search Manager
Clsid    {8BC3F05E-D86B-11D0-A075-00C04FB68820} Windows Management and Instrumentation
Clsid    {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ShellWindows
Clsid    {BCCEEB2A-CE32-42D7-9442-B9830B1B118D} FlvMonitor Class
Ipc    -------------------------------
Ipc    \RPC Control\epmapper
Ipc    \RPC Control\keysvc
Ipc    \RPC Control\keysvc2
Ipc    \RPC Control\LRPC-515ec6df2c512f4cca
Ipc    \RPC Control\LRPC-db61cbce213b194a2f
Ipc    \RPC Control\OLE283A60C178B8428F88A0E74D1471
Ipc    \RPC Control\OLE85A47C527206475A90C7D5BF61BF
Ipc    \RPC Control\OLE9D766F1086DE48D8B1DAD00225CA
Ipc    \RPC Control\OLEF51F0CD9CA6F4F70A570892455CA
Ipc    \Sessions\1\BaseNamedObjects\!BrowserEmulation!SharedMemory!Mutex
Ipc    \Sessions\1\BaseNamedObjects\!IECompat!Mutex
Ipc    \Sessions\1\BaseNamedObjects\!IETld!Mutex
Ipc    \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Counter
Ipc    \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Settings
Ipc    \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMemory!Mutex
Ipc    \Sessions\1\BaseNamedObjects\_!MSFTHISTORY!_
Ipc    \Sessions\1\BaseNamedObjects\_!SHMSFTHISTORY!_
Ipc    \Sessions\1\BaseNamedObjects\__ComCatalogCache__
Ipc    \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!local!microsoft!feeds cache!
Ipc    \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!local!microsoft!windows!history!history.ie5!
Ipc    \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!local!microsoft!windows!history!history.ie5!mshist012009082620090827!
Ipc    \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Ipc    \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!roaming!microsoft!windows!cookies!
Ipc    \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!roaming!microsoft!windows!iecompatcache!
Ipc    \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!roaming!microsoft!windows!ietldcache!
Ipc    \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!roaming!microsoft!windows!privacie!
Ipc    \Sessions\1\BaseNamedObjects\C:?WINDOWS?8893.EXE
Ipc    \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Local_Microsoft_Feeds Cache_index.dat_32768
Ipc    \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_114688
Ipc    \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Local_Microsoft_Windows_History_History.IE5_MSHist012009082620090827_index.dat_49152
Ipc    \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_557056
Ipc    \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
Ipc    \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Roaming_Microsoft_Windows_IECompatCache_index.dat_851968
Ipc    \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Roaming_Microsoft_Windows_IETldCache_index.dat_245760
Ipc    \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Roaming_Microsoft_Windows_PrivacIE_index.dat_32768
Ipc    \Sessions\1\BaseNamedObjects\ConnHashTable<5512>_HashTable_Mutex
Ipc    \Sessions\1\BaseNamedObjects\DSPIDER_CONTAINER_02
Ipc    \Sessions\1\BaseNamedObjects\DSPIDER_CONTAINER_02_MUTEX_LOCK
Ipc    \Sessions\1\BaseNamedObjects\DSPIDER_MEMORY_00
Ipc    \Sessions\1\BaseNamedObjects\DSPIDER_MEMORY_00_MUTEX_LOCK
Ipc    \Sessions\1\BaseNamedObjects\Feed Eventing Shared Memory Mutex S-1-5-21-2556411077-3557072073-1268221902-1000
Ipc    \Sessions\1\BaseNamedObjects\Feed Eventing Shared Memory S-1-5-21-2556411077-3557072073-1268221902-1000
Ipc    \Sessions\1\BaseNamedObjects\IE_EarlyTabStart_0x11dc
Ipc    \Sessions\1\BaseNamedObjects\ie_lcie_ConnHashTable<5512>
Ipc    \Sessions\1\BaseNamedObjects\ie_lcie_LogonMedium
Ipc    \Sessions\1\BaseNamedObjects\ie_lcie_main_1588
Ipc    \Sessions\1\BaseNamedObjects\IEFrame!GetAsyncKeyStateQuery!5512
Ipc    \Sessions\1\BaseNamedObjects\IEFrame!GetAsyncKeyStateReply!5512
Ipc    \Sessions\1\BaseNamedObjects\IEFrame!GetAsyncKeyStateSharedMem!5512
Ipc    \Sessions\1\BaseNamedObjects\IEFrame.EventCheckDefaultBrowser
Ipc    \Sessions\1\BaseNamedObjects\IEHistJournalFm_24c20119-753b-4f33-887d-f2381810562d_39474693_C::USERS:Z2665:APPDATA:LOCAL:MICROSOFT:WINDOWS:TEMPORARY INTERNET FILES:LOW:SUGGESTEDSITES.DAT
Ipc    \Sessions\1\BaseNamedObjects\IEHistJournalGlobal_3bf1c317-e96b-46f6-ba88-50c001d497aa
Ipc    \Sessions\1\BaseNamedObjects\IEHistJournalMx_1699bb90-bebe-4437-b6e8-a6b7123fa38e_39474693_C::USERS:Z2665:APPDATA:LOCAL:MICROSOFT:WINDOWS:TEMPORARY INTERNET FILES:LOW:SUGGESTEDSITES.DAT
Ipc    \Sessions\1\BaseNamedObjects\Internet Explorer Immutable Application State (00001588-0000-0000-0000-000000000000)
Ipc    \Sessions\1\BaseNamedObjects\Isolation Process Registry (AEE3E029-9240-11DE-81AF-00248C2AA394)
Ipc    \Sessions\1\BaseNamedObjects\Isolation Signal Registry (AEE3E029-9240-11DE-81AF-00248C2AA394, 0)
Ipc    \Sessions\1\BaseNamedObjects\Isolation Signal Registry Event (AEE3E029-9240-11DE-81AF-00248C2AA394, 0)
Ipc    \Sessions\1\BaseNamedObjects\Isolation Signal Registry Event (AEE3E02A-9240-11DE-81AF-00248C2AA394, 0)
Ipc    \Sessions\1\BaseNamedObjects\LastTitleMap
Ipc    \Sessions\1\BaseNamedObjects\MSIMGSIZECacheMap
Ipc    \Sessions\1\BaseNamedObjects\MSIMGSIZECacheMutex
Ipc    \Sessions\1\BaseNamedObjects\oleacc-msaa-loaded
Ipc    \Sessions\1\BaseNamedObjects\OleDfRoot17E062911B21AC2B
Ipc    \Sessions\1\BaseNamedObjects\OleDfRoot9056EB408AD54327
Ipc    \Sessions\1\BaseNamedObjects\RotHintTable
Ipc    \Sessions\1\BaseNamedObjects\RSS Eventing Connection Database Mutex 00001588
Ipc    \Sessions\1\BaseNamedObjects\RSS Eventing Event Event 00001588
Ipc    \Sessions\1\BaseNamedObjects\SbieDllDummyEvent_2728
Ipc    \Sessions\1\BaseNamedObjects\SbieDllDummyEvent_2964
Ipc    \Sessions\1\BaseNamedObjects\SbieDllDummyEvent_4276
Ipc    \Sessions\1\BaseNamedObjects\SbieDllDummyEvent_4700
Ipc    \Sessions\1\BaseNamedObjects\SbieDllDummyEvent_5512
Ipc    \Sessions\1\BaseNamedObjects\SbieDllDummyEvent_5956
Ipc    \Sessions\1\BaseNamedObjects\SbieServiceInitComplete_RpcSs
Ipc    \Sessions\1\BaseNamedObjects\SmartScreen_ClientId_Mutex
Ipc    \Sessions\1\BaseNamedObjects\SmartScreen_UrsCache_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-1-5-21-2556411077-3557072073-1268221902-1000
Ipc    \Sessions\1\BaseNamedObjects\SmartScreen_UrsCacheMutex_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-1-5-21-2556411077-3557072073-1268221902-1000
Ipc    \Sessions\1\BaseNamedObjects\UrlZonesSM_z2665
Ipc    \Sessions\1\BaseNamedObjects\WEBMON_MUTEX_LOCK
Ipc    \Sessions\1\BaseNamedObjects\windows_ie_global_counters
Ipc    \Sessions\1\BaseNamedObjects\windows_shell_global_counters
Ipc    \Sessions\1\BaseNamedObjects\ZoneAttributeCacheCounterMutex
Ipc    \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex
Ipc    \Sessions\1\BaseNamedObjects\ZonesCounterMutex
Ipc    \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex
Ipc O  \...\WerTargetListTable
Ipc O  \BaseNamedObjects\mmGlobalPnpInfo
Ipc O  \BaseNamedObjects\msctf.serverDefault1
Ipc O  \BaseNamedObjects\Sandboxie_DeviceIdList
Ipc O  \BaseNamedObjects\Sandboxie_DeviceSetupClasses
Ipc O  \BaseNamedObjects\TabletHardwarePresent
Ipc O  \KnownDlls\advapi32.dll
Ipc O  \KnownDlls\clbcatq.dll
Ipc O  \KnownDlls\COMDLG32.dll
Ipc O  \KnownDlls\gdi32.dll
Ipc O  \KnownDlls\IERTUTIL.dll
Ipc O  \KnownDlls\IMAGEHLP.dll
Ipc O  \KnownDlls\kernel32.dll
Ipc O  \KnownDlls\LPK.dll
Ipc O  \KnownDlls\MSCTF.dll
Ipc O  \KnownDlls\MSVCRT.dll
Ipc O  \KnownDlls\NORMALIZ.dll
Ipc O  \KnownDlls\NSI.dll
Ipc O  \KnownDlls\ole32.dll
Ipc O  \KnownDlls\OLEAUT32.dll
Ipc O  \KnownDlls\PSAPI.DLL
Ipc O  \KnownDlls\rpcrt4.dll
Ipc O  \KnownDlls\Setupapi.dll
Ipc O  \KnownDlls\SHELL32.dll
Ipc O  \KnownDlls\SHLWAPI.dll
Ipc O  \KnownDlls\URLMON.dll
Ipc O  \KnownDlls\user32.dll
Ipc O  \KnownDlls\USP10.dll
Ipc O  \KnownDlls\WININET.dll
Ipc O  \KnownDlls\WLDAP32.dll
Ipc O  \KnownDlls\WS2_32.dll
Ipc O  \LsaAuthenticationPort
Ipc O  \NLS\NlsSectionSortkey0000080450100
Ipc O  \RPC Control\AudioClientRpc
Ipc O  \RPC Control\Audiosrv
Ipc O  \RPC Control\DNSResolver
Ipc O  \RPC Control\nlaapi
Ipc O  \RPC Control\RasmanRpc
Ipc O  \RPC Control\SbieSvcPort
Ipc O  \RPC Control\senssvc
Ipc O  \Security\LSA_AUTHENTICATION_INITIALIZED
Ipc O  \Sessions\1\BaseNamedObjects\CicLoadWinStaWinSta0
Ipc O  \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-2556411077-3557072073-1268221902-1000
Ipc O  \Sessions\1\BaseNamedObjects\DBWinMutex
Ipc O  \Sessions\1\BaseNamedObjects\DINPUTWINMM
Ipc O  \Sessions\1\BaseNamedObjects\Dwm-344D-ApiPort-5CF4
Ipc O  \Sessions\1\BaseNamedObjects\MSCTF.Asm.MutexDefaultS-1-5-21-2556411077-3557072073-1268221902-1000
Ipc O  \Sessions\1\BaseNamedObjects\MSCTF.CtfMonitorInstMutexDefault1
Ipc O  \Sessions\1\BaseNamedObjects\RasPbFile
Ipc O  \Sessions\1\BaseNamedObjects\WininetConnectionMutex
Ipc O  \Sessions\1\BaseNamedObjects\WininetProxyRegistryMutex
Ipc O  \Sessions\1\BaseNamedObjects\WininetStartupMutex
Ipc O  \Sessions\1\Windows\ApiPort
Ipc O  \Sessions\1\Windows\SharedSection
Ipc O  \ThemeApiPort
Ipc O  \UxSmsApiPort
Ipc X  \BaseNamedObjects\{4AD5C1B1-C922-46dc-87EB-EEEEA805350C}
Ipc X  \RPC Control\protected_storage
Ipc X  \Sessions\1\BaseNamedObjects\!IETld!Mutex
Ipc X  \Sessions\1\BaseNamedObjects\_!MSFTHISTORY!_
Ipc X  \Sessions\1\BaseNamedObjects\_!SHMSFTHISTORY!_
Ipc X  \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!local!microsoft!windows!history!history.ie5!
Ipc X  \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!local!microsoft!windows!history!history.ie5!mshist012009082620090827!
Ipc X  \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Ipc X  \Sessions\1\BaseNamedObjects\c:!users!z2665!appdata!roaming!microsoft!windows!cookies!
Ipc X  \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_114688
Ipc X  \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Local_Microsoft_Windows_History_History.IE5_MSHist012009082620090827_index.dat_49152
Ipc X  \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_557056
Ipc X  \Sessions\1\BaseNamedObjects\C:_Users_z2665_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
Ipc X  \Sessions\1\BaseNamedObjects\DSPIDER_CONTAINER_02
Ipc X  \Sessions\1\BaseNamedObjects\DSPIDER_MEMORY_00
Ipc X  \Sessions\1\BaseNamedObjects\LastTitleMap
Ipc X  \Sessions\1\BaseNamedObjects\MSIMGSIZECacheMap
Ipc X  \Sessions\1\BaseNamedObjects\windows_ie_global_counters
Ipc X  \Sessions\1\BaseNamedObjects\windows_shell_global_counters
Pipe    -------------------------------
Pipe    \Device\NamedPipe\keysvc
Pipe O  \Device\Afd
Pipe O  \Device\Afd\AsyncConnectHlp
Pipe O  \Device\Afd\Endpoint
Pipe X  \Device\NamedPipe\keysvc
Pipe X  \Device\NamedPipe\lsarpc
Pipe X  \Device\NamedPipe\samr
WinCls -------------------------------
WinCls Address Band Root
WinCls EDIT
WinCls ReBarWindow32
WinCls Static
WinCls WorkerW
WinCls O  MS_WebcheckMonitor
WinCls O  MS_WebCheckMonitor
WinCls X  (unknown)
WinCls X  ComboBoxEx32
WinCls X  DDEMLMom
WinCls X  MS_AutodialMonitor
WinCls X  Progman
沙盘跟踪。

显示全部楼层 · 发表于 2009-8-26 21:29:33

00401494 push 8893.00401600                      (Initial CPU selection)
00401D1B push 8893.00401CF8                      kernel32
00401D1B push 8893.00401CF8                      GetModuleFileNameA
00401D67 push 8893.00401D44                      kernel32
00401D67 push 8893.00401D44                      GetCurrentProcessId
00401DAB push 8893.00401D88                      kernel32
00401DAB push 8893.00401D88                      ExitProcess
00401DFB push 8893.00401DD8                      user32
00401DFB push 8893.00401DD8                      FindWindowA
00401E43 push 8893.00401E20                      user32
00401E43 push 8893.00401E20                      PostMessageA
00401EBB push 8893.00401E98                      shell32.dll
00401EBB push 8893.00401E98                      SHGetPathFromIDListA
00401F0F push 8893.00401EEC                      shell32.dll
00401F0F push 8893.00401EEC                      SHGetSpecialFolderLocation
004032D5 mov edx,8893.00401F44                   http://www.1122.com/?sc
0040336E push 8893.00401F78                      \
0040342F push 8893.00401FA0                      [InternetShortcut]
00403446 push 8893.00401FD4                      URL=
0040349E mov edx,8893.00401FE4                   http://www.nsdy.com/?sc
004034F1 push 8893.00401F78                      \
004035AC push 8893.00401FA0                      [InternetShortcut]
004035C3 push 8893.00401FD4                      URL=
0040361B mov edx,8893.00402050                   http://www.bofang.com/?sc
0040366E push 8893.00401F78                      \
00403729 push 8893.00401FA0                      [InternetShortcut]
00403740 push 8893.00401FD4                      URL=
00403775 mov edx,8893.004020A0                   http://www.8684.com/?sc
004037A5 push 8893.00401F78                      \
0040381A push 8893.00401FA0                      [InternetShortcut]
00403831 push 8893.00401FD4                      URL=
00403866 mov edx,8893.004020F4                   http://www.ym7.com/?sc
00403896 push 8893.00401F78                      \
0040390B push 8893.00401FA0                      [InternetShortcut]
00403922 push 8893.00401FD4                      URL=
00403957 mov edx,8893.00402140                   http://www.16555.com/?sc
00403987 push 8893.00401F78                      \
004039FC push 8893.00401FA0                      [InternetShortcut]
00403A13 push 8893.00401FD4                      URL=
00403A48 mov edx,8893.00402198                   http://www.nvsheng.com/?sc
00403A78 push 8893.00401F78                      \
00403AED push 8893.00401FA0                      [InternetShortcut]
00403B04 push 8893.00401FD4                      URL=
00403B39 mov edx,8893.004021E8                   http://so.tpzj.com/?sc
00403B69 push 8893.00401F78                      \
00403BDE push 8893.00401FA0                      [InternetShortcut]
00403BF5 push 8893.00401FD4                      URL=
00403C2A mov edx,8893.0040221C                   http://www.lxdd.com/?sc
00403C5A push 8893.00401F78                      \
00403C71 mov edx,8893.00402250                   $N '` 0W &^.url
00403CCF push 8893.00401FA0                      [InternetShortcut]
00403CE6 push 8893.00401FD4                      URL=
00403D44 push 8893.00401BC4                      iuuq;0089/tpvqbz/dpn0uu/iunm
00403D69 push 8893.0040226C                      C:\Program Files\Internet Explorer\IEXPLORE.EXE
00403DAE push 8893.00401B90                      benjo4
00403DD3 push 8893.004022D4                      C:\Program Files\Internet Explorer\IEXPLORE.EXE http://16.soupay.com/tongji/g.asp?mac=
00403DE3 push 8893.00402388                      &id=
00403E5C push 8893.00402398                      WScript.Shell
00403EA8 mov dword ptr ss:[ebp-E8],8893.004023B8 AllUsersDesktop
00403EE8 mov dword ptr ss:[ebp-F8],8893.004023DC Desktop
00403F67 mov eax,8893.00401E84                   Programs
00403F7C push 8893.004023EC                      SpecialFolders
00403FC8 mov eax,8893.00402410                   AllUsersPrograms
00403FDD push 8893.004023EC                      SpecialFolders
004041AA push 8893.00402564                      \GreenBrowser\GreenBrowser.lnk
004041E1 push 8893.004025C4                      \Mozilla Firefox\Mozilla Firefox.lnk
00404627 push 8893.004023EC                      SpecialFolders
00404687 push 8893.0040261C                      \*.lnk
00404717 mov eax,8893.00402630                   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{871C5380-42A0-1069-A2EA-
0040477E mov eax,8893.00402750                   REG_DWORD
00404783 push 8893.00402764                      regwrite
004047AE mov eax,8893.0040279C                   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\{871C5380-42A0-1069-A2EA-080
0040480B mov eax,8893.00402750                   REG_DWORD
00404814 push 8893.00402764                      regwrite
00404839 push 8893.004028B8                      \Internet Explorer.lnk
00404892 push 8893.004028B8                      \Internet Explorer.lnk
004048BA push 8893.004028EC                      \Internet Exp1orer.lnk
004048DC push 8893.0040291C                      CreateShortcut
00404921 mov eax,8893.00402984                   C:\Program Files\Internet Explorer\iexplore.exe
0040492E push 8893.004029E4                      TargetPath
0040494B push 8893.00401BA4                      xxx/kk99:/dpn
00404985 push 8893.004029FC                      Arguments
004049AD push 8893.00402A10                      Save
004049E2 mov eax,8893.00402A20                   AppData
004049F7 push 8893.004023EC                      SpecialFolders
00404A03 mov dword ptr ss:[ebp-84],8893.00402A34 \Microsoft\Internet Explorer\Quick Launch
00404A6E push 8893.0040261C                      \*.lnk
00404B57 push 8893.004028EC                      \Internet Exp1orer.lnk
00404B79 push 8893.0040291C                      CreateShortcut
00404BB8 mov eax,8893.00402984                   C:\Program Files\Internet Explorer\iexplore.exe
00404BBD push 8893.004029E4                      TargetPath
00404BE6 push 8893.00401BA4                      xxx/kk99:/dpn
00404C20 push 8893.004029FC                      Arguments
00404C4C push 8893.00402A10                      Save
00404C7B mov eax,8893.00402410                   AllUsersPrograms
00404C8A push 8893.004023EC                      SpecialFolders
00404E13 push 8893.0040291C                      CreateShortcut
00404E4B push 8893.00401BA4                      xxx/kk99:/dpn
00404E85 push 8893.004029FC                      Arguments
00404EB1 push 8893.00402A10                      Save
00404FBE push 8893.00401F78                      \
0040514E push 8893.0040291C                      CreateShortcut
00405191 push 8893.004029E4                      TargetPath
004051A3 mov dword ptr ss:[ebp-2AC],8893.00402ACC  Maxthon.exe
004051BF mov dword ptr ss:[ebp-2CC],8893.00402AE8  GreenBrowser.exe
004051DB mov dword ptr ss:[ebp-2EC],8893.00402B10  KylinBrowser.exe
004051F7 mov dword ptr ss:[ebp-30C],8893.00402B38  MyiQ.exe
00405213 mov dword ptr ss:[ebp-32C],8893.00402940  SogouExplorer.exe
0040522F mov dword ptr ss:[ebp-34C],8893.0040277C  TheWorld.exe
0040524B mov dword ptr ss:[ebp-36C],8893.00402968  firefox.exe
00405267 mov dword ptr ss:[ebp-38C],8893.004025A8  360SE.exe
00405283 mov dword ptr ss:[ebp-3AC],8893.00402B50  TTraveler.exe
004052B6 mov dword ptr ss:[ebp-3CC],8893.00402B70  iexplore.exe
004052D2 push 8893.004029E4                      TargetPath
0040531B push 8893.004029E4                      TargetPath
00405363 push 8893.004029E4                      TargetPath
004053B1 push 8893.004029E4                      TargetPath
004053FF push 8893.004029E4                      TargetPath
0040544D push 8893.004029E4                      TargetPath
0040549B push 8893.004029E4                      TargetPath
004054E9 push 8893.004029E4                      TargetPath
00405537 push 8893.004029E4                      TargetPath
004057FB push 8893.00401F78                      \
00405836 push 8893.0040291C                      CreateShortcut
0040587D push 8893.00401BA4                      xxx/kk99:/dpn
004058B7 push 8893.004029FC                      Arguments
004058DE push 8893.00402A10                      Save
00405A70 push 8893.00402B90                      cmd /c ping 127.0.0.1 -n 3 && del "
00405A84 push 8893.00402BDC                      "
00405B44 push 8893.00402BF8                      Program Manager
00405B56 push 8893.00402BE4                      Progman
00405C07 push 8893.00402C1C                      SELECT MACAddress
00405C0C push 8893.00402C48                      FROM Win32_NetworkAdapter
00405C6B push 8893.00402C84                      WHERE
00405C7A push 8893.00402C98                      ((MACAddress Is Not NULL)
00405C89 push 8893.00402CD4                      AND (Manufacturer <>
00405C98 push 8893.00402D04                      'Microsoft'))
00405CC4 mov dword ptr ss:[ebp-A0],8893.00402D24 winmgmts:
00405D19 push 8893.00402D38                      ExecQuery
00405D9E push 8893.00402D4C                      MACAddress

显示全部楼层 · 发表于 2009-8-26 22:33:21

红伞和微点没反应

显示全部楼层 · 发表于 2009-8-26 22:42:12

瑞星2010版，可以彻底清除

显示全部楼层 · 发表于 2009-8-26 23:17:51

To KL

显示全部楼层 · 发表于 2009-8-26 23:20:51

红伞不报，晕~~

显示全部楼层 · 发表于 2009-8-27 11:50:02

RS2010 KILL

显示全部楼层 · 发表于 2009-8-27 11:53:35

ikarus秒杀

[病毒样本] 这exe谁的杀软能杀掉？

本帖子中包含更多资源

本帖子中包含更多资源

回复 1楼 s0s020000 的帖子

浏览过的版块