每日游戏更新自助找回邀请码自助增加积分
开启辅助访问 切换到宽版

蓝色动力网络

 找回密码
 立即注册

扫一扫,访问微社区

QQ登录

只需一步,快速开始

蓝色动力网络»网吧论坛 技术交流 系统技术 每台机器用360机器狗专杀查出 PopularMalware 恶性干扰 ...
返回列表 发新帖
查看: 2600|回复: 1

[原创] 每台机器用360机器狗专杀查出 PopularMalware 恶性干扰对象

[复制链接]
发表于 2009-4-2 00:27:34 | 显示全部楼层 |阅读模式
每台机器用360机器狗专杀查出 PopularMalware 恶性干扰对象 - 死性不改's Blog~
http://www.clxp.net.cn/article.asp?id=1406
本店用的是信佑铁克虚拟盘+东方网点记费系统。用360机器狗专杀查出有PopularMalware 恶性干扰对象

经过检查发现,是360误报信佑铁克虚拟盘和东方网点记费系统保护程序。


程序代码
日期时间:2008/7/31 18:01:03  ,  2008/7/31 18:01:21
计算机名:C036 , C036
使用者名: ,

----------------------------------
删除键:6
----------------------------------
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\Enum

----------------------------------
增加键:6
----------------------------------
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000\Control

----------------------------------
删除值:23
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updater: "D:\Soft\Updater\updater.exe"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\Enum\0: "Root\LEGACY_GUARDER\0000"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\Type: 0x00000010
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\Start: 0x00000003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\ErrorControl: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\ImagePath: "C:\WINDOWS\system32\wbem\svchost.exe"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\DisplayName: "Guarder"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\ObjectName: "LocalSystem"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Guarder\Description: "EastdaybarGuarderService"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\Enum\0: "Root\LEGACY_GUARDER\0000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\Type: 0x00000010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\Start: 0x00000003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\ErrorControl: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\ImagePath: "C:\WINDOWS\system32\wbem\svchost.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\DisplayName: "Guarder"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\ObjectName: "LocalSystem"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Guarder\Description: "EastdaybarGuarderService"

----------------------------------
增加值:19
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ak360Kill_r: ""C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LRZPZKOE\SuperKiller[1].exe" -checksafe"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000\Control\*NewlyCreated*: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000\Control\ActiveService: "TorjanFW"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000\Service: "TorjanFW"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000\Legacy: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000\ConfigFlags: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000\Class: "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\0000\DeviceDesc: "TorjanFW"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TORJANFW\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000\Control\*NewlyCreated*: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000\Control\ActiveService: "TorjanFW"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000\Service: "TorjanFW"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000\Legacy: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000\ConfigFlags: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000\Class: "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\0000\DeviceDesc: "TorjanFW"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TORJANFW\NextInstance: 0x00000001
程序, 服务器, 技术, 软件, 网吧, 网络, 系统, DOS, VIP, 服务器, 广告, 绿茶, 论坛, 诺德尔, 网吧, 网络, 系统, 电脑, 服务器, 破解, 软件, 网吧, 网络, 系统, 3389, DOS, FTP, 绿茶, 密码, 网吧, Windows, 程序, 电脑, 破解, 软件, 网络

相关帖子
回复

使用道具 举报

发表于 2009-4-2 09:17:08 | 显示全部楼层
学习下,谢谢LZ
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

蓝色动力网络微信平台
网站管理,业务合作联系邮箱: admin#lansedongli.com    QQ:13412492 限网站业务问题.
网站帐号、密码、密保找回请使用注册邮箱,发送邮件至 password#lansedongli.com ,否则不予受理.
免责声明:本论坛所有文字和图片仅代表其个人观点.
本站某些资料或文章来自于互联网,不代表本站观点,如果侵犯了您的权益,请来信告知,我们会在三天内删除.
为了给大家一个更好的交流场所,请勿在本论坛发表与中华人民共和国法律相抵触的言论,请合作,谢谢!
Copyright © 2007-2019 Corporation Powered by网吧系统 版权所有    转载请注明!
浙ICP备11043737号 程序:Discuz! x3.4

湘公网安备 43018102000145号

手机版|Archiver|蓝色动力网络   

快速回复 返回顶部 返回列表