本帖最后由 liulangzhecgr 于 2010.8.1 14:09 编辑
怎么这么多家报病毒!
http://www.virscan.org/report/e1 ... 458b83d9082464.html
好像运行后并没有生成文件啊。。。
注册表倒是添加。。。
下边是运行时生成的日子。。。是木马的行为?!
Installation Report: 加强版任务管理器,系统反黑反病毒辅助使用!
Generated by InCtrl5, version 1.0.0.0
Install program: D:\信任目录\系统进程查看器\J-Task\J-Task.exe
8-1-2010 1:18 PM
------------------------------------------------------------
Registry
********
Keys ignored: 0
---------------
* (none)
Values added: 25
----------------
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "Address"
Type: REG_DWORD
Data: FF, FF, FF, FF
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "Buttons"
Type: REG_DWORD
Data: FF, FF, FF, FF
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "Col"
Type: REG_DWORD
Data: FF, FF, FF, FF
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "ColInfo"
Type: REG_BINARY
Data: 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FD, DF, DF, FD, 0F, 00, 06, 00, 28, 00, 10, 00, 34, 00, 48, 00, 00, 00, 00, 00, 01, 00, 00, 00, 02, 00, 00, 00, 03, 00, 00, 00, 04, 00, 00, 00, 05, 00, 00, 00, B4, 00, 60, 00, 78, 00, 78, 00, B4, 00, B4, 00, 00, 00, 00, 00, 01, 00, 00, 00, 02, 00, 00, 00, 03, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "FFlags"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "HotKey"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "Links"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "MaxPos1280x1024(1).x"
Type: REG_DWORD
Data: FF, FF, FF, FF
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "MaxPos1280x1024(1).y"
Type: REG_DWORD
Data: FF, FF, FF, FF
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "MinPos1280x1024(1).x"
Type: REG_DWORD
Data: FF, FF, FF, FF
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "MinPos1280x1024(1).y"
Type: REG_DWORD
Data: FF, FF, FF, FF
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "Mode"
Type: REG_DWORD
Data: 06, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "Rev"
Type: REG_DWORD
Data: 02, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "ScrollPos1280x1024(1).x"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "ScrollPos1280x1024(1).y"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "ShowCmd"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "Sort"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "SortDir"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "Vid"
Type: REG_SZ
Data: {65F125E5-7BE1-4810-BA9D-D271C8432CE3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "WFlags"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "WinPos1280x1024(1).bottom"
Type: REG_DWORD
Data: D0, 03, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "WinPos1280x1024(1).left"
Type: REG_DWORD
Data: 0B, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "WinPos1280x1024(1).right"
Type: REG_DWORD
Data: 2B, 03, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\132\Shell "WinPos1280x1024(1).top"
Type: REG_DWORD
Data: 78, 01, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "D:\信任目录\系统进程查看器\J-Task\J-Task.exe"
Type: REG_SZ
Data: 加强版任务管理器,系统反黑反病毒辅助使用!
Values changed: 3
-----------------
HKEY_CURRENT_USER\SessionInformation "ProgramCount"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 04, 00, 00, 00
New data: 03, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\2 "MRUListEx"
Old type: REG_BINARY
New type: REG_BINARY
Old data: 16, 00, 00, 00, 0D, 00, 00, 00, 17, 00, 00, 00, 0F, 00, 00, 00, 04, 00, 00, 00, 15, 00, 00, 00, 13, 00, 00, 00, 14, 00, 00, 00, 03, 00, 00, 00, 0B, 00, 00, 00, 0E, 00, 00, 00, 12, 00, 00, 00, 11, 00, 00, 00, 0A, 00, 00, 00, 10, 00, 00, 00, 0C, 00, 00, 00, 05, 00, 00, 00, 08, 00, 00, 00, 09, 00, 00, 00, 07, 00, 00, 00, 06, 00, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, FF, FF, FF, FF
New data: 0D, 00, 00, 00, 16, 00, 00, 00, 17, 00, 00, 00, 0F, 00, 00, 00, 04, 00, 00, 00, 15, 00, 00, 00, 13, 00, 00, 00, 14, 00, 00, 00, 03, 00, 00, 00, 0B, 00, 00, 00, 0E, 00, 00, 00, 12, 00, 00, 00, 11, 00, 00, 00, 0A, 00, 00, 00, 10, 00, 00, 00, 0C, 00, 00, 00, 05, 00, 00, 00, 08, 00, 00, 00, 09, 00, 00, 00, 07, 00, 00, 00, 06, 00, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, FF, FF, FF, FF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG "Seed"
Old type: REG_BINARY
New type: REG_BINARY
Old data: A4, C1, 0E, EF, C0, 1F, 2E, 11, 84, 0C, 9A, 67, 25, D5, 47, 73, 35, 24, 43, 56, 1A, 9E, 1E, C5, 0F, 0A, 60, 99, 52, 32, 69, 1D, 79, CD, 9E, B1, 1B, B6, E2, 9F, DC, 8D, F0, 2D, 9E, 83, 89, EC, E1, 01, 07, 37, 6F, DC, 02, B6, 55, A0, 97, CD, 12, 84, B4, FD, F1, 21, 1D, 42, 13, 2F, 8A, F3, F1, 66, F1, 26, 6C, BF, 4D, 0E
New data: 31, 96, A9, 5E, 95, 80, 70, ED, DA, CD, D7, 9A, 33, CC, 52, 5A, 02, 9E, D7, E5, 4C, 17, 27, 3B, FC, 16, 13, 27, CF, F6, BD, F6, 77, 24, 32, 17, 81, C1, 0B, 1F, 03, F8, 26, 43, 50, 10, 8E, 24, 20, 51, 23, 85, D3, D7, 39, EB, E2, D1, 48, 4B, 18, C8, 4D, E0, 04, 98, 56, A2, A7, 36, 50, 36, A6, E9, C7, FE, FA, 99, 76, 8A
------------------------------------------------------------
Disk contents
*************
Drives tracked: 4
-----------------
* c:\
* d:\
* e:\
* f:\
Files changed: 9
----------------
c:\Documents and Settings\Administrator\ntuser.dat.LOG
Old date: 8-1-2010 1:17 PM
New date: 8-1-2010 1:17 PM
Old size: 1,024 bytes
New size: 1,024 bytes
c:\Documents and Settings\Administrator\Cookies\index.dat
Old date: 8-1-2010 1:15 PM
New date: 8-1-2010 1:16 PM
Old size: 32,768 bytes
New size: 32,768 bytes
c:\Documents and Settings\Administrator\IETldCache\index.dat
Old date: 8-1-2010 12:54 PM
New date: 8-1-2010 1:16 PM
Old size: 16,384 bytes
New size: 16,384 bytes
c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Old date: 8-1-2010 1:15 PM
New date: 8-1-2010 1:16 PM
Old size: 65,536 bytes
New size: 65,536 bytes
c:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Old date: 8-1-2010 1:15 PM
New date: 8-1-2010 1:16 PM
Old size: 786,432 bytes
New size: 786,432 bytes
c:\WINDOWS\system32\config\software.LOG
Old date: 8-1-2010 1:16 PM
New date: 8-1-2010 1:17 PM
Old size: 1,024 bytes
New size: 1,024 bytes
c:\WINDOWS\system32\config\system.LOG
Old date: 8-1-2010 1:16 PM
New date: 8-1-2010 1:17 PM
Old size: 1,024 bytes
New size: 1,024 bytes
d:\信任目录\系统进程查看器\J-Task\JiaGeLog.log
Old date: 8-1-2010 1:03 PM
New date: 8-1-2010 1:17 PM
Old size: 1,068 bytes
New size: 1,630 bytes
d:\信任目录\系统进程查看器\J-Task\Settings.ini
Old date: 8-1-2010 1:03 PM
New date: 8-1-2010 1:17 PM
Old size: 550 bytes
New size: 550 bytes
------------------------------------------------------------
INI file
********
Ini files tracked: 4
--------------------
* C:\boot.ini
* c:\windows\control.ini
* c:\windows\system.ini
* c:\windows\win.ini
------------------------------------------------------------
Text file
*********
Text files tracked: 2
---------------------
* c:\windows\system32\autoexec.nt
* c:\windows\system32\config.nt
------------------------------------------------------------
InCtrl5, Copyright ?2000 by Ziff Davis Media, Inc.
Written by Neil J. Rubenking
First published in PC Magazine, December 5, 2000.
|
[复制链接]
发表于 2010-8-1 12:25:03
楼主
