1   1  /  1  页   跳转

JIU

收藏
吴钩关山
头像
初生襁褓狮
  • 帖子:1
  • 注册: 2007-07-28
  • 来自:
发表于: 2007-07-29 19:13 | 只看楼主 短消息 资料
字号: 1楼

JIU

jiujiuwodediannao

附件附件:

下载次数:136
文件类型:application/octet-stream
文件大小:
上传时间:2007-7-29 19:13:53
描述:

最后编辑2007-07-29 19:31:42
分享到:
gototop
 
过客2007
头像
版主
  • 帖子:16652
  • 注册: 2006-10-18
  • 来自:¤懒神↗之家£
年度优秀版主奖一帮一小组成员
发表于: 2007-07-29 19:41 | 短消息 资料
字号: 2楼

+HKLM\System\CurrentControlSet\Services
F6BDD3C5
[A]1.c:\windows\system32\f3e65a27.exe

X?0, X?1, X?2,
hchp
[AM]2.c:\programfiles\cxck\mhmu.dll
AdDm
.text,.rdata,.data,.idata,.didat,.rsrc,.reloc,
RedGdirl
[A]6.c:\windows\system32\redgirdl.exe

IExplorer
.text,.rdata,.data,.rsrc,
+HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{389D55CA-DBAE-4C24-AF3B-CB9E2817195A}
[AM]46.c:\documentsandsettings\administrator\localsettings\temp\~i7prugi1vac.dll{13B917A7-1B88-1F74-235E-27442B2F2F16}
[AM]47.c:\windows\system32\wmsjxx1qso.dll

{713AF41A-21B1-131B-1BFC-D2A90DF4A2B7}
[AM]48.c:\windows\system32\xyfpri.dll

{13BA17A7-1B88-1F74-235E-27442B2F2F16}
[AM]49.c:\windows\system32\118568592352qso.dll{212BC423-3713-224D-3F55-32B35C62B112}
[AM]50.c:\windows\system32\tlmpri.dll
{26368135-64FA-BC34-DA32-DCF4FD431C92}
[AM]51.c:\windows\system32\qhbpri.dll
{559AFD5B-159F-ACD8-954C-ACD545FA6585}
[AM]52.c:\windows\system32\jzepri.dll
{0EA66AD2-CF26-2E23-532B-B292E22F3266}
[AM]53.c:\programfiles\internetexplorer\plugins\newtemp.dll
{B1351752-5628-1547-FFAB-BADC13512AFB}
[AM]54.c:\windows\system32\ztkpri.dll
{2F12545B-1212-1314-5679-4512ACEF8902}
[AM]55.c:\windows\system32\wdbpri.dll
{22311A42-AC1B-158F-FD32-5674345F23A2}
[AM]56.c:\windows\system32\dhbpri.dll
{5A65498A-7653-9801-1647-987114AB7F45}
[AM]57.c:\windows\system32\zxepri.dll
{1182C1EB-375C-573D-1F5E-234552345211}
[AM]58.c:\windows\system32\wldpri.dll
{425AB2F3-234A-7469-2F43-E341713ABFA4}
[AM]59.c:\windows\system32\wgdpri.dll
{40117B96-998D-4D80-8F89-5E9DBD9F3460}
[AM]60.c:\programfiles\internetexplorer\plugins\syswin64.sys
{2FFAB213-ABCF-F421-FBA1-3FA352343212}
[AM]61.c:\windows\system32\wsbpri.dll
{014A26F5-FBAD-4549-9CA1-C38210704BD1}
[AM]62.c:\programfiles\commonfiles\microsoftshared\msinfo\system16.ins
{3562452F-FA36-BA4F-892A-FF5FBBAC5313}
[AM]63.c:\windows\system32\mycpri.dll
{252D2432-37A2-324F-2A54-21BF5CF2F1A2}
[AM]64.c:\windows\system32\jhapri.dll
{13B917A7-1B88-1F74-235E-27442B2F2F16}
[AM]47.c:\windows\system32\wmsjxx1qso.dll

{713AF41A-21B1-131B-1BFC-D2A90DF4A2B7}
[AM]48.c:\windows\system32\xyfpri.dll
{13BA17A7-1B88-1F74-235E-27442B2F2F16}
[AM]49.c:\windows\system32\118568592352qso.dll
{212BC423-3713-224D-3F55-32B35C62B112}
[AM]50.c:\windows\system32\tlmpri.dll
{26368135-64FA-BC34-DA32-DCF4FD431C92}
[AM]51.c:\windows\system32\qhbpri.dll
{559AFD5B-159F-ACD8-954C-ACD545FA6585}
[AM]52.c:\windows\system32\jzepri.dll
{0EA66AD2-CF26-2E23-532B-B292E22F3266}
[AM]53.c:\programfiles\internetexplorer\plugins\newtemp.dll
{B1351752-5628-1547-FFAB-BADC13512AFB}
[AM]54.c:\windows\system32\ztkpri.dll
{2F12545B-1212-1314-5679-4512ACEF8902}
[AM]55.c:\windows\system32\wdbpri.dll
{22311A42-AC1B-158F-FD32-5674345F23A2}
[AM]56.c:\windows\system32\dhbpri.dll
{5A65498A-7653-9801-1647-987114AB7F45}
[AM]57.c:\windows\system32\zxepri.dll
{1182C1EB-375C-573D-1F5E-234552345211}
[AM]58.c:\windows\system32\wldpri.dll
{425AB2F3-234A-7469-2F43-E341713ABFA4}
[AM]59.c:\windows\system32\wgdpri.dll
{40117B96-998D-4D80-8F89-5E9DBD9F3460}
[AM]60.c:\programfiles\internetexplorer\plugins\syswin64.sys
{2FFAB213-ABCF-F421-FBA1-3FA352343212}
[AM]61.c:\windows\system32\wsbpri.dll
{014A26F5-FBAD-4549-9CA1-C38210704BD1}
[AM]62.c:\programfiles\commonfiles\microsoftshared\msinfo\system16.ins
{3562452F-FA36-BA4F-892A-FF5FBBAC5313}
[AM]63.c:\windows\system32\mycpri.dll
{252D2432-37A2-324F-2A54-21BF5CF2F1A2}
[AM]64.c:\windows\system32\jhapri.dll

mppds
[A]74.c:\windows\mppds.exe
.text,.rdata,.data,.rsrc,MicrosoftAutorun7
[A]75.c:\windows\system32\nwizqjsj.exe
TIMHost
[A]76.c:\windows\timhost.exe
.text,.rdata,.data,.rsrc,wosa
[A]77.c:\documentsandsettings\administrator\localsettings\temp\woso.exe

[A]78.c:\documentsandsettings\administrator\localsettings\temp\rxso.exe

[A]79.c:\documentsandsettings\administrator\localsettings\temp\qjso.exe

[A]80.c:\documentsandsettings\administrator\localsettings\temp\tlso.exe
.text,.rsrc,RAV0095
[A]81.c:\windows\system32\rav0095.exe
VL橸谚 ?_Y??G ,QV?褤瑒,RAV00A0
[A]82.c:\windows\system32\rav00a0.exe
VL橸谚 ?_Y??G ,QV?褤瑒,RAV00AE
[A]83.c:\windows\system32\rav00ae.exe
VL橸谚 ?_Y??G ,QV?褤瑒,RAV008C
[A]84.c:\windows\system32\rav008c.exe
VL橸谚 ?_Y??G ,QV?褤瑒,RAV009B
[A]85.c:\windows\system32\rav009b.exe
VL橸谚 ?_Y??G ,QV?褤瑒,RAV00B2
[A]86.c:\windows\system32\rav00b2.exe
VL橸谚 ?_Y??G ,QV?褤瑒,RAV00CF
[A]87.c:\windows\system32\rav00cf.exe
VL橸谚 ?_Y??G ,QV?褤瑒,RAV0138
[A]88.c:\windows\system32\rav0138.exe
VL橸谚 ?_Y??G ,QV?褤瑒,

+HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
visin
[A]90.c:\windows\system32\visin.exe

MicrosoftWisinControl
,,,twin
[A]91.c:\windows\system32\ctfnom.exe

MicrosoftTwinControl
.Upack,.rsrc,
入口点在最后一个节;文件名和"ctfmon.exe"类似;

+其他自启动项目
+c:\autorun.inf
open
[A]97.c:\pegefile.pif
shellexecute
[A]97.c:\pegefile.pif
shell\Auto\command
[A]97.c:\pegefile.pif

+d:\autorun.inf
open
[A]98.d:\pegefile.pif
shellexecute
[A]98.d:\pegefile.pif
shell\Auto\command
[A]98.d:\pegefile.pif

+e:\autorun.inf
open
[A]99.e:\pegefile.pif
shellexecute
[A]99.e:\pegefile.pif
shell\Auto\command
[A]99.e:\pegefile.pif

+f:\autorun.inf
open
[A]100.f:\pegefile.pif
shellexecute
[A]100.f:\pegefile.pif
shell\Auto\command
[A]100.f:\pegefile.pif

00A20000[00018000]
[AM]49.c:\windows\system32\118568592352qso.dll
08A30000[00017000]
[AM]47.c:\windows\system32\wmsjxx1qso.dll
08A60000[00011000]
[AM]60.c:\programfiles\internetexplorer\plugins\syswin64.sys
08A80000[00018000]
[M]102.c:\programfiles\cxck\pkpx.dll
stdstubModule
.text,.rdata,.data,.Shared,.rsrc,.reloc,08AA0000[0001B000]
[M]103.c:\programfiles\cxck\upuc.dll

08E00000[0000C000]
[AM]46.c:\documentsandsettings\administrator\localsettings\temp\~i7prugi1vac.dll01100000[00018000]
[AM]49.c:\windows\system32\118568592352qso.dll091C0000[00018000]
[M]102.c:\programfiles\cxck\pkpx.dll
stdstubModule
.text,.rdata,.data,.Shared,.rsrc,.reloc,091E0000[0001B000]
[M]103.c:\programfiles\cxck\upuc.dll

08A30000[00017000]
[AM]47.c:\windows\system32\wmsjxx1qso.dll15000000[00011000]
[M]110.c:\windows\system32\rav00b2.dat
.Upack,.rsrc,
入口点在最后一个节;08F10000[00010000]
[M]111.c:\windows\system32\rav009b.dat
.Upack,.rsrc,
入口点在最后一个节;08F30000[00011000]
[M]112.c:\windows\system32\rav00ae.dat
.Upack,.rsrc,
入口点在最后一个节;08F50000[00011000]
[M]113.c:\windows\system32\rav00a0.dat
.Upack,.rsrc,
入口点在最后一个节;08F70000[00010000]
[M]114.c:\windows\system32\rav0095.dat
.Upack,.rsrc,
入口点在最后一个节;

10000000[0000D000]
[M]116.c:\windows\system32\6bda63c7.dll

.text,.rdata,.data,.rsrc,.reloc,
+00000288(648)iexplore.exe
009E0000[0000A000]
[AM]63.c:\windows\system32\mycpri.dll
10000000[002EE000]
[M]117.c:\windows\system32\redgirdl.dat
,,,.rsrc,,,
入口点在最后一个节;
gototop
 
过客2007
头像
版主
  • 帖子:16652
  • 注册: 2006-10-18
  • 来自:¤懒神↗之家£
年度优秀版主奖一帮一小组成员
发表于: 2007-07-29 19:41 | 短消息 资料
字号: 3楼

50E60000[0000C000]
[M]118.c:\windows\system32\wups2.dll

WindowsUpdateclientproxystub2
.text,.orpc,.data,.rsrc,.reloc,

+000003ec(1004)arp.exe
00400000[0001A000]
[M]119.c:\documentsandsettings\administrator\localsettings\temp\arp.exe
CODE,DATA,BSS,.idata,.tls,.rdata,.reloc,.rsrc,

003C0000[00010000]
[M]120.c:\programfiles\commonfiles\microsoftshared\msinfo\440dfb35.dll
00DB0000[00012000]
[AM]48.c:\windows\system32\xyfpri.dll10000000[0000D000]
[M]116.c:\windows\system32\6bda63c7.dll

.text,.rdata,.data,.rsrc,.reloc,

01870000[0000A000]
[AM]63.c:\windows\system32\mycpri.dll021C0000[00008000]
[M]121.c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,

02320000[00006000]
[M]122.c:\documentsandsettings\administrator\localsettings\temp\woso0.dll
.text,sdata,.reloc,02710000[00006000]
[M]124.c:\documentsandsettings\administrator\localsettings\temp\qjso0.dll
.text,sdata,.reloc,02690000[00005000]
[M]125.c:\documentsandsettings\administrator\localsettings\temp\tlso0.dll
.text,sdata,.reloc,

02820000[00011000]
[M]112.c:\windows\system32\rav00ae.dat
.Upack,.rsrc,
入口点在最后一个节;028B0000[00010000]
[M]111.c:\windows\system32\rav009b.dat
.Upack,.rsrc,
入口点在最后一个节;02850000[00010000]
[M]127.c:\windows\system32\rav008c.dat
.Upack,.rsrc,
入口点在最后一个节;02880000[00011000]
[M]110.c:\windows\system32\rav00b2.dat
.Upack,.rsrc,
入口点在最后一个节;02870000[00010000]
[M]128.c:\windows\system32\rav00cf.dat
.Upack,.rsrc,
入口点在最后一个节;00B00000[00010000]
[M]129.c:\windows\system32\rav0138.dat
.Upack,.rsrc,
入口点在最后一个节;00B90000[00006000]
[M]130.c:\windows\system32\nwizqjsj.dll
.text,.reloc,
00F10000[00018000]
[AM]49.c:\windows\system32\118568592352qso.dll
00F40000[00017000]
[AM]47.c:\windows\system32\wmsjxx1qso.dll
00F70000[00018000]
[M]102.c:\programfiles\cxck\pkpx.dll
stdstubModule
.text,.rdata,.data,.Shared,.rsrc,.reloc,00EE0000[00005000]
[M]125.c:\documentsandsettings\administrator\localsettings\temp\tlso0.dll
.text,sdata,.reloc,00EF0000[00006000]
[M]124.c:\documentsandsettings\administrator\localsettings\temp\qjso0.dll
.text,sdata,.reloc,011D0000[00005000]
[M]123.c:\documentsandsettings\administrator\localsettings\temp\rxso0.dll
.text,sdata,.reloc,011E0000[00006000]
[M]122.c:\documentsandsettings\administrator\localsettings\temp\woso0.dll
.text,sdata,.reloc,011F0000[00008000]
[M]121.c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,01200000[0000A000]
[AM]64.c:\windows\system32\jhapri.dll
01210000[0000A000]
[AM]63.c:\windows\system32\mycpri.dll
01220000[0000A000]
[AM]61.c:\windows\system32\wsbpri.dll
01230000[0000A000]
[AM]59.c:\windows\system32\wgdpri.dll
01240000[0000A000]
[AM]58.c:\windows\system32\wldpri.dll
01250000[0000A000]
[AM]57.c:\windows\system32\zxepri.dll
01260000[0000A000]
[AM]56.c:\windows\system32\dhbpri.dll
01270000[0000A000]
[AM]55.c:\windows\system32\wdbpri.dll
01280000[0000B000]
[AM]54.c:\windows\system32\ztkpri.dll
01290000[0000A000]
[AM]52.c:\windows\system32\jzepri.dll
012A0000[0000A000]
[AM]51.c:\windows\system32\qhbpri.dll
012B0000[00012000]
[AM]48.c:\windows\system32\xyfpri.dll
093B0000[0000A000]
[AM]50.c:\windows\system32\tlmpri.dll

+000006c4(1732)svchost.exe
003C0000[0000A000]
[AM]51.c:\windows\system32\qhbpri.dll
10000000[00062000]
[AM]2.c:\programfiles\cxck\mhmu.dll

AdDm
.text,.rdata,.data,.idata,.didat,.rsrc,.reloc,

00A70000[00018000]
[M]102.c:\programfiles\cxck\pkpx.dll
stdstubModule
.text,.rdata,.data,.Shared,.rsrc,.reloc,00E00000[0001B000]
[M]103.c:\programfiles\cxck\upuc.dll

stdplay
.text,.rdata,.data,.rsrc,.reloc,00E20000[0001E000]
[M]143.c:\programfiles\cxck\rmrz.dll

stdvote
.text,.rdata,.data,.rsrc,.reloc,00E70000[00031000]
[M]144.c:\programfiles\cxck\idiq.dll
navseg
.text,.rdata,.data,.rsrc,.reloc,

003D0000[0000A000]
[AM]61.c:\windows\system32\wsbpri.dll00A90000[0001B000]
[M]103.c:\programfiles\cxck\upuc.dll

stdplay
.text,.rdata,.data,.rsrc,.reloc,

[AM]48.c:\windows\system32\xyfpri.dll008F0000[00017000]
[AM]47.c:\windows\system32\wmsjxx1qso.dll00FE0000[00005000]
[M]125.c:\documentsandsettings\administrator\localsettings\temp\tlso0.dll
.text,sdata,.reloc,00FF0000[00006000]
[M]124.c:\documentsandsettings\administrator\localsettings\temp\qjso0.dll
.text,sdata,.reloc,09540000[00005000]
[M]123.c:\documentsandsettings\administrator\localsettings\temp\rxso0.dll
.text,sdata,.reloc,09550000[00006000]
[M]122.c:\documentsandsettings\administrator\localsettings\temp\woso0.dll
.text,sdata,.reloc,09560000[00008000]
[M]121.c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,09570000[0000A000]
[AM]64.c:\windows\system32\jhapri.dll
096C0000[0000A000]
[AM]63.c:\windows\system32\mycpri.dll
096D0000[0000A000]
[AM]61.c:\windows\system32\wsbpri.dll
096E0000[0000A000]
[AM]59.c:\windows\system32\wgdpri.dll
096F0000[0000A000]
[AM]58.c:\windows\system32\wldpri.dll
09700000[0000A000]
[AM]57.c:\windows\system32\zxepri.dll
09710000[0000A000]
[AM]56.c:\windows\system32\dhbpri.dll
09720000[0000A000]
[AM]55.c:\windows\system32\wdbpri.dll
09730000[0000B000]
[AM]54.c:\windows\system32\ztkpri.dll
09740000[0000A000]
[AM]52.c:\windows\system32\jzepri.dll
09750000[0000A000]
[AM]51.c:\windows\system32\qhbpri.dll
09760000[0000A000]
[AM]50.c:\windows\system32\tlmpri.dll[M]118.c:\windows\system32\wups2.dll

09730000[00008000]
[M]121.c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,09740000[0000A000]
[AM]64.c:\windows\system32\jhapri.dll
09750000[0000A000]
[AM]63.c:\windows\system32\mycpri.dll
09760000[0000A000]
[AM]61.c:\windows\system32\wsbpri.dll
09770000[0000A000]
[AM]59.c:\windows\system32\wgdpri.dll
09780000[0000A000]
[AM]58.c:\windows\system32\wldpri.dll
09790000[0000A000]
[AM]57.c:\windows\system32\zxepri.dll
097A0000[0000A000]
[AM]56.c:\windows\system32\dhbpri.dll
097B0000[0000A000]
[AM]55.c:\windows\system32\wdbpri.dll
097C0000[0000B000]
[AM]54.c:\windows\system32\ztkpri.dll
097E0000[0000A000]
[AM]52.c:\windows\system32\jzepri.dll
097F0000[0000A000]
[AM]51.c:\windows\system32\qhbpri.dll
09800000[00012000]
[AM]48.c:\windows\system32\xyfpri.dll

0AB20000[0000D000]
[AM]53.c:\programfiles\internetexplorer\plugins\newtemp.dll
gototop
 
过客2007
头像
版主
  • 帖子:16652
  • 注册: 2006-10-18
  • 来自:¤懒神↗之家£
年度优秀版主奖一帮一小组成员
发表于: 2007-07-29 19:42 | 短消息 资料
字号: 4楼

上报这些文件给瑞星:http://up.rising.com.cn/webmail/uploadnew.htm

因为文件数量比较巨大,所以提供一些技巧、方法:
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT