“Win32.Troj.WinShow.p.6656”的意思、由来-中文百科全书

病毒介绍

病毒别名：TrojanDownLoader.Win32.WinShow.p

处理时间：

威胁级别：★

中文名称：

病毒类型：木马

影响系统：Win9X/WinNT/WinXK/WinXP/Win2003

病毒行为:

编写工具:

Microsoft Visual C++ 6.0

传染条件:

发作条件:

系统修改:

A.添加如下文件:

%SystemRoot%image.dll

%SystemRoot%mshp.dll

%SystemRoot%winxf <新建目录>

%SystemRoot%winxfdict.dat

%SystemRoot%winxfkeywords.dat

%SystemRoot%winxfmsiesh.dll

%SystemRoot%winxfmssearch.dll

%SystemRoot%winxfwinxf32.dll

B.在收藏夹中添加如下几项：

eXtreme Sex

Only sex website

Search the web

Seven days of free porn

C.在注册表中创建子键：

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773}

D.在注册表中添加如下健值：

HKEY_CLASSES_ROOTiefeatsl.ViewSource

HKEY_CLASSES_ROOTiefeatsl.ViewSource @ "ViewSource Class"

HKEY_CLASSES_ROOTiefeatsl.ViewSourceCLSID

HKEY_CLASSES_ROOTiefeatsl.ViewSourceCLSID @ "{587DBF2D-9145-4c9e-92C2-1F953DA73773}"

HKEY_CLASSES_ROOTiefeatsl.ViewSourceCurVer

HKEY_CLASSES_ROOTiefeatsl.ViewSourceCurVer @ "iefeatsl.ViewSource.1"

HKEY_CLASSES_ROOTiefeatsl.ViewSource.1

HKEY_CLASSES_ROOTiefeatsl.ViewSource.1 @ "ViewSource Class"

HKEY_CLASSES_ROOTiefeatsl.ViewSource.1CLSID

HKEY_CLASSES_ROOTiefeatsl.ViewSource.1CLSID @ "{587DBF2D-9145-4c9e-92C2-1F953DA73773}"

HKEY_CLASSES_ROOTImage.Image

HKEY_CLASSES_ROOTImage.Image @ "Image Class"

HKEY_CLASSES_ROOTImage.ImageCLSID

HKEY_CLASSES_ROOTImage.ImageCLSID @ "{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}"

HKEY_CLASSES_ROOTImage.ImageCurVer

HKEY_CLASSES_ROOTImage.ImageCurVer @ "Image.Image.1"

HKEY_CLASSES_ROOTImage.Image.1

HKEY_CLASSES_ROOTImage.Image.1 @ "Image Class"

HKEY_CLASSES_ROOTImage.Image.1CLSID

HKEY_CLASSES_ROOTImage.Image.1CLSID @ "{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}"

HKEY_CLASSES_ROOTSearchHook.SearchHookObject

HKEY_CLASSES_ROOTSearchHook.SearchHookObject @ "SearchHookObject Class"

HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCLSID

HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCLSID @ "{FD9BC004-8331-4457-B830-4759FF704C22}"

HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCurVer

HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCurVer @ "SearchHook.SearchHookObject.1"

HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1

HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1 @ "SearchHookObject Class"

HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1CLSID

HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1CLSID @ "{FD9BC004-8331-4457-B830-4759FF704C22}"

HKEY_CLASSES_ROOTShowSearch.ViewSource

HKEY_CLASSES_ROOTShowSearch.ViewSource @ "ViewSource Class"

HKEY_CLASSES_ROOTShowSearch.ViewSourceCLSID

HKEY_CLASSES_ROOTShowSearch.ViewSourceCLSID @ "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}"

HKEY_CLASSES_ROOTShowSearch.ViewSourceCurVer

HKEY_CLASSES_ROOTShowSearch.ViewSourceCurVer @ "ShowSearch.ViewSource.1"

HKEY_CLASSES_ROOTShowSearch.ViewSource.1

HKEY_CLASSES_ROOTShowSearch.ViewSource.1 @ "ViewSource Class"

HKEY_CLASSES_ROOTShowSearch.ViewSource.1CLSID

HKEY_CLASSES_ROOTShowSearch.ViewSource.1CLSID @ "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}"

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2} @ "Image Class"

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 @ "C:WINNTimage.dll"

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 ThreadingModel "Apartment"

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}ProgID

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}ProgID @ "Image.Image.1"

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}Programmable

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}VersionIndependentProgID

HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}VersionIndependentProgID @ "Image.Image"

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773} @ "ViewSource Class"

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 @ "C:WINNTwinxfwinxf32.dll"

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 ThreadingModel "Apartment"

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}ProgID

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}ProgID @ "iefeatsl.ViewSource.1"

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}Programmable

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}TypeLib

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}TypeLib @ "{58510DE5-7C2E-45fc-ADBC-5EF6BCEA5ACB}"

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}VersionIndependentProgID

HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}VersionIndependentProgID @ "iefeatsl.ViewSource"

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} @ "ViewSource Class"

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 @ "C:WINNTwinxfmssearch.dll"

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 ThreadingModel "Apartment"

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}ProgID

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}ProgID @ "ShowSearch.ViewSource.1"

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}Programmable

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}TypeLib

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}TypeLib @ "{CA3F4CA8-735D-4339-9EC2-BC0EDB077829}"

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}VersionIndependentProgID

HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}VersionIndependentProgID @ "ShowSearch.ViewSource"

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22} @ "SearchHookObject Class"

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 @ "C:WINNTwinxfmsiesh.dll"

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 ThreadingModel "Apartment"

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}ProgID

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}ProgID @ "SearchHook.SearchHookObject.1"

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}Programmable

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}TypeLib

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}TypeLib @ "{2C671705-77A7-4592-A484-545087ED9EE8}"

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}VersionIndependentProgID

HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}VersionIndependentProgID @ "SearchHook.SearchHookObject"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain Use Search Asst "no"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices Image "rundll32 C:WINNTimage.dll,Install"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773}

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SponsorID dword:00000000

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} Counter dword:00000000

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastDay dword:00000000

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastUpdate dword:00003102

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} UpdateHour dword:00000017

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} ModuleVersion dword:00000013

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} DictVersion dword:0000001b

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} Dict2Version dword:0000001b

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastHPDay dword:00000000

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} InstallDay dword:00000000

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SHVersion dword:0000000d

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} HPDllVersion dword:00000009

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} InstallFlag dword:0000000c

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SSVersion dword:00000004

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LRD dword:00000000

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} UpdaterVersion dword:00000009

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}URLSearchHooks

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}URLSearchHooks {CFBFAE00-17A6-11D0-99CB-00C04FD64497} ""

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource @ "ViewSource Class"

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCLSID

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCLSID @ "{587DBF2D-9145-4c9e-92C2-1F953DA73773}"

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCurVer

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCurVer @ "iefeatsl.ViewSource.1"

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1 @ "ViewSource Class"

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1CLSID

HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1CLSID @ "{587DBF2D-9145-4c9e-92C2-1F953DA73773}"

HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image

HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image @ "Image Class"

HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCLSID

HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCLSID @ "{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}"

HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCurVer

HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCurVer @ "Image.Image.1"

HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1

HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1 @ "Image Class"

HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1CLSID

HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1CLSID @ "{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}"

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject @ "SearchHookObject Class"

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCLSID

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCLSID @ "{FD9BC004-8331-4457-B830-4759FF704C22}"

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCurVer

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCurVer @ "SearchHook.SearchHookObject.1"

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1 @ "SearchHookObject Class"

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1CLSID

HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1CLSID @ "{FD9BC004-8331-4457-B830-4759FF704C22}"

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource @ "ViewSource Class"

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCLSID

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCLSID @ "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}"

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCurVer

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCurVer @ "ShowSearch.ViewSource.1"

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1 @ "ViewSource Class"

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1CLSID

HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1CLSID @ "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2} @ "Image Class"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 @ "C:WINNTimage.dll"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 ThreadingModel "Apartment"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}ProgID

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}ProgID @ "Image.Image.1"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}Programmable

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}VersionIndependentProgID

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}VersionIndependentProgID @ "Image.Image"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773} @ "ViewSource Class"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 @ "C:WINNTwinxfwinxf32.dll"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 ThreadingModel "Apartment"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}ProgID

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}ProgID @ "iefeatsl.ViewSource.1"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}Programmable

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}TypeLib

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}TypeLib @ "{58510DE5-7C2E-45fc-ADBC-5EF6BCEA5ACB}"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}VersionIndependentProgID

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}VersionIndependentProgID @ "iefeatsl.ViewSource"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} @ "ViewSource Class"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 @ "C:WINNTwinxfmssearch.dll"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 ThreadingModel "Apartment"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}ProgID

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}ProgID @ "ShowSearch.ViewSource.1"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}Programmable

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}TypeLib

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}TypeLib @ "{CA3F4CA8-735D-4339-9EC2-BC0EDB077829}"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}VersionIndependentProgID

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}VersionIndependentProgID @ "ShowSearch.ViewSource"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22} @ "SearchHookObject Class"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 @ "C:WINNTwinxfmsiesh.dll"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 ThreadingModel "Apartment"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}ProgID

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}ProgID @ "SearchHook.SearchHookObject.1"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}Programmable

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}TypeLib

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}TypeLib @ "{2C671705-77A7-4592-A484-545087ED9EE8}"

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}VersionIndependentProgID

HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}VersionIndependentProgID @ "SearchHook.SearchHookObject"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks {FD9BC004-8331-4457-B830-4759FF704C22} ""

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{587DBF2D-9145-4c9e-92C2-1F953DA73773}

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{587DBF2D-9145-4c9e-92C2-1F953DA73773} @ "."

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} @ "ShowSearch module"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FD9BC004-8331-4457-B830-4759FF704C22}

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FD9BC004-8331-4457-B830-4759FF704C22} @ ""

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun Image "rundll32 C:WINNTimage.dll,Install"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun Image "rundll32 C:WINNTimage.dll,Install"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIEFeatSL_Uninstall

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIEFeatSL_Uninstall DisplayName "IEFeatSL Uninstall"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIEFeatSL_Uninstall UninstallString "rundll32.exe C:WINNTimage.dll,Uninstall"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchHook

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchHook DisplayName "MSIESH"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchHook UninstallString "rundll32.exe C:WINNTwinxfmsiesh.dll,Uninstall"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShowSearch

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShowSearch DisplayName "MSSearch"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShowSearch UninstallString "rundll32.exe C:WINNTwinxfmssearch.dll,Uninstall"

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerMain Use Search Asst "no"

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionRunServices

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionRunServices Image "rundll32 C:WINNTimage.dll,Install"

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773}

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SponsorID dword:00000000

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} Counter dword:00000000

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastDay dword:00000000

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastUpdate dword:00003102

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} UpdateHour dword:00000017

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} ModuleVersion dword:00000013

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} DictVersion dword:0000001b

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} Dict2Version dword:0000001b

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastHPDay dword:00000000

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} InstallDay dword:00000000

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SHVersion dword:0000000d

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} HPDllVersion dword:00000009

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} InstallFlag dword:0000000c

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SSVersion dword:00000004

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LRD dword:00000000

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} UpdaterVersion dword:00000009

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}URLSearchHooks

HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}URLSearchHooks {CFBFAE00-17A6-11D0-99CB-00C04FD64497} ""

E、修改如下注册条目

(修改默认主页及搜索页)

主键：HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain

"Start Page" = "http://www.microsoft.com/windows/ie_intl/cn/start/"

默认 = "res://mshp.dll/index.html#10213"

主键：HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain

"Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

默认 = "res://mshp.dll/sp.html#10213"

主键：HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{75048700-EF1F-11D0-9888-006097DEACF9}Count

"HRZR_EHAJZPZQ" = hex:02,00,00,00,45,00,00,00,10,f0,b7,24,f6,34,c4,01,

默认 = hex:02,00,00,00,46,00,00,00,40,7f,74,f8,f6,34,c4,01,

主键：HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{75048700-EF1F-11D0-9888-006097DEACF9}Count

"HRZR_EHAJZPZQ:0k1,1n4" = hex:02,00,00,00,0c,00,00,00,d0,1e,5d,be,b2,31,c4,01,

默认 = hex:02,00,00,00,0d,00,00,00,40,7f,74,f8,f6,34,c4,01,

主键：HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections

"SavedLegacySettings" = hex:3c,00,00,00,09,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

默认 = hex:3c,00,00,00,0a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyRNG

"Seed" = hex:14,a0,bb,55,41,89,58,7c,68,a2,35,66,df,5e,77,28,70,66,ab,d2,36,04,40,38,ad,31,dd,a0,1e,76,13,0c,68,1f,04,86,95,1d,7d,49,90,1d,e8,c4,2d,57,c5,c3,27,75,e9,84,2e,b5,96,0f,ce,08,2a,95,23,40,3b,f2,c1,c2,a6,35,59,34,cb,b8,c7,d5,59,28,91,ec,de,1b

默认 = hex:1e,2a,0f,e8,9c,7f,8b,2f,dd,e5,e1,2e,fd,4f,1a,4d,44,f9,69,f4,0d,03,1d,d9,1b,16,28,f6,2e,91,60,a8,52,99,f2,3b,32,44,62,cf,6b,92,d3,13,8a,1e,2f,65,3b,7e,57,8a,ed,28,d2,bb,92,aa,fa,63,98,67,ce,f4,85,bd,25,30,b4,60,df,3f,da,55,7c,0f,ef,7d,74,52,

主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain

"Default_Page_URL" = "http://www.microsoft.com/windows/ie_intl/cn/start/"

默认 = "res://mshp.dll/index.html#10213"

主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain

"Default_Search_URL" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

默认 = "res://mshp.dll/sp.html#10213"

主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain

"Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

默认 = "res://mshp.dll/sp.html#10213"

主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain

"Start Page" = "http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

默认 = "res://mshp.dll/index.html#10213"

主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerMain

"Start Page" = "http://www.microsoft.com/windows/ie_intl/cn/start/"

默认 = "res://mshp.dll/index.html#10213"

主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerMain

"Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"res://mshp.dll/sp.html#10213"

主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{75048700-EF1F-11D0-9888-006097DEACF9}Count

"HRZR_EHAJZPZQ" = hex:02,00,00,00,45,00,00,00,10,f0,b7,24,f6,34,c4,01

默认 = hex:02,00,00,00,46,00,00,00,40,7f,74,f8,f6,34,c4,01,

主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{75048700-EF1F-11D0-9888-006097DEACF9}Count

"HRZR_EHAJZPZQ:0k1,1n4" = hex:02,00,00,00,0c,00,00,00,d0,1e,5d,be,b2,31,c4,01

默认 = hex:02,00,00,00,0d,00,00,00,40,7f,74,f8,f6,34,c4,01,

主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections

"SavedLegacySettings" = hex:3c,00,00,00,09,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

默认 = hex:3c,00,00,00,0a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

F、删除如下键值

主键：HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = ""

主键：HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion智能ABC

"双打键盘类型" = dword:00000000

主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows

"AppInit_DLLs "" = "

主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerURLSearchHooks

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = ""

主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersion智能ABC

"双打键盘类型" = dword:00000000

发作现象

A.该木马运行后，会试图从以下网址下载文件 (89600bytes)

http://75tz.com/feat/image.dll

http://iefeadsl.com/feat/image.dll

B.收藏夹里会多出一些项目(参见16点)

C、默认主页被修改为："res://mshp.dll/index.html#10213"

D、默认搜索页被改为："res://mshp.dll/index.html#10213"

E、会在添加删除程序中添加MSIESH及MSSearch两项。

特别说明:

词条	Win32.Troj.WinShow.p.6656
释义	Win32.Troj.WinShow.p.6656，计算机特洛伊木马病毒一种。该木马运行后，会试图从广告挂马网址下载文件，同时浏览器如IE的收藏夹里会多出一些项目，其默认主页、默认搜索页也会被恶意修改，另外还会在添加删除程序中添加MSIESH及MSSearch两项。病毒介绍系统修改:(A.添加如下文件: B.在收藏夹中添加如下几项： C.在注册表中创建子键： D.在注册表中添加如下健值： E、修改如下注册条目 F、删除如下键值) 发作现象病毒介绍病毒别名：TrojanDownLoader.Win32.WinShow.p 处理时间：威胁级别：★ 中文名称：病毒类型：木马影响系统：Win9X/WinNT/WinXK/WinXP/Win2003 病毒行为: 编写工具: Microsoft Visual C++ 6.0 传染条件: 发作条件: 系统修改: A.添加如下文件: %SystemRoot%image.dll %SystemRoot%mshp.dll %SystemRoot%winxf <新建目录> %SystemRoot%winxfdict.dat %SystemRoot%winxfkeywords.dat %SystemRoot%winxfmsiesh.dll %SystemRoot%winxfmssearch.dll %SystemRoot%winxfwinxf32.dll B.在收藏夹中添加如下几项： eXtreme Sex Only sex website Search the web Seven days of free porn C.在注册表中创建子键： HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} D.在注册表中添加如下健值： HKEY_CLASSES_ROOTiefeatsl.ViewSource HKEY_CLASSES_ROOTiefeatsl.ViewSource @ "ViewSource Class" HKEY_CLASSES_ROOTiefeatsl.ViewSourceCLSID HKEY_CLASSES_ROOTiefeatsl.ViewSourceCLSID @ "{587DBF2D-9145-4c9e-92C2-1F953DA73773}" HKEY_CLASSES_ROOTiefeatsl.ViewSourceCurVer HKEY_CLASSES_ROOTiefeatsl.ViewSourceCurVer @ "iefeatsl.ViewSource.1" HKEY_CLASSES_ROOTiefeatsl.ViewSource.1 HKEY_CLASSES_ROOTiefeatsl.ViewSource.1 @ "ViewSource Class" HKEY_CLASSES_ROOTiefeatsl.ViewSource.1CLSID HKEY_CLASSES_ROOTiefeatsl.ViewSource.1CLSID @ "{587DBF2D-9145-4c9e-92C2-1F953DA73773}" HKEY_CLASSES_ROOTImage.Image HKEY_CLASSES_ROOTImage.Image @ "Image Class" HKEY_CLASSES_ROOTImage.ImageCLSID HKEY_CLASSES_ROOTImage.ImageCLSID @ "{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}" HKEY_CLASSES_ROOTImage.ImageCurVer HKEY_CLASSES_ROOTImage.ImageCurVer @ "Image.Image.1" HKEY_CLASSES_ROOTImage.Image.1 HKEY_CLASSES_ROOTImage.Image.1 @ "Image Class" HKEY_CLASSES_ROOTImage.Image.1CLSID HKEY_CLASSES_ROOTImage.Image.1CLSID @ "{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}" HKEY_CLASSES_ROOTSearchHook.SearchHookObject HKEY_CLASSES_ROOTSearchHook.SearchHookObject @ "SearchHookObject Class" HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCLSID HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCLSID @ "{FD9BC004-8331-4457-B830-4759FF704C22}" HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCurVer HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCurVer @ "SearchHook.SearchHookObject.1" HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1 HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1 @ "SearchHookObject Class" HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1CLSID HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1CLSID @ "{FD9BC004-8331-4457-B830-4759FF704C22}" HKEY_CLASSES_ROOTShowSearch.ViewSource HKEY_CLASSES_ROOTShowSearch.ViewSource @ "ViewSource Class" HKEY_CLASSES_ROOTShowSearch.ViewSourceCLSID HKEY_CLASSES_ROOTShowSearch.ViewSourceCLSID @ "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}" HKEY_CLASSES_ROOTShowSearch.ViewSourceCurVer HKEY_CLASSES_ROOTShowSearch.ViewSourceCurVer @ "ShowSearch.ViewSource.1" HKEY_CLASSES_ROOTShowSearch.ViewSource.1 HKEY_CLASSES_ROOTShowSearch.ViewSource.1 @ "ViewSource Class" HKEY_CLASSES_ROOTShowSearch.ViewSource.1CLSID HKEY_CLASSES_ROOTShowSearch.ViewSource.1CLSID @ "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}" HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2} HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2} @ "Image Class" HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 @ "C:WINNTimage.dll" HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 ThreadingModel "Apartment" HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}ProgID HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}ProgID @ "Image.Image.1" HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}Programmable HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}VersionIndependentProgID HKEY_CLASSES_ROOTCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}VersionIndependentProgID @ "Image.Image" HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773} HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773} @ "ViewSource Class" HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 @ "C:WINNTwinxfwinxf32.dll" HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 ThreadingModel "Apartment" HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}ProgID HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}ProgID @ "iefeatsl.ViewSource.1" HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}Programmable HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}TypeLib HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}TypeLib @ "{58510DE5-7C2E-45fc-ADBC-5EF6BCEA5ACB}" HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}VersionIndependentProgID HKEY_CLASSES_ROOTCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}VersionIndependentProgID @ "iefeatsl.ViewSource" HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} @ "ViewSource Class" HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 @ "C:WINNTwinxfmssearch.dll" HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 ThreadingModel "Apartment" HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}ProgID HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}ProgID @ "ShowSearch.ViewSource.1" HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}Programmable HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}TypeLib HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}TypeLib @ "{CA3F4CA8-735D-4339-9EC2-BC0EDB077829}" HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}VersionIndependentProgID HKEY_CLASSES_ROOTCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}VersionIndependentProgID @ "ShowSearch.ViewSource" HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22} HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22} @ "SearchHookObject Class" HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 @ "C:WINNTwinxfmsiesh.dll" HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 ThreadingModel "Apartment" HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}ProgID HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}ProgID @ "SearchHook.SearchHookObject.1" HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}Programmable HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}TypeLib HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}TypeLib @ "{2C671705-77A7-4592-A484-545087ED9EE8}" HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}VersionIndependentProgID HKEY_CLASSES_ROOTCLSID{FD9BC004-8331-4457-B830-4759FF704C22}VersionIndependentProgID @ "SearchHook.SearchHookObject" HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain Use Search Asst "no" HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices Image "rundll32 C:WINNTimage.dll,Install" HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SponsorID dword:00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} Counter dword:00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastDay dword:00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastUpdate dword:00003102 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} UpdateHour dword:00000017 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} ModuleVersion dword:00000013 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} DictVersion dword:0000001b HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} Dict2Version dword:0000001b HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastHPDay dword:00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} InstallDay dword:00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SHVersion dword:0000000d HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} HPDllVersion dword:00000009 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} InstallFlag dword:0000000c HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SSVersion dword:00000004 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LRD dword:00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} UpdaterVersion dword:00000009 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22} HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}URLSearchHooks HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}URLSearchHooks {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "" HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource @ "ViewSource Class" HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCLSID HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCLSID @ "{587DBF2D-9145-4c9e-92C2-1F953DA73773}" HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCurVer HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCurVer @ "iefeatsl.ViewSource.1" HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1 HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1 @ "ViewSource Class" HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1CLSID HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1CLSID @ "{587DBF2D-9145-4c9e-92C2-1F953DA73773}" HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image @ "Image Class" HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCLSID HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCLSID @ "{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}" HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCurVer HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCurVer @ "Image.Image.1" HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1 HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1 @ "Image Class" HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1CLSID HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1CLSID @ "{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}" HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject @ "SearchHookObject Class" HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCLSID HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCLSID @ "{FD9BC004-8331-4457-B830-4759FF704C22}" HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCurVer HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCurVer @ "SearchHook.SearchHookObject.1" HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1 HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1 @ "SearchHookObject Class" HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1CLSID HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1CLSID @ "{FD9BC004-8331-4457-B830-4759FF704C22}" HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource @ "ViewSource Class" HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCLSID HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCLSID @ "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}" HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCurVer HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCurVer @ "ShowSearch.ViewSource.1" HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1 HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1 @ "ViewSource Class" HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1CLSID HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1CLSID @ "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2} HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2} @ "Image Class" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 @ "C:WINNTimage.dll" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}InprocServer32 ThreadingModel "Apartment" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}ProgID HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}ProgID @ "Image.Image.1" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}Programmable HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}VersionIndependentProgID HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}VersionIndependentProgID @ "Image.Image" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773} HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773} @ "ViewSource Class" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 @ "C:WINNTwinxfwinxf32.dll" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}InprocServer32 ThreadingModel "Apartment" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}ProgID HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}ProgID @ "iefeatsl.ViewSource.1" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}Programmable HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}TypeLib HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}TypeLib @ "{58510DE5-7C2E-45fc-ADBC-5EF6BCEA5ACB}" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}VersionIndependentProgID HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587DBF2D-9145-4c9e-92C2-1F953DA73773}VersionIndependentProgID @ "iefeatsl.ViewSource" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} @ "ViewSource Class" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 @ "C:WINNTwinxfmssearch.dll" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}InprocServer32 ThreadingModel "Apartment" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}ProgID HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}ProgID @ "ShowSearch.ViewSource.1" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}Programmable HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}TypeLib HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}TypeLib @ "{CA3F4CA8-735D-4339-9EC2-BC0EDB077829}" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}VersionIndependentProgID HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}VersionIndependentProgID @ "ShowSearch.ViewSource" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22} HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22} @ "SearchHookObject Class" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 @ "C:WINNTwinxfmsiesh.dll" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}InprocServer32 ThreadingModel "Apartment" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}ProgID HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}ProgID @ "SearchHook.SearchHookObject.1" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}Programmable HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}TypeLib HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}TypeLib @ "{2C671705-77A7-4592-A484-545087ED9EE8}" HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}VersionIndependentProgID HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD9BC004-8331-4457-B830-4759FF704C22}VersionIndependentProgID @ "SearchHook.SearchHookObject" HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks {FD9BC004-8331-4457-B830-4759FF704C22} "" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{587DBF2D-9145-4c9e-92C2-1F953DA73773} HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{587DBF2D-9145-4c9e-92C2-1F953DA73773} @ "." HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} @ "ShowSearch module" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FD9BC004-8331-4457-B830-4759FF704C22} HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FD9BC004-8331-4457-B830-4759FF704C22} @ "" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22} HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun Image "rundll32 C:WINNTimage.dll,Install" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun Image "rundll32 C:WINNTimage.dll,Install" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIEFeatSL_Uninstall HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIEFeatSL_Uninstall DisplayName "IEFeatSL Uninstall" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIEFeatSL_Uninstall UninstallString "rundll32.exe C:WINNTimage.dll,Uninstall" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchHook HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchHook DisplayName "MSIESH" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchHook UninstallString "rundll32.exe C:WINNTwinxfmsiesh.dll,Uninstall" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShowSearch HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShowSearch DisplayName "MSSearch" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShowSearch UninstallString "rundll32.exe C:WINNTwinxfmssearch.dll,Uninstall" HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerMain Use Search Asst "no" HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionRunServices HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionRunServices Image "rundll32 C:WINNTimage.dll,Install" HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SponsorID dword:00000000 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} Counter dword:00000000 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastDay dword:00000000 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastUpdate dword:00003102 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} UpdateHour dword:00000017 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} ModuleVersion dword:00000013 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} DictVersion dword:0000001b HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} Dict2Version dword:0000001b HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LastHPDay dword:00000000 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} InstallDay dword:00000000 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SHVersion dword:0000000d HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} HPDllVersion dword:00000009 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} InstallFlag dword:0000000c HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} SSVersion dword:00000004 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} LRD dword:00000000 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{587DBF2D-9145-4c9e-92C2-1F953DA73773} UpdaterVersion dword:00000009 HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22} HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}URLSearchHooks HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer{FD9BC004-8331-4457-B830-4759FF704C22}URLSearchHooks {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "" E、修改如下注册条目 (修改默认主页及搜索页) 主键：HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Start Page" = "http://www.microsoft.com/windows/ie_intl/cn/start/" 默认 = "res://mshp.dll/index.html#10213" 主键：HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 默认 = "res://mshp.dll/sp.html#10213" 主键：HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{75048700-EF1F-11D0-9888-006097DEACF9}Count "HRZR_EHAJZPZQ" = hex:02,00,00,00,45,00,00,00,10,f0,b7,24,f6,34,c4,01, 默认 = hex:02,00,00,00,46,00,00,00,40,7f,74,f8,f6,34,c4,01, 主键：HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{75048700-EF1F-11D0-9888-006097DEACF9}Count "HRZR_EHAJZPZQ:0k1,1n4" = hex:02,00,00,00,0c,00,00,00,d0,1e,5d,be,b2,31,c4,01, 默认 = hex:02,00,00,00,0d,00,00,00,40,7f,74,f8,f6,34,c4,01, 主键：HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections "SavedLegacySettings" = hex:3c,00,00,00,09,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 默认 = hex:3c,00,00,00,0a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyRNG "Seed" = hex:14,a0,bb,55,41,89,58,7c,68,a2,35,66,df,5e,77,28,70,66,ab,d2,36,04,40,38,ad,31,dd,a0,1e,76,13,0c,68,1f,04,86,95,1d,7d,49,90,1d,e8,c4,2d,57,c5,c3,27,75,e9,84,2e,b5,96,0f,ce,08,2a,95,23,40,3b,f2,c1,c2,a6,35,59,34,cb,b8,c7,d5,59,28,91,ec,de,1b 默认 = hex:1e,2a,0f,e8,9c,7f,8b,2f,dd,e5,e1,2e,fd,4f,1a,4d,44,f9,69,f4,0d,03,1d,d9,1b,16,28,f6,2e,91,60,a8,52,99,f2,3b,32,44,62,cf,6b,92,d3,13,8a,1e,2f,65,3b,7e,57,8a,ed,28,d2,bb,92,aa,fa,63,98,67,ce,f4,85,bd,25,30,b4,60,df,3f,da,55,7c,0f,ef,7d,74,52, 主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain "Default_Page_URL" = "http://www.microsoft.com/windows/ie_intl/cn/start/" 默认 = "res://mshp.dll/index.html#10213" 主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain "Default_Search_URL" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 默认 = "res://mshp.dll/sp.html#10213" 主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain "Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 默认 = "res://mshp.dll/sp.html#10213" 主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain "Start Page" = "http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" 默认 = "res://mshp.dll/index.html#10213" 主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerMain "Start Page" = "http://www.microsoft.com/windows/ie_intl/cn/start/" 默认 = "res://mshp.dll/index.html#10213" 主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerMain "Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "res://mshp.dll/sp.html#10213" 主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{75048700-EF1F-11D0-9888-006097DEACF9}Count "HRZR_EHAJZPZQ" = hex:02,00,00,00,45,00,00,00,10,f0,b7,24,f6,34,c4,01 默认 = hex:02,00,00,00,46,00,00,00,40,7f,74,f8,f6,34,c4,01, 主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{75048700-EF1F-11D0-9888-006097DEACF9}Count "HRZR_EHAJZPZQ:0k1,1n4" = hex:02,00,00,00,0c,00,00,00,d0,1e,5d,be,b2,31,c4,01 默认 = hex:02,00,00,00,0d,00,00,00,40,7f,74,f8,f6,34,c4,01, 主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections "SavedLegacySettings" = hex:3c,00,00,00,09,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 默认 = hex:3c,00,00,00,0a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, F、删除如下键值主键：HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "" 主键：HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion智能ABC "双打键盘类型" = dword:00000000 主键：HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows "AppInit_DLLs "" = " 主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerURLSearchHooks "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "" 主键：HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersion智能ABC "双打键盘类型" = dword:00000000 发作现象 : A.该木马运行后，会试图从以下网址下载文件 (89600bytes) http://75tz.com/feat/image.dll http://iefeadsl.com/feat/image.dll B.收藏夹里会多出一些项目(参见16点) C、默认主页被修改为："res://mshp.dll/index.html#10213" D、默认搜索页被改为："res://mshp.dll/index.html#10213" E、会在添加删除程序中添加MSIESH及MSSearch两项。特别说明:
随便看	鬼谜鬼谜族鬼秘鬼面残云鬼面伏影鬼面关刀鬼面具鬼面狼蛛鬼面鸟鬼面骑士鬼面兽鬼面兽榴弹枪鬼面蜘蛛鬼名模鬼摸脑壳鬼模特鬼磨坊鬼磨剑鬼魔鬼魔三道鬼谋鬼母鬼幕鬼目鬼纳特