发表于: 2006-05-28 15:38 | 显示全部 短消息 资料
字号: 1楼

这是病毒吗??

MS-4011 Exploit系统漏洞名称
Blaster Rpc Exploit系统漏洞名称
REGISTRY RECORD

---------------------------------------------------


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
TkBellExe          "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
helper.dll          C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
CnsMin          Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
assistse          "C:\PROGRA~1\3721\assistse.exe"
snpstd          C:\WINDOWS\vsnpstd.exe
C-Media Mixer          Mixer.exe /startup
SysExplr          C:\Herosoft\HeroV8\SysExplr.EXE
Thunder          D:\迅雷\Thunder.exe /s
RavTask          "D:\诺盾\Rising\Rav\RavTask.exe" -system

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Current operation system is no this registory path


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
Current operation system is no this registory path


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CLASSES_ROOT\Exefile\shell\open\command
Default          "%1" %*

HKEY_CLASSES_ROOT\Txtfile\shell\open\command
Default          %SystemRoot%\system32\NOTEPAD.EXE %1

---------------------------------------------------

WIN.INI

---------------------------------------------------


AppInit_DLLs=
Beep=yes
BorderWidth=0
CoolSwitch=1
CursorBlinkRate=530
DefaultSeparateVDM=no
DeviceNotSelectedTimeout=15
DoubleClickHeight=4
DoubleClickSpeed=500
DoubleClickWidth=4
DragFullWindows=1
InitialKeyboardIndicators=2
KeyboardDelay=1
KeyboardSpeed=31
LowPowerActive=0
LowPowerTimeOut=0
MouseSpeed=1
MouseThreshold1=6
MouseThreshold2=10
PowerOffActive=0
PowerOffTimeOut=0
ScreenSaveActive=1
ScreenSaveTimeOut=599940
SnapToDefaultButton=0
Spooler=yes
swapdisk=
SwapMouseButtons=0
TransmissionRetryTimeout=90
DebugOptions=2048
Documents=
DosPrint=no
load=
NetMessage=no
NullPort=None
Programs=com exe bat pif cmd
---------------------------------------------------

SYSTEM.INI

---------------------------------------------------


ScreenSaverIsSecure=0
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
Shell=Explorer.exe
comm.drv=comm.drv
display.drv=vga.drv
drivers=mmsystem.dll
fixedfon.fon=vgafix.fon
fonts.fon=vgasys.fon
keyboard.drv=keyboard.drv
language.dll=
mouse.drv=mouse.drv
network.drv=wfwnet.drv
oemfonts.fon=vgaoem.fon
shell=Explorer.exe
sound.drv=sound.drv
system.drv=system.drv
---------------------------------------------------

WININIT.BAK

---------------------------------------------------


---------------------------------------------------

AUTOEXEC.BAT

---------------------------------------------------



---------------------------------------------------

WININIT.BAT

---------------------------------------------------



最后编辑2006-05-28 15:56:22