首页 | 最新病毒 | 反病毒学院 | qq病毒专杀 | arp病毒 | MSN病毒 | auto病毒专杀 | U盘病毒 | downloader病毒 | 木马查杀 | 计算机病毒 | 最新漏洞   
您的位置: 首页 >> 反病毒学院 >> 阅读资讯:(技巧)瘫痪JAVQHC 分析

(技巧)瘫痪JAVQHC 分析

[ 作者:byxxdrls | 更新日期:2008-8-13 08:32:05 | 阅读次数: ]
以前JAVQHC一般是单兵作战,用修改过的sreng2只要扫描出进程中的病毒文件,即可解决问题。但现在其它病毒把JAVQHC作为工具,并且加强了它的功能,JAVQHC在中毒机中似乎不止一个启动项,其中一个是活动的,其余是是备用的(这只是一种猜测),因而造成系统需反复清理方能解决问题。因此,让sreng2扫描出启动项成了摆在面前的急需解决的问题。我想了很多方法,但因水平有限,有些不能实现。现在提供一个可行的方法(我们可以建立两个批处理及两个ini文件,方便求助者操作):
1、编辑一个regini.ini文件,内容如下:

QUOTE:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad []

2、在命令提示符下输入: regini X:\regini.ini
3、重新启动电脑(关机时可能会蓝屏,应该是病毒读写注册表失败所致),重启后JAVQHC不能加载。我们再编辑一下regini.ini文件,并且重复第二步:

QUOTE:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad [1 7 17]

4、运行sreng2,即可扫描出比较完整的报告。JAVQHC的加载项一览无余。报告如下:

QUOTE:
2008-08-04,14:29:55
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <VMUserServices><C:\Program Files\Virtual Machine Additions\vmusrvc.exe>  [(Verified)Microsoft Corporation]
    <HBmhly><"C:\WINDOWS\system32\HBmhly.exe" -r>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><zsqf.dll,ytfa.dll,ytfb.dll,ytfc.dll businesn.dll wcnonpe.dll tiplict.dll esceps.dll manleu.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <{00180018-0018-0018-0018-00180018BB15}><C:\WINDOWS\system32\mstimewd.dll>  []
    <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll>  []
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll>  []
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  []
    <{898E02AB-9372-4a2c-9C4A-FFE1AF61097F}><C:\WINDOWS\system32\comuidsg.dll>  []
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{5E907A48-400E-4EA8-9792-FFAE052D59E9}><C:\WINDOWS\system32\pedadt.dll>  []
    <{00020002-0002-0002-0002-00020002BB15}><C:\WINDOWS\system32\avicapwm.dll>  []
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  []
    <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll>  []
    <{D47A61B8-0EAB-417F-8DF4-5C949982A2AF}><C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <pjfzcug><C:\WINDOWS\system32\keauxpb.dll>  []   --这个就是JAVQHC
    <dpvvoxmh.dll><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <mstimewd.dll><C:\WINDOWS\system32\mstimewd.dll>  []
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>  []
    <lweurqhx.dll><C:\WINDOWS\system32\lweurqhx.dll>  []
    <comuidsg.dll><C:\WINDOWS\system32\comuidsg.dll>  []
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <certmgrkd.dll><C:\WINDOWS\system32\certmgrkd.dll>  []
    <dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll>  []
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>  []
    <avicapwm.dll><C:\WINDOWS\system32\avicapwm.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1c32e12c-94ba-e90f-e90f-a5cb7ab5f678}]
    <N/A><C:\WINDOWS\system32\sls\lsass.exe /t>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll><N/A>
==================================
驱动程序
[Creative SB16/AWE32/AWE64 Driver (WDM) / ctlsb16][Running/Manual Start]
  <system32\drivers\ctlsb16.sys><Copyright (C) Creative Technology Ltd. 1994-2001>
[DC21x4 Based Network Adapter Driver / DC21x4][Running/Manual Start]
  <system32\DRIVERS\dc21x4.sys><Intel Corporation.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><arallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[VMware Pointing Device / vmmouse][Stopped/Manual Start]
  <system32\DRIVERS\vmmouse.sys><VMware, Inc.>
[HBKernel Driver / HBKernel][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A>
==================================
浏览器加载项
[]
  {D47A61B8-0EAB-417F-8DF4-5C949982A2AF} <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys, N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[]
  {D47A61B8-0EAB-417F-8DF4-5C949982A2AF} <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys, N/A>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
==================================
正在运行的进程
[PID: 412 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 472 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\gdipro.dll]  [N/A, ]
    [C:\WINDOWS\system32\sys07003.dll]  [N/A, ]
[PID: 504 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 516 / SYSTEM][C:\WINDOWS\system32\mmc.exe]  [N/A, ]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\pedadt.dll]  [N/A, ]
[PID: 568 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 580 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 808 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [c:\windows\system32\srpcss.dll]  [N/A, ]
[PID: 916 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\zsqf.dll]  [N/A, ]
[PID: 1124 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1356 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\ddserh.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgdewg.dll]  [N/A, ]
    [C:\WINDOWS\system32\comuidsg.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\pedadt.dll]  [N/A, ]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\jfrwdh.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmcvxy.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1804 / SYSTEM][C:\Program Files\Virtual Machine Additions\vmsrvc.exe]  [Microsoft Corporation, 013.803]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1980 / SYSTEM][C:\Program Files\Virtual Machine Additions\vpcmap.exe]  [Microsoft Corporation, 013.803]
[PID: 192 / Administrator][C:\Program Files\Virtual Machine Additions\vmusrvc.exe]  [Microsoft Corporation, 013.803]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\comuidsg.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\pedadt.dll]  [N/A, ]
    [C:\WINDOWS\system32\ddserh.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgdewg.dll]  [N/A, ]
    [C:\WINDOWS\system32\jfrwdh.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmcvxy.dll]  [N/A, ]
[PID: 220 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\comuidsg.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\jfrwdh.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmcvxy.dll]  [N/A, ]
    [C:\WINDOWS\system32\pedadt.dll]  [N/A, ]
    [C:\WINDOWS\system32\ddserh.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgdewg.dll]  [N/A, ]
[PID: 368 / SYSTEM][C:\WINDOWS\system32\HBmhly.exe]  [N/A, ]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1080 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\zsqf.dll]  [N/A, ]
[PID: 1564 / SYSTEM][C:\WINDOWS\system32\businesnk.exe]  [N/A, ]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1856 / Administrator][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1036 / Administrator][D:\Backup\桌面\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 1016 / Administrator][D:\Backup\桌面\sreng2\SREc41ec331.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\comuidsg.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\pedadt.dll]  [N/A, ]
    [C:\WINDOWS\system32\ddserh.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgdewg.dll]  [N/A, ]
    [C:\WINDOWS\system32\jfrwdh.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmcvxy.dll]  [N/A, ]
    [D:\Backup\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1       localhost
219.235.3.16    search.114.vnet.cn
219.235.3.16    keyword.vnet.cn
219.235.3.16    auto.search.msn.com
219.235.3.16    search.msn.com
219.235.3.16    cnweb.search.live.com
219.235.3.16    www.360safe.com
219.235.3.16    www.k369.com
219.235.3.16    www.5566.net
219.235.3.16    360safe.com
202.165.102.243    update.360safe.com
219.235.3.16    dl.360safe.com
219.235.3.16    down.360safe.com
219.235.3.16    bbs.360safe.com
219.235.3.16    kaba.360safe.com
219.235.3.16    baike.360safe.com
219.235.3.16    www.360.cn
219.235.3.16    360.cn
219.235.3.16    wopti.360.cn
202.165.102.243    update.360.cn
219.235.3.16    dl.360.cn
219.235.3.16    down.360.cn
219.235.3.16    bbs.360.cn
219.235.3.16    kaba.360.cn
219.235.3.16    baike.360.cn
219.235.3.16    360.qihoo.com
219.235.3.16    360safe.qihoo.com
219.235.3.16    forum.ikaka.com
219.235.3.16    www.ikaka.com
202.165.102.243 update.ikaka.com
219.235.3.16    forum.jiangmin.com
202.165.102.243 update.jiangmin.com
219.235.3.16    tieba.baidu.com
219.235.3.16    post.baidu.com
219.235.3.16    zhidao.baidu.com
219.235.3.16    www.baidu.com
202.165.102.243 update.rising.com.cn
219.235.3.16    online.rising.com.cn
202.165.102.243 center.rising.com.cn
219.235.3.16    up.duba.net
219.235.3.16    vi.duba.net
219.235.3.16    shadu.baidu.com
219.235.3.16    du.baidu.com
219.235.3.16    security.symantec.com
219.235.3.16    shadu.duba.net
219.235.3.16    bbs.duba.net
219.235.3.16    www.duba.net
219.235.3.16    online.jiangmin.com
219.235.3.16    cn.mcafee.com
219.235.3.16    www.ahn.com.cn
219.235.3.16    www.kaspersky.com.cn
219.235.3.16    www.pcav.cn
219.235.3.16    www.luosoft.com
219.235.3.16    www.im286.com
219.235.3.16    an.baidu.com
219.235.3.16    ma.baidu.com
219.235.3.16    bbs.htmlman.net
202.165.102.243 download.rising.com.cn
202.165.102.243 rsup08.rising.com.cn
219.235.3.16    10000.286er.com
219.235.3.16    im286.net
219.235.3.16    ju.qihoo.com
219.235.3.16    bbs.chinaz.com
219.235.3.16    www.qihoo.com
202.165.102.243 dnl-cn1.kaspersky-labs.com
202.165.102.243 dnl-cn2.kaspersky-labs.com
202.165.102.243 dnl-cn3.kaspersky-labs.com
202.165.102.243 dnl-cn4.kaspersky-labs.com
202.165.102.243 dnl-cn5.kaspersky-labs.com
202.165.102.243 dnl-cn6.kaspersky-labs.com
202.165.102.243 dnl-cn7.kaspersky-labs.com
202.165.102.243 dnl-cn8.kaspersky-labs.com
202.165.102.243 dnl-cn9.kaspersky-labs.com
202.165.102.243 dnl-cn10.kaspersky-labs.com
202.165.102.243 dnl-cn11.kaspersky-labs.com
202.165.102.243 dnl-cn12.kaspersky-labs.com
202.165.102.243 dnl-cn13.kaspersky-labs.com
202.165.102.243 dnl-cn14.kaspersky-labs.com
202.165.102.243 dnl-cn15.kaspersky-labs.com
202.165.102.243    dnl-eu1.kaspersky-labs.com
202.165.102.243    dnl-eu2.kaspersky-labs.com
202.165.102.243    dnl-eu3.kaspersky-labs.com
202.165.102.243    dnl-eu4.kaspersky-labs.com
202.165.102.243    dnl-eu5.kaspersky-labs.com
202.165.102.243    dnl-eu6.kaspersky-labs.com
202.165.102.243    dnl-eu7.kaspersky-labs.com
202.165.102.243    dnl-eu8.kaspersky-labs.com
202.165.102.243    dnl-eu9.kaspersky-labs.com
202.165.102.243    dnl-eu10.kaspersky-labs.com
202.165.102.243    dnl-eu11.kaspersky-labs.com
202.165.102.243    dnl-eu12.kaspersky-labs.com
202.165.102.243    dnl-eu13.kaspersky-labs.com
202.165.102.243    dnl-eu14.kaspersky-labs.com
202.165.102.243    dnl-eu15.kaspersky-labs.com
202.165.102.243    dnl-us1.kaspersky-labs.com
202.165.102.243    dnl-us2.kaspersky-labs.com
202.165.102.243    dnl-us3.kaspersky-labs.com
202.165.102.243    dnl-us4.kaspersky-labs.com
202.165.102.243    dnl-us5.kaspersky-labs.com
202.165.102.243    dnl-us6.kaspersky-labs.com
202.165.102.243    dnl-us7.kaspersky-labs.com
202.165.102.243    dnl-us8.kaspersky-labs.com
202.165.102.243    dnl-us9.kaspersky-labs.com
202.165.102.243    dnl-us10.kaspersky-labs.com
202.165.102.243    dnl-us11.kaspersky-labs.com
202.165.102.243    dnl-us12.kaspersky-labs.com
202.165.102.243    dnl-us13.kaspersky-labs.com
202.165.102.243    dnl-us14.kaspersky-labs.com
202.165.102.243    dnl-us15.kaspersky-labs.com
202.165.102.243    dnl-ru1.kaspersky-labs.com
202.165.102.243    dnl-ru2.kaspersky-labs.com
202.165.102.243    dnl-ru3.kaspersky-labs.com
202.165.102.243    dnl-ru4.kaspersky-labs.com
202.165.102.243    dnl-ru5.kaspersky-labs.com
202.165.102.243    dnl-ru6.kaspersky-labs.com
202.165.102.243    dnl-ru7.kaspersky-labs.com
202.165.102.243    dnl-ru8.kaspersky-labs.com
202.165.102.243    dnl-ru9.kaspersky-labs.com
202.165.102.243    dnl-ru10.kaspersky-labs.com
202.165.102.243    dnl-ru11.kaspersky-labs.com
202.165.102.243    dnl-ru12.kaspersky-labs.com
202.165.102.243    dnl-ru13.kaspersky-labs.com
202.165.102.243    dnl-ru14.kaspersky-labs.com
202.165.102.243    dnl-ru15.kaspersky-labs.com
202.165.102.243    dnl-jp1.kaspersky-labs.com
202.165.102.243    dnl-jp2.kaspersky-labs.com
202.165.102.243    dnl-jp3.kaspersky-labs.com
202.165.102.243    dnl-jp4.kaspersky-labs.com
202.165.102.243    dnl-jp5.kaspersky-labs.com
202.165.102.243    dnl-jp6.kaspersky-labs.com
202.165.102.243    dnl-jp7.kaspersky-labs.com
202.165.102.243    dnl-jp8.kaspersky-labs.com
202.165.102.243    dnl-jp9.kaspersky-labs.com
202.165.102.243    dnl-jp10.kaspersky-labs.com
202.165.102.243    dnl-jp11.kaspersky-labs.com
202.165.102.243    dnl-jp12.kaspersky-labs.com
202.165.102.243    dnl-jp13.kaspersky-labs.com
202.165.102.243    dnl-jp14.kaspersky-labs.com
202.165.102.243    dnl-jp15.kaspersky-labs.com
202.165.102.243    dnl-kr1.kaspersky-labs.com
202.165.102.243    dnl-kr2.kaspersky-labs.com
202.165.102.243    dnl-kr3.kaspersky-labs.com
202.165.102.243    dnl-kr4.kaspersky-labs.com
202.165.102.243    dnl-kr5.kaspersky-labs.com
202.165.102.243    dnl-kr6.kaspersky-labs.com
202.165.102.243    dnl-kr7.kaspersky-labs.com
202.165.102.243    dnl-kr8.kaspersky-labs.com
202.165.102.243    dnl-kr9.kaspersky-labs.com
202.165.102.243    dnl-kr10.kaspersky-labs.com
202.165.102.243    dnl-kr11.kaspersky-labs.com
202.165.102.243    dnl-kr12.kaspersky-labs.com
202.165.102.243    dnl-kr13.kaspersky-labs.com
202.165.102.243    dnl-kr14.kaspersky-labs.com
202.165.102.243    dnl-kr15.kaspersky-labs.com
202.165.102.243    dnl-cd1.kaspersky-labs.com
202.165.102.243    dnl-cd2.kaspersky-labs.com
202.165.102.243    dnl-cd3.kaspersky-labs.com
202.165.102.243    dnl-cd4.kaspersky-labs.com
202.165.102.243    dnl-cd5.kaspersky-labs.com
202.165.102.243    dnl-cd6.kaspersky-labs.com
202.165.102.243    dnl-cd7.kaspersky-labs.com
202.165.102.243    dnl-cd8.kaspersky-labs.com
202.165.102.243    dnl-cd9.kaspersky-labs.com
202.165.102.243    dnl-cd10.kaspersky-labs.com
202.165.102.243    dnl-cd11.kaspersky-labs.com
202.165.102.243    dnl-cd12.kaspersky-labs.com
202.165.102.243    dnl-cd13.kaspersky-labs.com
202.165.102.243    dnl-cd14.kaspersky-labs.com
202.165.102.243    dnl-cd15.kaspersky-labs.com
202.165.102.243    downloads1.kaspersky-labs.com
202.165.102.243    downloads2.kaspersky-labs.com
202.165.102.243    downloads3.kaspersky-labs.com
202.165.102.243    downloads4.kaspersky-labs.com
202.165.102.243    downloads5.kaspersky-labs.com
219.235.3.16       rss.360safe.com
219.235.3.16       x.360safe.com
219.235.3.16       d.360safe.com
219.235.3.16       updatem.360safe.com
219.235.3.16       softm.360safe.com
219.235.3.16       ishare.sina.com.cn
219.235.3.16       search.cn.yahoo.com
219.235.3.16       www.google.com
219.235.3.16       google.com
219.235.3.16       www.google.cn
219.235.3.16       www.yahoo.com.cn
219.235.3.16       cn.yahoo.com
219.235.3.16       search.tom.com
219.235.3.16       zhuansha.duba.net
219.235.3.16       buy.duba.net
219.235.3.16       kad.www.duba.net
219.235.3.16       cu001.www.duba.net
219.235.3.16       cu002.www.duba.net
219.235.3.16       cu003.www.duba.net
219.235.3.16       cu004.www.duba.net
219.235.3.16       cu005.www.duba.net
219.235.3.16       cu010.www.duba.net
219.235.3.16       client.download.duba.net
219.235.3.16       page.so.163.com
219.235.3.16       www.soso.com
219.235.3.16       sou.china.com
219.235.3.16       test.591jx.com
219.235.3.16       a.topxxxx.cn
219.235.3.16       picon.chinaren.com
219.235.3.16       www.5566.net
127.0.0.1 p.qqkx.com
127.0.0.1 news.netandtv.com
127.0.0.1 z.neter888.cn
127.0.0.1 b.myblank.cn
127.0.0.1 wvw.wokutu.com
127.0.0.1 unionch.qyule.com
127.0.0.1 www.qyule.com
127.0.0.1 it.itjc.cn
127.0.0.1 www.linkwww.com
127.0.0.1 vod.kaicn.com
127.0.0.1 www.tx8688.com
127.0.0.1 b.neter888.cn
127.0.0.1 promote.huanqiu.com
127.0.0.1 www.huanqiu.com
127.0.0.1 www.haokanla.com
127.0.0.1 play.unionsky.cn
127.0.0.1 www.52v.com
127.0.0.1 www.gghka.cn
127.0.0.1 icon.ajiang.net
127.0.0.1 new.ete.cn
127.0.0.1 www.stiae.cn
127.0.0.1 o.neter888.cn
127.0.0.1 comm.jinti.com
127.0.0.1 www.google-analytics.com
127.0.0.1 hz.mmstat.com
127.0.0.1 www.game175.cn
127.0.0.1 x.neter888.cn
127.0.0.1 z.neter888.cn
127.0.0.1  p.etimes888.com
127.0.0.1  hx.etimes888.com
127.0.0.1 abc.qqkx.com
127.0.0.1 dm.popdm.cn
127.0.0.1 www.yl9999.com
127.0.0.1 www.dajiadoushe.cn
127.0.0.1 down.nihao29.cn
127.0.0.1 v.onondown.com.cn
127.0.0.1 www.interoo.net
127.0.0.1 bally1.bally-bally.net
127.0.0.1 www.bao5605509.cn
127.0.0.1   down.nihao29.cn
127.0.0.1   www.mzd020.cn
127.0.0.1   jzm015.cn
127.0.0.1   down.hs7yue.cn
127.0.0.1   new.doups.cn
127.0.0.1   w.qq-uc.cn
127.0.0.1   down.nihao69.cn
127.0.0.1   www.rty456.cn
127.0.0.1   www.werqwer.cn
127.0.0.1   1.360-1.cn
127.0.0.1   user1.23-16.net
127.0.0.1   www.guccia.net
127.0.0.1   www.interoo.net
127.0.0.1   upa.netsool.net
127.0.0.1   js.users.51.la
127.0.0.1   vip2.51.la
127.0.0.1   web.51.la
127.0.0.1   qq.gong2008.com
127.0.0.1   2008tl.copyip.com
127.0.0.1   tla.laozihuolaile.cn
127.0.0.1   www.tx6868.cn
127.0.0.1   p001.tiloaiai.com
127.0.0.1   s1.tl8tl.com
127.0.0.1   s1.gong2008.com
58.53.128.117  4b3ce56f9g.3f6e2cc5f0b.com
58.53.128.117  2be37c5f.3f6e2cc5f0b.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1036, D:\BACKUP\桌面\SRENG2\SRENGLDR.EXE]
==================================
API HOOK
入口点错误:CreateServiceA (危险等级: 高,  被下面模块所HOOK: 0x001352AC)
==================================
隐藏进程
N/A
==================================

附regini.exe参数说明:

QUOTE:
2008年8月4日星期一2:08PM

Regini使用说明
作者:天涯
Regini是一个设置注册表权限的安全工具,常用于命令行方式批量更改注册表权限来达到提高系统安全性,下面我们先看看regnin所对应的格式和权限数值:
在renini.ini的格式:
注册表键数值[更改的权限]
例如:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun[1717]
上例中是分别设置AdministratorseveryoneSystem三个用户对注册表
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
拥有完全访问权限
下面我们看看对应的权限代码
1-Administrators完全访问
2-Administrators只读访问
3-Administrators读和写入访问
4-Administrators读、写入、删除访问
5-Creator完全访问
6-Creator读和写入访问
7-everyone完全访问
8-everyone只读访问
9-everyone读和写入访问
10-everyone读、写入、删除访问
11-PowerUsers完全访问
12-PowerUsers读和写入访问
13-PowerUsers读、写入、删除访问
14-SystemOperators完全访问
15-SystemOperators读和写入访问
16-SystemOperators读、写入、删除访问
17-System完全访问
18-System读和写入访问
19-System只读访问
20-Administrators读、写、执行访问
21-InteractiveUser完全访问
22-InteractiveUser读和写入访问
23-InteractiveUser读、写入、删除访问
就第一个例子,我们要设置常见的3个组的用户为只读权限.那么先新建一个文件名为regini.ini然后编辑regini.ini的内容如下:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersionRun[2 8 19]
然后保存regini.ini在命令行下导入regini.ini的命令是:
regini regini.ini

查看积分策略说明
附件
瘫痪JAVQHC.rar (883 Bytes)
 

Tags:瘫痪JAVQHC
来源:360卫士
上一篇: U盘蠕虫Worm.Win32.AutoRun.ffo(sys32.exe)分析  下一篇:超级巡警 v4 正式版发布 /沙盘 Sandboxie 3.29.13 Beta 等
您的评论
用户名:新注册) 密码: 匿名评论 [所有评论]

·用户发表意见仅代表其个人意见,并且承担一切因发表内容引起的纠纷和责任
·本站管理人员有权在不通知用户的情况下删除不符合规定的评论信息或留做证据
·请客观的评价您所看到的资讯,提倡就事论事,杜绝漫骂和人身攻击等不文明行为
热点资讯

精彩推荐

     

最新资讯

随机推荐