过主流2 (天天更新) (此帖完,1024楼有新帖子地址)

显示全部楼层 · 发表于 2010-9-20 13:14:20

回复 200楼 网名丢失 的帖子
不清楚什么原因，但是我很高兴。

显示全部楼层 · 发表于 2010-9-20 13:16:22

哎，全过了红伞和小A啊，为什么国内的杀毒软件总能查杀？我觉得有点怪怪。
网名丢失发表于 2010.9.20 13:00

金山的云在样本区很威武的

显示全部楼层 · 发表于 2010-9-20 13:19:56

金山的云在样本区很威武的
bbs2811125 发表于 2010.9.20 13:16

原来如此啊。

显示全部楼层 · 发表于 2010-9-20 13:20:55

原来如此啊。
网名丢失发表于 2010.9.20 13:19

用网盾的下载保护就知道了（加密的除外）~基本都会报，不报的几分钟以后就会有结果

显示全部楼层 · 发表于 2010-9-20 13:22:10

回复 204楼 bbs2811125 的帖子
可惜网盾不支持opera浏览器

显示全部楼层 · 发表于 2010-9-20 13:23:09

回复
可惜网盾不支持opera浏览器
网名丢失发表于 2010.9.20 13:22

不是说全局支持的么……那我就不清楚了

显示全部楼层 · 发表于 2010-9-20 13:26:59

不是说全局支持的么……那我就不清楚了
bbs2811125 发表于 2010.9.20 13:23

是啊，我也是因为它说是全支持我才装了网盾的，结果装了之后，我用opera下载东西他从来就没有过任何提示。它监控不到我用opera下载的任何东西。

显示全部楼层 · 发表于 2010-9-20 13:27:48

回复 207楼 网名丢失 的帖子

我的金山卫士下载保护也从来没报过

显示全部楼层 · 发表于 2010-9-20 14:40:46

咖啡企业版压缩包测不出来？

显示全部楼层 · 发表于 2010-9-20 16:36:08

手杀！
Installation Report: ase
Generated by InCtrl5, version 1.0.0.0
Install program: E:\downloads\750089-441\qd.exe
9-20-2010 3:31 PM

------------------------------------------------------------
Registry
********

Keys ignored: 0
---------------
* (none)

Keys added: 44
--------------
HKEY_CLASSES_ROOT\AppID\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}
HKEY_CLASSES_ROOT\AppID\BHO.DLL
HKEY_CLASSES_ROOT\BHO.MsnPlayer
HKEY_CLASSES_ROOT\BHO.MsnPlayer\CLSID
HKEY_CLASSES_ROOT\BHO.MsnPlayer\CurVer
HKEY_CLASSES_ROOT\BHO.MsnPlayer.1
HKEY_CLASSES_ROOT\BHO.MsnPlayer.1\CLSID
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\ProgID
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\Programmable
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\VersionIndependentProgID
HKEY_CLASSES_ROOT\Interface\{B1A1E850-6F97-4FAF-AADA-FB15F8951391}
HKEY_CLASSES_ROOT\Interface\{B1A1E850-6F97-4FAF-AADA-FB15F8951391}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{B1A1E850-6F97-4FAF-AADA-FB15F8951391}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{B1A1E850-6F97-4FAF-AADA-FB15F8951391}\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}\1.0
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SCHEDULE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\r
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\r
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\r
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Shares\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SCHEDULE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea\Security

Keys deleted: 7
---------------
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\?
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\淺
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\淺
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\淺
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\?
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\?
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Shares\(

Values added: 70
----------------
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs "url3"
Type: REG_SZ
Data: http://bbs.kafan.cn/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs "url4"
Type: REG_SZ
Data: http://bbs.duba.net/
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "E:\downloads\750089-441\qd.exe"
Type: REG_SZ
Data: ase
HKEY_CLASSES_ROOT\AppID\{FFC8DBFF-519D-4F3B-A541-98A0807DD801} "(Default)"
Type: REG_SZ
Data: BHO
HKEY_CLASSES_ROOT\AppID\BHO.DLL "AppID"
Type: REG_SZ
Data:
HKEY_CLASSES_ROOT\BHO.MsnPlayer "(Default)"
Type: REG_SZ
Data: CMsnPlayer Object
HKEY_CLASSES_ROOT\BHO.MsnPlayer\CLSID "(Default)"
Type: REG_SZ
Data: {94F3CE47-FC4B-4DCC-B623-99C0569C96B4}
HKEY_CLASSES_ROOT\BHO.MsnPlayer\CurVer "(Default)"
Type: REG_SZ
Data: BHO.MsnPlayer.1
HKEY_CLASSES_ROOT\BHO.MsnPlayer.1 "(Default)"
Type: REG_SZ
Data: CMsnPlayer Object
HKEY_CLASSES_ROOT\BHO.MsnPlayer.1\CLSID "(Default)"
Type: REG_SZ
Data: {94F3CE47-FC4B-4DCC-B623-99C0569C96B4}
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4} "(Default)"
Type: REG_SZ
Data: CMsnPlayer Object
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4} "AppID"
Type: REG_SZ
Data:
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\InprocServer32 "(Default)"
Type: REG_SZ
Data: C:\WINDOWS\system32\8a7o.dll
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\InprocServer32 "ThreadingModel"
Type: REG_SZ
Data: apartment
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\ProgID "(Default)"
Type: REG_SZ
Data: BHO.MsnPlayer.1
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\TypeLib "(Default)"
Type: REG_SZ
Data: {FFC8DBFF-519D-4F3B-A541-98A0807DD801}
HKEY_CLASSES_ROOT\CLSID\{94F3CE47-FC4B-4DCC-B623-99C0569C96B4}\VersionIndependentProgID "(Default)"
Type: REG_SZ
Data: BHO.MsnPlayer
HKEY_CLASSES_ROOT\Interface\{B1A1E850-6F97-4FAF-AADA-FB15F8951391} "(Default)"
Type: REG_SZ
Data: IMsnPlayer
HKEY_CLASSES_ROOT\Interface\{B1A1E850-6F97-4FAF-AADA-FB15F8951391}\ProxyStubClsid "(Default)"
Type: REG_SZ
Data: {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B1A1E850-6F97-4FAF-AADA-FB15F8951391}\ProxyStubClsid32 "(Default)"
Type: REG_SZ
Data: {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B1A1E850-6F97-4FAF-AADA-FB15F8951391}\TypeLib "(Default)"
Type: REG_SZ
Data: {FFC8DBFF-519D-4F3B-A541-98A0807DD801}
HKEY_CLASSES_ROOT\Interface\{B1A1E850-6F97-4FAF-AADA-FB15F8951391}\TypeLib "Version"
Type: REG_SZ
Data: 1.0
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}\1.0 "(Default)"
Type: REG_SZ
Data: BHO 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}\1.0\0\win32 "(Default)"
Type: REG_SZ
Data: C:\WINDOWS\system32\8a7o.dll
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}\1.0\FLAGS "(Default)"
Type: REG_SZ
Data: 0
HKEY_CLASSES_ROOT\TypeLib\{FFC8DBFF-519D-4F3B-A541-98A0807DD801}\1.0\HELPDIR "(Default)"
Type: REG_SZ
Data: C:\WINDOWS\system32\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA "NextInstance"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000 "Class"
Type: REG_SZ
Data: LegacyDriver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000 "ClassGUID"
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000 "ConfigFlags"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000 "DeviceDesc"
Type: REG_SZ
Data: Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000 "Legacy"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000 "Service"
Type: REG_SZ
Data: Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000\Control "*NewlyCreated*"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MDLEA\0000\Control "ActiveService"
Type: REG_SZ
Data: Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SCHEDULE\0000\Control "ActiveService"
Type: REG_SZ
Data: Schedule
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Mdlea "EventMessageFile"
Type: REG_EXPAND_SZ
Data: C:\WINDOWS\system32\a77d.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Mdlea "TypesSupported"
Type: REG_DWORD
Data: 07, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea "DisplayName"
Type: REG_SZ
Data: Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea "ErrorControl"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea "ImagePath"
Type: REG_EXPAND_SZ
Data: C:\WINDOWS\system32\a77d.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea "ObjectName"
Type: REG_SZ
Data: LocalSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea "Start"
Type: REG_DWORD
Data: 02, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea "Type"
Type: REG_DWORD
Data: 10, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea\Enum "0"
Type: REG_SZ
Data: Root\LEGACY_MDLEA\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea\Enum "Count"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea\Enum "NextInstance"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mdlea\Security "Security"
Type: REG_BINARY
Data: 01, 00, 14, 80, 90, 00, 00, 00, 9C, 00, 00, 00, 14, 00, 00, 00, 30, 00, 00, 00, 02, 00, 1C, 00, 01, 00, 00, 00, 02, 80, 14, 00, FF, 01, 0F, 00, 01, 01, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 02, 00, 60, 00, 04, 00, 00, 00, 00, 00, 14, 00, FD, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00, 00, 00, 00, 18, 00, FF, 01, 0F, 00, 01, 02, 00, 00, 00, 00, 00, 05, 20, 00, 00, 00, 20, 02, 00, 00, 00, 00, 14, 00, 8D, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05, 0B, 00, 00, 00, 00, 00, 18, 00, FD, 01, 02, 00, 01, 02, 00, 00, 00, 00, 00, 05, 20, 00, 00, 00, 23, 02, 00, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA "NextInstance"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000 "Class"
Type: REG_SZ
Data: LegacyDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000 "ClassGUID"
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000 "ConfigFlags"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000 "DeviceDesc"
Type: REG_SZ
Data: Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000 "Legacy"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000 "Service"
Type: REG_SZ
Data: Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000\Control "*NewlyCreated*"
Type: REG_DWORD
Data: 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MDLEA\0000\Control "ActiveService"
Type: REG_SZ
Data: Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SCHEDULE\0000\Control "ActiveService"
Type: REG_SZ
Data: Schedule
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Mdlea "EventMessageFile"
Type: REG_EXPAND_SZ
Data: C:\WINDOWS\system32\a77d.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Mdlea "TypesSupported"
Type: REG_DWORD
Data: 07, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea "DisplayName"
Type: REG_SZ
Data: Mdlea
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea "ErrorControl"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea "ImagePath"
Type: REG_EXPAND_SZ
Data: C:\WINDOWS\system32\a77d.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea "ObjectName"
Type: REG_SZ
Data: LocalSystem
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea "Start"
Type: REG_DWORD
Data: 02, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea "Type"
Type: REG_DWORD
Data: 10, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea\Enum "0"
Type: REG_SZ
Data: Root\LEGACY_MDLEA\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea\Enum "Count"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea\Enum "NextInstance"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdlea\Security "Security"
Type: REG_BINARY
Data: 01, 00, 14, 80, 90, 00, 00, 00, 9C, 00, 00, 00, 14, 00, 00, 00, 30, 00, 00, 00, 02, 00, 1C, 00, 01, 00, 00, 00, 02, 80, 14, 00, FF, 01, 0F, 00, 01, 01, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 02, 00, 60, 00, 04, 00, 00, 00, 00, 00, 14, 00, FD, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00, 00, 00, 00, 18, 00, FF, 01, 0F, 00, 01, 02, 00, 00, 00, 00, 00, 05, 20, 00, 00, 00, 20, 02, 00, 00, 00, 00, 14, 00, 8D, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05, 0B, 00, 00, 00, 00, 00, 18, 00, FD, 01, 02, 00, 01, 02, 00, 00, 00, 00, 00, 05, 20, 00, 00, 00, 23, 02, 00, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00, 00

Values deleted: 1
-----------------
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\?"Time"
Type: REG_BINARY
Data: 苄s?U?

Values changed: 20
------------------
HKEY_CURRENT_USER\SessionInformation "ProgramCount"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 03, 00, 00, 00
New data: 02, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs "url1"
Old type: REG_SZ
New type: REG_SZ
Old data: http://bbs.kafan.cn/
New data: 本地磁盘 (e:)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs "url2"
Old type: REG_SZ
New type: REG_SZ
Old data: http://bbs.duba.net/
New data: 本地磁盘 (d:)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings"
Old type: REG_BINARY
New type: REG_BINARY
Old data: 3C, 00, 00, 00, 81, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 10, D4, 39, DD, 53, 4D, CB, 01, 01, 00, 00, 00, C0, A8, 00, 66, 00, 00, 00, 00, 00, 00, 00, 00
New data: 3C, 00, 00, 00, 82, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 10, D4, 39, DD, 53, 4D, CB, 01, 01, 00, 00, 00, C0, A8, 00, 66, 00, 00, 00, 00, 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\67\Shell "WinPos1024x768(1).bottom"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 80, 02, 00, 00
New data: 65, 02, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\67\Shell "WinPos1024x768(1).left"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 66, 00, 00, 00
New data: 9C, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\67\Shell "WinPos1024x768(1).right"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 86, 03, 00, 00
New data: BC, 03, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\67\Shell "WinPos1024x768(1).top"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 28, 00, 00, 00
New data: 0D, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG "Seed"
Old type: REG_BINARY
New type: REG_BINARY
Old data: D6, 68, 5A, 29, 7C, 2E, 99, BD, 97, 8D, 21, 26, 47, 64, C3, CA, 26, 10, 3A, 55, D3, 39, E5, 3A, E1, 5D, 0A, 74, FB, 4D, 67, 63, 58, 08, 06, FF, 79, 82, 54, B7, C9, 39, 71, 6A, FA, 08, FF, 56, 4B, A4, 95, 7B, 3A, 47, 82, 9F, 2A, D3, D9, 84, 7D, 28, 26, DE, 49, B0, 8A, F6, 64, 17, 05, 94, CB, B5, 19, 54, 18, DD, CB, 58
New data: 77, EB, 74, 1C, F6, D9, 58, C9, CF, 5D, A3, 30, 33, 55, 20, 62, 31, 48, B6, F6, CD, 3A, EB, 57, 4C, 00, 5B, 02, 85, E1, AA, AD, D9, E2, F4, B6, BE, C2, 2F, 98, 32, 89, 4A, C9, 59, C1, 6E, D2, A0, E2, EE, CE, 00, 93, C0, ED, 83, 8A, 4E, AD, 1D, 9F, E0, 98, C6, F2, DC, F6, 5F, 6A, 50, 32, 66, F3, 39, 20, D4, 92, CB, 84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher "StartTime"
Old type: REG_SZ
New type: REG_SZ
Old data: 2010/09/20-12:55:55
New data: 2010/09/20-15:30:30
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher "TracesProcessed"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 3F, 00, 00, 00
New data: 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher "TracesSuccessful"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 3F, 00, 00, 00
New data: 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent "(Default)"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 0B, 00, 00, 00
New data: 0C, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager "PendingFileRenameOperations"
Old type: REG_MULTI_SZ
New type: REG_MULTI_SZ
Old data: 5C, 3F, 3F, 5C, 63, 3A, 5C, 64, 6F, 63, 75, 6D, 65, 6E, 74, 73, 20, 61, 6E, 64, 20, 73, 65, 74, 74, 69, 6E, 67, 73, 5C, 61, 6C, 6C, 20, 75, 73, 65, 72, 73, 5C, 61, 70, 70, 6C, 69, 63, 61, 74, 69, 6F, 6E, 20, 64, 61, 74, 61, 5C, 6B, 69, 6E, 67, 73, 6F, 66, 74, 5C, 6B, 69, 73, 5C, 75, 70, 6C, 69, 76, 65, 5C, 6B, 69, 73, 6C, 69, 76, 65, 32, 36, 32, 36, 64, 34, 61, 63, 72, 65, 75, 70, 64, 61, 74, 65, 2E, 64, 61, 74, 00, 00, 00
New data: (data too large: 651 bytes)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application "Sources"
Old type: REG_MULTI_SZ
New type: REG_MULTI_SZ
Old data: (data too large: 699 bytes)
New data: (data too large: 705 bytes)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule "Start"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 04, 00, 00, 00
New data: 02, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent "(Default)"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 0B, 00, 00, 00
New data: 0C, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager "PendingFileRenameOperations"
Old type: REG_MULTI_SZ
New type: REG_MULTI_SZ
Old data: 5C, 3F, 3F, 5C, 63, 3A, 5C, 64, 6F, 63, 75, 6D, 65, 6E, 74, 73, 20, 61, 6E, 64, 20, 73, 65, 74, 74, 69, 6E, 67, 73, 5C, 61, 6C, 6C, 20, 75, 73, 65, 72, 73, 5C, 61, 70, 70, 6C, 69, 63, 61, 74, 69, 6F, 6E, 20, 64, 61, 74, 61, 5C, 6B, 69, 6E, 67, 73, 6F, 66, 74, 5C, 6B, 69, 73, 5C, 75, 70, 6C, 69, 76, 65, 5C, 6B, 69, 73, 6C, 69, 76, 65, 32, 36, 32, 36, 64, 34, 61, 63, 72, 65, 75, 70, 64, 61, 74, 65, 2E, 64, 61, 74, 00, 00, 00
New data: (data too large: 651 bytes)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application "Sources"
Old type: REG_MULTI_SZ
New type: REG_MULTI_SZ
Old data: (data too large: 699 bytes)
New data: (data too large: 705 bytes)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule "Start"
Old type: REG_DWORD
New type: REG_DWORD
Old data: 04, 00, 00, 00
New data: 02, 00, 00, 00
------------------------------------------------------------
Disk contents
*************

Drives tracked: 3
-----------------
* c:\
* d:\
* e:\

Folders added: 3
----------------
c:\Documents and Settings\Administrator\Local Settings\Temp\h8gi24o8
c:\Documents and Settings\All Users\Application Data\t
c:\Documents and Settings\All Users\Application Data\t\ad

Files added: 18
---------------
c:\WINDOWS\8fad.exe
Date: 9-20-2010 3:30 PM
Size: 112,640 bytes
c:\WINDOWS\b8fd.flv
Date: 9-20-2010 10:41 AM
Size: 70,144 bytes
c:\WINDOWS\fa0u.bmp
Date: 9-20-2010 3:30 PM
Size: 227,840 bytes
c:\WINDOWS\Prefetch\A77D.EXE-0A8A9FB7.pf
Date: 9-20-2010 3:30 PM
Size: 13,026 bytes
c:\WINDOWS\Prefetch\LSASS.EXE-20DB6D1B.pf
Date: 9-20-2010 3:30 PM
Size: 21,280 bytes
c:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
Date: 9-20-2010 3:30 PM
Size: 19,160 bytes
c:\WINDOWS\Prefetch\RUNDLL32.EXE-13DBD163.pf
Date: 9-20-2010 3:30 PM
Size: 22,330 bytes
c:\WINDOWS\Prefetch\RUNDLL32.EXE-1D7622E9.pf
Date: 9-20-2010 3:30 PM
Size: 20,046 bytes
c:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf
Date: 9-20-2010 3:30 PM
Size: 18,206 bytes
c:\WINDOWS\Prefetch\SPOOLSV.EXE-282F76A7.pf
Date: 9-20-2010 3:30 PM
Size: 11,316 bytes
c:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
Date: 9-20-2010 3:30 PM
Size: 21,504 bytes
c:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
Date: 9-20-2010 3:30 PM
Size: 13,436 bytes
c:\WINDOWS\system32\08b
Date: 9-20-2010 3:30 PM
Size: 68 bytes
c:\WINDOWS\system32\-71-3210-4
Date: 9-20-2010 3:30 PM
Size: 30 bytes
c:\WINDOWS\system32\8a7o.dll
Date: 9-20-2010 3:30 PM
Size: 112,640 bytes
c:\WINDOWS\system32\8f1e.dll
Date: 9-20-2010 3:30 PM
Size: 227,840 bytes
c:\WINDOWS\system32\a77d.exe
Date: 9-20-2010 10:41 AM
Size: 70,144 bytes
c:\WINDOWS\Tasks\ms.job
Date: 9-20-2010 3:30 PM
Size: 260 bytes

Files changed: 13
-----------------
c:\Documents and Settings\Administrator\ntuser.dat.LOG
Old date: 9-20-2010 3:30 PM
New date: 9-20-2010 3:30 PM
Old size: 1,024 bytes
New size: 1,024 bytes
c:\Documents and Settings\Administrator\Cookies\index.dat
Old date: 9-20-2010 3:25 PM
New date: 9-20-2010 3:30 PM
Old size: 32,768 bytes
New size: 32,768 bytes
c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Old date: 9-20-2010 3:26 PM
New date: 9-20-2010 3:30 PM
Old size: 49,152 bytes
New size: 49,152 bytes
c:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Old date: 9-20-2010 3:26 PM
New date: 9-20-2010 3:30 PM
Old size: 229,376 bytes
New size: 229,376 bytes
c:\Program Files\Kingsoft\webshield\kse\kse_wfsdata\KSWebShield_tmpa0.dat
Old date: 9-20-2010 3:30 PM
New date: 9-20-2010 3:31 PM
Old size: 0 bytes
New size: 0 bytes
c:\Program Files\Kingsoft\webshield\webui\icon\btbg.gif
Old date: 9-20-2010 3:30 PM
New date: 9-20-2010 3:31 PM
Old size: 1,069 bytes
New size: 1,069 bytes
c:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
Old date: 9-20-2010 2:44 PM
New date: 9-20-2010 3:30 PM
Old size: 18,588 bytes
New size: 18,996 bytes
c:\WINDOWS\system32\config\SECURITY
Old date: 9-20-2010 2:44 PM
New date: 9-20-2010 3:30 PM
Old size: 262,144 bytes
New size: 262,144 bytes
c:\WINDOWS\system32\config\SECURITY.LOG
Old date: 9-20-2010 3:02 PM
New date: 9-20-2010 3:30 PM
Old size: 1,024 bytes
New size: 1,024 bytes
c:\WINDOWS\system32\config\software.LOG
Old date: 9-20-2010 3:28 PM
New date: 9-20-2010 3:30 PM
Old size: 1,024 bytes
New size: 1,024 bytes
c:\WINDOWS\system32\config\system.LOG
Old date: 9-20-2010 3:28 PM
New date: 9-20-2010 3:30 PM
Old size: 1,024 bytes
New size: 1,024 bytes
c:\WINDOWS\system32\wbem\Logs\wbemess.log
Old date: 9-20-2010 3:24 PM
New date: 9-20-2010 3:30 PM
Old size: 8,664 bytes
New size: 8,856 bytes
c:\WINDOWS\Tasks\SA.DAT
Old date: 9-20-2010 2:44 PM
New date: 9-20-2010 3:30 PM
Old size: 6 bytes
New size: 6 bytes
------------------------------------------------------------
INI file
********

Ini files tracked: 4
--------------------
* C:\boot.ini
* c:\windows\control.ini
* c:\windows\system.ini
* c:\windows\win.ini
------------------------------------------------------------
Text file
*********

Text files tracked: 2
---------------------
* c:\windows\system32\autoexec.nt
* c:\windows\system32\config.nt
------------------------------------------------------------
InCtrl5, Copyright ?2000 by Ziff Davis Media, Inc.
Written by Neil J. Rubenking
First published in PC Magazine, December 5, 2000.

[病毒样本] 过主流2 (天天更新) (此帖完,1024楼有新帖子地址)