ID:小伙黄二爷
邮箱:1342330676@qq.com
哎!不知不觉就逛到了这里,不错的地方。二话不说,整个账号。 以前写的东西,基本都发了,简单的做了个病毒的报告(附件为病毒)
。。望通过。。。
| 新添值 (1) 快照 B | | [HKEY_CURRENT_USER\Software\XPusher] | | "PeerId"="0023244A0E1DNJTE" | | | | 移除值 (2) 快照 A | | [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum] | | "0"="SW\\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\\{9B365890-165F-11D0-A195-0020AFD156E4}" | | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum] | | "0"="SW\\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\\{9B365890-165F-11D0-A195-0020AFD156E4}" | | | | 改变值 (9) 快照 A | | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG] | | "Seed"=hex:36,28,b4,4a,0f,69,87,40,e6,e5,66,d7,63,fc,64,0a,32,c0,a1,bd,dc,c6,\
56,97,d5,af,24,05,af,df,48,1f,63,fa,06,06,80,cf,fb,43,bf,de,a3,52,8a,9f,74,\
78,d9,9f,77,b8,fb,57,5a,ca,54,e5,a8,5b,5a,25,b5,c6,81,a4,3f,0d,67,9e,23,51,\
71,5a,c8,af,12,28,32,78 | | "Seed"=hex:84,5b,0c,a5,8f,1d,9b,5c,4f,d1,58,e6,08,53,49,4c,a2,1b,a3,c7,a6,d8,\
a8,ab,77,7a,b3,b3,b2,67,cf,b7,d3,68,31,88,b4,9f,27,84,d4,44,19,bd,5e,62,86,\
92,69,80,9a,94,10,7a,16,f2,f6,ab,92,b5,17,6e,98,da,98,20,21,d8,dc,0f,ac,ca,\
95,0e,1d,c5,55,e3,af,c0 | | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQLServer] | | "uptime_time_utc"=hex:52,02,2b,9b,0f,7a,cf,01 | | "uptime_time_utc"=hex:86,f7,07,90,11,7a,cf,01 | | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1409082233-515967899-1417001333-500] | | "RefCount"=dword:00000001 | | "RefCount"=dword:00000002 | | [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum] | | "Count"=dword:00000001 | | "Count"=dword:00000000 | | "NextInstance"=dword:00000001 | | "NextInstance"=dword:00000000 | | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum] | | "Count"=dword:00000001 | | "Count"=dword:00000000 | | "NextInstance"=dword:00000001 | | "NextInstance"=dword:00000000 | | [HKEY_CURRENT_USER\Software\Microsoft\Microsoft SQL Server\100\Tools\Shell\General] | | "OnRun"=dword:00000000 | | "OnRun"=dword:00000003 | | [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections] | | "SavedLegacySettings"=hex:46,00,00,00,5f,06,00,00,01,00,00,00,00,00,00,00,07,\
00,00,00,2a,2e,6c,6f,63,61,6c,00,00,00,00,00,00,00,00,1e,00,00,00,68,74,74,\
70,3a,2f,2f,32,31,38,2e,36,38,2e,32,35,30,2e,31,31,38,2f,77,70,61,64,2e,64,\
61,74,30,72,09,f5,64,c9,ca,01,01,00,00,00,c0,a8,01,99,00,00,00,00,00,00,00,\
00,00,00,00,00 | | "SavedLegacySettings"=hex:46,00,00,00,61,06,00,00,01,00,00,00,00,00,00,00,07,\
00,00,00,2a,2e,6c,6f,63,61,6c,00,00,00,00,00,00,00,00,1e,00,00,00,68,74,74,\
70,3a,2f,2f,32,31,38,2e,36,38,2e,32,35,30,2e,31,31,38,2f,77,70,61,64,2e,64,\
61,74,30,72,09,f5,64,c9,ca,01,01,00,00,00,c0,a8,01,99,00,00,00,00,00,00,00,\
00,00,00,00,00 | | |
删除文件:
| 删除文件 (1) | | C:\Documents and Settings\Administrator\桌面\[06]zz.ex.e | | 新添文件 (2) | | C:\Documents and Settings\Administrator\Application Data\Microsoft\Microsoft SQL Server\100\Tools\Shell\AutoRecoverDat\5688.dat | | C:\WINDOWS\ctfmon.exe | | 变化文件 (18) | | C:\Documents and Settings\Administrator\NTUSER.DAT.LOG | A: | 00000000 | 00000000000000000000000000000000 | -H-A-- | 2014-5-28 | 00:57:49 | 1024 | | B: | 00000000 | 00000000000000000000000000000000 | -H-A-- | 2014-5-28 | 01:03:17 | 1024 |
| | C:\Documents and Settings\Administrator\Application Data\Microsoft\Microsoft SQL Server\100\Tools\Shell\SqlStudio.bin | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:55:06 | 28708 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:03:20 | 28708 |
| | C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao\User Data\Local State | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:58:19 | 13579 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:04:54 | 13579 |
| | C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao\User Data\Default\Cookies | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:58:39 | 26624 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:05:14 | 26624 |
| | C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao\User Data\Default\Cookies-journal | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:58:39 | 12896 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:05:14 | 12896 |
| | C:\Program Files\Common Files\Thunder Network\ServicePlatform\stat.xml | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:57:51 | 8 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:11:21 | 8 |
| | C:\Program Files\kingsoft\kingsoft antivirus\log\kxescore.exe.log | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:55:05 | 154740 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:11:46 | 158172 |
| | C:\Program Files\kingsoft\kingsoft antivirus\security\kxescan\kfcfileinfo.che | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:57:46 | 3264 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:00:46 | 3320 |
| | C:\Program Files\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\6650b1fe_wfsexa0.dat | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:55:09 | 581632 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:00:29 | 581632 |
| | C:\Program Files\liebao\4.6.45.7369\log\update\refuse.ini | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:56:38 | 31 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:06:38 | 31 |
| | C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Log\FlightRecorderCurrent.trc | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:57:42 | 25082 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:57:42 | 229082 |
| | C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-27 | 23:57:25 | 58784 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:00:45 | 58984 |
| | C:\WINDOWS\Prefetch\KUPDATA.EXE-3179B4B0.pf | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:30:34 | 63330 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:00:35 | 59308 |
| | C:\WINDOWS\system32\samservice.log | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:57:23 | 216985 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:11:03 | 220757 |
| | C:\WINDOWS\system32\config\SOFTWARE.LOG | A: | 00000000 | 00000000000000000000000000000000 | -H-A-- | 2014-5-28 | 00:57:11 | 1024 | | B: | 00000000 | 00000000000000000000000000000000 | -H-A-- | 2014-5-28 | 01:11:11 | 1024 |
| | C:\WINDOWS\system32\wbem\Logs\wbemcore.log | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:55:37 | 46998 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:03:12 | 47180 |
| | C:\WINDOWS\system32\wbem\Logs\wmiprov.log | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:55:05 | 8637 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:02:14 | 8712 |
| | C:\WINDOWS\Temp\vmware-SYSTEM\vmware-usbarb-2428.log | A: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 00:55:05 | 29870 | | B: | 00000000 | 00000000000000000000000000000000 | ---A-- | 2014-5-28 | 01:11:06 | 33950 |
|
|
吾爱游客
发表于 2015-6-18 18:15
