setup x1

显示全部楼层 · 发表于 2010-10-16 07:59:36

miss，to xandora(panda)

显示全部楼层 · 发表于 2010-10-16 09:34:51

avast悲剧了

显示全部楼层 · 发表于 2010-10-16 10:24:11

具有明显的病毒特征：
以下来自SysMechanic的详细报告
系统变化报告:       可疑代码安装监视
==========================================
由系统机械师安全安装创建
星期六, 十月 16, 2010  02:07 AM
系统变化跟踪的方式:             磁盘内容比较
被跟踪的驱动器:
C:\
D:\
已添加的文件和目录:       (39)
C:\Documents and Settings\YongGuang\Favorites\常用
C:\Documents and Settings\YongGuang\Local Settings\Application Data\Microsoft\Internet
Explorer\Recovery\Active\{0718592C-D887-11DF-9012-0012F0E2196E}.dat
C:\Documents and Settings\YongGuang\Local Settings\Application Data\Microsoft\Internet
Explorer\Recovery\Active\{0718592E-D887-11DF-9012-0012F0E2196E}.dat
C:\Documents and Settings\YongGuang\Local Settings\Application Data\Microsoft\Internet
Explorer\Recovery\Active\RecoveryStore.{0718592B-D887-11DF-9012-0012F0E2196E}.dat
C:\Program Files\huanbang123
C:\Program Files\huanbang123\info.desc
C:\Program Files\huanbang123\InstallDll.dll
C:\Program Files\huanbang123\unins000.dat
C:\Program Files\huanbang123\unins000.exe
C:\WINDOWS\data1
C:\WINDOWS\fsvr.lex
C:\WINDOWS\Install.tmp
C:\WINDOWS\wintemp_64
C:\WINDOWS\wintemp_64\2xi.ico
C:\WINDOWS\wintemp_64\altersvr.dll
C:\WINDOWS\wintemp_64\Config.ini
C:\WINDOWS\wintemp_64\dangdangwang.ico
C:\WINDOWS\wintemp_64\data1
C:\WINDOWS\wintemp_64\fsvr.lex
C:\WINDOWS\wintemp_64\hao.ico
C:\WINDOWS\wintemp_64\Install.tmp
C:\WINDOWS\wintemp_64\LC.ico
C:\WINDOWS\wintemp_64\minigame.ico
C:\WINDOWS\wintemp_64\mzsg.ico
C:\WINDOWS\wintemp_64\PPN1.ico
C:\WINDOWS\wintemp_64\rd.txt
C:\WINDOWS\wintemp_64\sanguo.ico
C:\WINDOWS\wintemp_64\taobao.ico
C:\WINDOWS\wintemp_64\Xianjian.ico
C:\WINDOWS\wintemp_64\zhuoyue.ico
D:\Temp IE\Internet 临时文件\Content.IE5\0MK1MJN4\css[1].css
D:\Temp IE\Internet 临时文件\Content.IE5\0MK1MJN4\fromparm[1].js
D:\Temp IE\Internet 临时文件\Content.IE5\BZO6YZ43\jquery[1].js
D:\Temp IE\Internet 临时文件\Content.IE5\TYBYLO7K\default[2].htm
D:\Temp IE\Internet 临时文件\Content.IE5\TYBYLO7K\md5[1].js
D:\Temp IE\Internet 临时文件\Content.IE5\TYBYLO7K\tongji[1].js
D:\Temp\~DF2372.tmp
D:\Temp\~DF237A.tmp
D:\Temp\Perflib_Perfdata_9b4.dat
已删除的文件和目录:          (2)
C:\Documents and Settings\YongGuang\Local Settings\Application Data\Microsoft\Internet
Explorer\Recovery\Last Active\{958533DB-D886-11DF-9012-0012F0E2196E}.dat
C:\Documents and Settings\YongGuang\Local Settings\Application Data\Microsoft\Internet
Explorer\Recovery\Last Active\RecoveryStore.{958533DA-D886-11DF-9012-0012F0E2196E}.dat
已改变的文件:  (27)
C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS\log\uplive\kxeupchk.log
C:\Documents and Settings\All Users\Application Data\KSafe\Cache
C:\Documents and Settings\All Users\Application Data\TSLOG
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
\NHECD62T
C:\Documents and Settings\YongGuang\Cookies\index.dat
C:\Documents and Settings\YongGuang\IECompatCache\index.dat
C:\Documents and Settings\YongGuang\IETldCache\index.dat
C:\Documents and Settings\YongGuang\Local Settings\Application Data\Microsoft\Feeds
Cache\index.dat
C:\Documents and Settings\YongGuang\Local Settings\Application Data\Microsoft\Internet
Explorer\Recovery\Active
C:\Documents and Settings\YongGuang\Local Settings\Application Data\Microsoft\Internet
Explorer\Recovery\Last Active
C:\Documents and Settings\YongGuang\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\YongGuang\ntuser.dat.LOG
C:\Documents and Settings\YongGuang\PrivacIE\index.dat
C:\Documents and Settings\YongGuang\Recent
C:\Program Files
C:\Program Files\Common Files\Kingsoft\kiscommon\security\kxescan\kse_wfsdata
C:\Program Files\Common
Files\Kingsoft\kiscommon\security\kxescan\kse_wfsdata\kxescore_tmpa0.dat
C:\Program Files\Common Files\Kingsoft\kiscommon\update\Policy1311
C:\Program Files\System Mechanic\SafeInstall Reports
C:\WINDOWS
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
C:\WINDOWS\SoftwareDistribution\DataStore\Logs
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\config\system.LOG
C:\WINDOWS\system32\wbem\Logs\wbemcore.log
D:\Program Files\Kingsoft\webshield\webui\icon\btbg.gif
D:\Temp IE\Internet 临时文件\Content.IE5\index.dat
无改变产生到    C:\WINDOWS\SYSTEM.INI...
无改变产生到    C:\WINDOWS\WIN.INI...
已添加的注册表键: (13)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.\Shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.\Shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{25DBCE51-6C8F-4A72-8A6D-
B54C2B4FC835}\C
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\H
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-
08002BE10318}\C
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\C
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Environments\Windows NT x86\Drivers\7
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_8086&DEV_3582&SUBSYS_92001584&REV_02
\3&267a616a&0&10\CompatibleID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_8086&DEV_3582&SUBSYS_92001584&REV_02
\3&267a616a&0&11\CompatibleID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\pn?
已删除的注册表键:    (8)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{25DBCE51-6C8F-4A72-8A6D-
B54C2B4FC835}\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-
08002BE10318}\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\SspiCache\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Environments\Windows NT x86\Drivers\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_8086&DEV_3582&SUBSYS_92001584&REV_02
\3&267a616a&0&10\DeviceDesc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_8086&DEV_3582&SUBSYS_92001584&REV_02
\3&267a616a&0&11\DeviceDesc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\#
已改变的注册表键值:       (68)
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003\Software\Microsoft\Internet
Explorer\Main
键值 "Start Page": 从 "about:blank" 到 "http://www.111222la.info/hao123.html"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003\Software\Microsoft\Internet
Explorer\Main
键值 "Window_Placement": 二进制数值已改变
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component
Categories\{00021493-0000-0000-C000-000000000046}\Enum
键值 "Implementing": 二进制数值已改变
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component
Categories\{00021494-0000-0000-C000-000000000046}\Enum
键值 "Implementing": 二进制数值已改变
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
\iexplore
键值 "Count": 从 "624" 到 "625"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
\iexplore
键值 "Time": 从 "DA,07,0A,00,05,00,0F,00,12,00,01,00,37,00,86,01" 到
"DA,07,0A,00,05,00,0F,00,12,00,07,00,0C,00,32,02"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
\iexplore
键值 "Count": 从 "624" 到 "625"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
\iexplore
键值 "Time": 从 "DA,07,0A,00,05,00,0F,00,12,00,01,00,37,00,86,01" 到
"DA,07,0A,00,05,00,0F,00,12,00,07,00,0C,00,32,02"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{779322F5-6D5C-456E-9483-DF830D6BAFD5}
\iexplore
键值 "Count": 从 "3561" 到 "3563"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{779322F5-6D5C-456E-9483-DF830D6BAFD5}
\iexplore
键值 "LoadTime": 从 "1132" 到 "762"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{779322F5-6D5C-456E-9483-DF830D6BAFD5}
\iexplore
键值 "Time": 从 "DA,07,0A,00,05,00,0F,00,12,00,04,00,19,00,CB,00" 到
"DA,07,0A,00,05,00,0F,00,12,00,07,00,18,00,1C,03"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
\iexplore
键值 "Count": 从 "683" 到 "684"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
\iexplore
键值 "Time": 从 "DA,07,0A,00,05,00,0F,00,12,00,01,00,37,00,86,01" 到
"DA,07,0A,00,05,00,0F,00,12,00,07,00,0C,00,32,02"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}
\iexplore
键值 "Count": 从 "1450" 到 "1452"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}
\iexplore
键值 "LoadTime": 从 "2" 到 "20"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}
\iexplore
键值 "Time": 从 "DA,07,0A,00,05,00,0F,00,12,00,03,00,1C,00,99,03" 到
"DA,07,0A,00,05,00,0F,00,12,00,07,00,19,00,7D,00"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2F8A635-8B0F-47BF-915E-6F456767A300}
\iexplore
键值 "Count": 从 "3668" 到 "3670"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2F8A635-8B0F-47BF-915E-6F456767A300}
\iexplore
键值 "LoadTime": 从 "38" 到 "54"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2F8A635-8B0F-47BF-915E-6F456767A300}
\iexplore
键值 "Time": 从 "DA,07,0A,00,05,00,0F,00,12,00,03,00,1C,00,A9,03" 到
"DA,07,0A,00,05,00,0F,00,12,00,07,00,19,00,CB,00"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}
\iexplore
键值 "Count": 从 "686" 到 "687"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}
\iexplore
键值 "Time": 从 "DA,07,0A,00,05,00,0F,00,12,00,01,00,37,00,86,01" 到
"DA,07,0A,00,05,00,0F,00,12,00,07,00,0C,00,42,02"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}
\iexplore
键值 "Count": 从 "686" 到 "687"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}
\iexplore
键值 "Time": 从 "DA,07,0A,00,05,00,0F,00,12,00,01,00,37,00,A5,01" 到
"DA,07,0A,00,05,00,0F,00,12,00,07,00,0C,00,42,02"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
键值 "DefaultConnectionSettings": 二进制数值已改变
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
键值 "SavedLegacySettings": 二进制数值已改变
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG
键值 "Seed": 二进制数值已改变
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher
键值 "TracesProcessed": 从 "11" 到 "19"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher
键值 "TracesSuccessful": 从 "9" 到 "13"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters
键值 "{5A038C85-CB4F-4ABE-ADCE-6C657BF22D49}": 二进制数值已改变
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum
键值 "Count": 从 "0" 到 "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum
键值 "NextInstance": 从 "0" 到 "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters
键值 "{5A038C85-CB4F-4ABE-ADCE-6C657BF22D49}": 二进制数值已改变
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum
键值 "Count": 从 "0" 到 "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum
键值 "NextInstance": 从 "0" 到 "1"
已添加的注册表键值:       (17)
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003\Software\Microsoft\Internet
Explorer\Recovery\Active\{0718592B-D887-11DF-9012-0012F0E2196E}="0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.\Shell\open\command\@=""Rundll32.exe"
"C:\WINDOWS\fsvr.lex" Resetrun"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\DisplayName="1.2.3.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\Inno Setup: App Path="C:\Program Files\huanbang123"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\Inno Setup: Icon Group="huanbang123"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\Inno Setup: Setup Version="5.2.3"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\Inno Setup: User="YongGuang"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\InstallDate="20101016"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\InstallLocation="C:\Program Files\huanbang123\"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\NoModify="1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\NoRepair="1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\QuietUninstallString=""C:\Program Files\huanbang123\unins000.exe"
/SILENT"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AFEA929-2893-4854-
8FD2-7CFF382A4377}_is1\UninstallString=""C:\Program Files\huanbang123\unins000.exe""
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session
Manager\PendingFileRenameOperations="69,21,7F,A5,81,F9,9D,87,96,14,EC,C9,EB,1B,B2,06"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\0="SW\{b7eafdc0-a680-11d0-96d8
-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\PendingFileRenameOperations="69,21,7F,A5,81,F9,9D,87,96,14,EC,C9,EB,1B,B2,06"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0="SW\{b7eafdc0-a680-11d0-
96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
已删除的注册表键值:       (136)
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\input.dll,-5091="中
文(简体) - 微软拼音输入法 3.0 版"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\PROGRA~1\MOVIEM~1\wmm2res.dll,-
61446="Windows Movie Maker"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\PROGRA~1\MSNGAM~1\Windows\bckgres.dll,
-1212="Internet 双陆棋"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\PROGRA~1\MSNGAM~1\Windows\chkrres.dll,
-1212="Internet 跳棋"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\PROGRA~1\MSNGAM~1\Windows\hrtzres.dll,
-1212="Internet 红心大战"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\PROGRA~1\MSNGAM~1\Windows\rvseres.dll,
-1212="Internet 翻转棋"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\PROGRA~1\MSNGAM~1\Windows\shvlres.dll,
-1212="Internet 黑桃王"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program Files\Internet
Explorer\iexplore.exe.mui,-702="Internet Explorer"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\ime\imkr6_1\imekrcic.dll,-
22="Korean Input System (IME 2002)"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\ime\sptip.dll,-600="语音识别"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\compatUI.dll,-115="程
序兼容性向导"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\comres.dll,-661="组件
服务"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\hnetwiz.dll,-3085="网
络安装向导"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\ieframe.dll.mui,-
10046="Internet 快捷方式"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\ieframe.dll.mui,-
12385="收藏夹栏"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\ieframe.dll.mui,-
880="Internet Explorer"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\mshearts.exe,-413="红
心大战"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\msxml3r.dll,-1="XML 文
档"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\mycomput.dll,-400="管
理(&G)"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1010="新
建连接向导"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1200="网
络连接"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\oobe\msoobe.exe,-
2000="激活 Windows"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\rcbdyctl.dll,-152="远
程协助 "
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\restore\rstrui.exe,-
2048="系统还原"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22913="显
示连接到此计算机的驱动器和硬件。"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-8503="搜
索(&E)..."
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-8964="回
收站"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-9216="我
的电脑"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-9217="网
上邻居"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-9227="我
的文档"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-9319="打
印机和传真"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\shimgvw.dll,-305="PNG
图像"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\spider.exe,-56="蜘蛛纸
牌"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\tourstart.exe,-1="漫游
Windows XP"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\usmt\migwiz.exe,-202="
文件和设置转移向导"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\xpsp1res.dll,-10077="
设定程序访问和默认值"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\xpsp2res.dll,-16201="
无线网络安装向导"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\xpsp2res.dll,-6103="安
全中心"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\zh-cn\MSTSCE~1.MUI,-
4000="远程桌面连接"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7020="搜索(&S)"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7021="帮助和支持(&H)"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7023="运行(&R)..."
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7024="Internet"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7025="电子邮件"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@PINTLGNT.IME,-61697="微软拼音输入法3.0版"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12691="我最近的文档"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21760="辅助工具"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21761="附件"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21762="管理工具"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21768="通讯"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21772="娱乐"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21773="游戏"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21785="共享文档"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21787="启动"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21788="系统工具"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22016="辅助功能向导"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22017="通讯簿"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22018="备份"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22019="计算器"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22021="字符映射表"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22022="命令提示符"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22023="计算机管理"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22025="数据源 (ODBC)"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22026="磁盘清理"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22027="磁盘碎片整理程序"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22029="事件查看器"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22030="空当接龙"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22031="超级终端"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22040="本地安全策略"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22041="放大镜"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22045="扫雷"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22051="记事本"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22052="屏幕键盘"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22054="画图"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22055="性能"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22057="三维弹球"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22058="任务计划"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22059="服务"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22060="纸牌"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22061="录音机"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22062="同步"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22063="系统信息"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22065="辅助工具管理器"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22066="音量控制"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22067="Windows 资源管理器"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22069="写字板"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22075="Windows Catalog"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31232="系统任务"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31233="文件和文件夹任务"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31236="创建一个新文件夹"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31242="重命名这个文件"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31244="移动这个文件"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31246="复制这个文件"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31248="将这个文件发布到 Web"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31252="删除这个文件"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31254="重命名这个文件夹"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31256="移动这个文件夹"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31258="复制这个文件夹"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31260="将这个文件夹发布到
Web"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31262="删除这个文件夹"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31272="其它位置"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31274="详细信息"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31292="搜索文件或文件夹"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31294="查看系统信息"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31312="更改一个设置"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31317="系统任务"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31321="隐藏此驱动器的内容"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31325="隐藏此文件夹的内容"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31327="添加/删除程序"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31370="以电子邮件形式发送此文
件"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31374="共享此文件夹"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31380="以电子邮件形式发送该文
件夹内的文件"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@xpsp1res.dll,-10077="设定程序访问和默认值"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@xpsp1res.dll,-11004="Outlook Express"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\@xpsp2res.dll,-6100="显示桌面"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\YongGuang\桌面
\zsetup.exe="Producer-05"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program
Files\CCBComponents\DMWZ\CCBCertificate.exe="CCBCertificate Microsoft 基础类应用程序"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program
Files\CCBComponents\HDZB\USBKeyTools.exe="华大智宝建行网银盾用户管理工具"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Common
Files\Kingsoft\kiscommon\kxetray.exe="KXEngine Security Center Tray manager"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Internet
Explorer\iexplore.exe="Internet Explorer"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program
Files\LuDaShi\uninst.exe="Producer-05"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Shadow
Defender\Defender.exe="Shadow Defender Application"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Shadow
Defender\DefenderDaemon.exe="Shadow Defender Daemon Application"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\System
Mechanic\SysMechanic.exe="System Mechanic"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Explorer.EXE="Windows Explorer"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\notepad.exe="记事本"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\ctfmon.exe="CTF Loader"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\WatchData\Watchdata CCB
CSP v3.2\WDCertM_CCB.exe="建行网银盾后台管理程序v3.2"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\Program Files\7-Zip\7zFM.exe="7-Zip File
Manager"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\Program Files\7-Zip\7zG.exe="7-Zip GUI"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\Program Files\Kingsoft\Kingsoft Personal
Firewall\kpfwtray.exe="Kingsoft Persenal Firewall Tray"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\Program Files\Kingsoft\Kingsoft Personal
Firewall\kservicemgr.exe="Kingsoft Service Manager"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\Program Files\KSafe\KSafe.exe="金山卫士
主程序"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\Program Files\KSafe\KSafeTray.exe="金山
卫士实时保护模块"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\Temp\~nsu.tmp\Au_.exe="Producer-05"
HKEY_USERS\S-1-5-21-602162358-329068152-1644491937-1003
\Software\Microsoft\Windows\ShellNoRoam\MUICache\LangID="04,08"

显示全部楼层 · 发表于 2010-10-16 10:25:07

有明显的恶意行为

显示全部楼层 · 发表于 2010-10-16 23:04:07

Trojan.Win32.StartPage.agdp

[可疑文件] setup x1

评分