申请会员ID
ID:小伙黄二爷邮箱:1342330676@qq.com
哎!不知不觉就逛到了这里,不错的地方。二话不说,整个账号。 以前写的东西,基本都发了,简单的做了个病毒的报告(附件为病毒)
。。望通过。。。
新添值 (1) 快照 B
"PeerId"="0023244A0E1DNJTE"
移除值 (2) 快照A
"0"="SW\\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\\{9B365890-165F-11D0-A195-0020AFD156E4}"
"0"="SW\\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\\{9B365890-165F-11D0-A195-0020AFD156E4}"
改变值 (9) 快照A
"Seed"=hex:36,28,b4,4a,0f,69,87,40,e6,e5,66,d7,63,fc,64,0a,32,c0,a1,bd,dc,c6,\
56,97,d5,af,24,05,af,df,48,1f,63,fa,06,06,80,cf,fb,43,bf,de,a3,52,8a,9f,74,\
78,d9,9f,77,b8,fb,57,5a,ca,54,e5,a8,5b,5a,25,b5,c6,81,a4,3f,0d,67,9e,23,51,\
71,5a,c8,af,12,28,32,78
"Seed"=hex:84,5b,0c,a5,8f,1d,9b,5c,4f,d1,58,e6,08,53,49,4c,a2,1b,a3,c7,a6,d8,\
a8,ab,77,7a,b3,b3,b2,67,cf,b7,d3,68,31,88,b4,9f,27,84,d4,44,19,bd,5e,62,86,\
92,69,80,9a,94,10,7a,16,f2,f6,ab,92,b5,17,6e,98,da,98,20,21,d8,dc,0f,ac,ca,\
95,0e,1d,c5,55,e3,af,c0
"uptime_time_utc"=hex:52,02,2b,9b,0f,7a,cf,01
"uptime_time_utc"=hex:86,f7,07,90,11,7a,cf,01
"RefCount"=dword:00000001
"RefCount"=dword:00000002
"Count"=dword:00000001
"Count"=dword:00000000
"NextInstance"=dword:00000001
"NextInstance"=dword:00000000
"Count"=dword:00000001
"Count"=dword:00000000
"NextInstance"=dword:00000001
"NextInstance"=dword:00000000
"OnRun"=dword:00000000
"OnRun"=dword:00000003
"SavedLegacySettings"=hex:46,00,00,00,5f,06,00,00,01,00,00,00,00,00,00,00,07,\
00,00,00,2a,2e,6c,6f,63,61,6c,00,00,00,00,00,00,00,00,1e,00,00,00,68,74,74,\
70,3a,2f,2f,32,31,38,2e,36,38,2e,32,35,30,2e,31,31,38,2f,77,70,61,64,2e,64,\
61,74,30,72,09,f5,64,c9,ca,01,01,00,00,00,c0,a8,01,99,00,00,00,00,00,00,00,\
00,00,00,00,00
"SavedLegacySettings"=hex:46,00,00,00,61,06,00,00,01,00,00,00,00,00,00,00,07,\
00,00,00,2a,2e,6c,6f,63,61,6c,00,00,00,00,00,00,00,00,1e,00,00,00,68,74,74,\
70,3a,2f,2f,32,31,38,2e,36,38,2e,32,35,30,2e,31,31,38,2f,77,70,61,64,2e,64,\
61,74,30,72,09,f5,64,c9,ca,01,01,00,00,00,c0,a8,01,99,00,00,00,00,00,00,00,\
00,00,00,00,00
删除文件:
删除文件 (1)
C:\Documents and Settings\Administrator\桌面\zz.ex.e
新添文件 (2)
C:\Documents and Settings\Administrator\Application Data\Microsoft\Microsoft SQL Server\100\Tools\Shell\AutoRecoverDat\5688.dat
C:\WINDOWS\ctfmon.exe
变化文件 (18)
C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
A: 00000000 00000000000000000000000000000000 -H-A-- 2014-5-28 00:57:49 1024
B: 00000000 00000000000000000000000000000000 -H-A-- 2014-5-28 01:03:17 1024
C:\Documents and Settings\Administrator\Application Data\Microsoft\Microsoft SQL Server\100\Tools\Shell\SqlStudio.bin
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:55:06 28708
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:03:20 28708
C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao\User Data\Local State
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:58:19 13579
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:04:54 13579
C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao\User Data\Default\Cookies
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:58:39 26624
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:05:14 26624
C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao\User Data\Default\Cookies-journal
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:58:39 12896
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:05:14 12896
C:\Program Files\Common Files\Thunder Network\ServicePlatform\stat.xml
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:57:51 8
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:11:21 8
C:\Program Files\kingsoft\kingsoft antivirus\log\kxescore.exe.log
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:55:05 154740
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:11:46 158172
C:\Program Files\kingsoft\kingsoft antivirus\security\kxescan\kfcfileinfo.che
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:57:46 3264
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:00:46 3320
C:\Program Files\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\6650b1fe_wfsexa0.dat
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:55:09 581632
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:00:29 581632
C:\Program Files\liebao\4.6.45.7369\log\update\refuse.ini
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:56:38 31
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:06:38 31
C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Log\FlightRecorderCurrent.trc
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:57:42 25082
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:57:42 229082
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-27 23:57:25 58784
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:00:45 58984
C:\WINDOWS\Prefetch\KUPDATA.EXE-3179B4B0.pf
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:30:34 63330
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:00:35 59308
C:\WINDOWS\system32\samservice.log
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:57:23 216985
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:11:03 220757
C:\WINDOWS\system32\config\SOFTWARE.LOG
A: 00000000 00000000000000000000000000000000 -H-A-- 2014-5-28 00:57:11 1024
B: 00000000 00000000000000000000000000000000 -H-A-- 2014-5-28 01:11:11 1024
C:\WINDOWS\system32\wbem\Logs\wbemcore.log
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:55:37 46998
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:03:12 47180
C:\WINDOWS\system32\wbem\Logs\wmiprov.log
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:55:05 8637
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:02:14 8712
C:\WINDOWS\Temp\vmware-SYSTEM\vmware-usbarb-2428.log
A: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 00:55:05 29870
B: 00000000 00000000000000000000000000000000 ---A-- 2014-5-28 01:11:06 33950
咋做出来的报告,怎么感觉是种主动防御软件生成的日志了?
页:
[1]