Avira 病毒搜尋

PUA/SecurityReviver.EL.2

  • 名稱
    PUA/SecurityReviver.EL.2
  • 发现日期
    2017年9月11日
  • 類型
    Potential Unwanted Application
  • 影響
     
  • 報告的感染
     
  • 作業系統
    Windows
  • VDF 版本
    7.14.27.34 (2017-09-11 13:08)

這類偵測旗標「可能不想要的應用程式」(PUA) 可能會危害使用者的隱私權和本機系統的安全性。這些是經常嘗試使用社交工程來讓使用者在安裝其原本需要的軟體時安裝其他軟體的合法應用程式。應用程式的 PUA 分類是由於軟體、廣告或網站出現一個或多個造成困擾的行為及/或性質所造成。http://www.avira.com/en/potentially-unwanted-applications 將提供完整的 PUA 清單 此偵測結果不代表檔案具有惡意。不過,如果檔案是在用戶不知情的情況下安裝到系統上的,使用者的隱私權或系統安全性可能受到損害。只有對於了解風險以及這些應用程式使用方法的進階用戶,才建議停用此偵測。

  • VDF
    7.14.27.34 (2017-09-11 13:08)
  • 螢幕擷取畫面
  • 網路活動
    • s2.s****.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D
    • sv.s****.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEEPKAhTPicpg8HWaxIzI43E%3D
  • 處理序
    • %executed_sample_name%.exe
  • 檔案
    建立下列檔案:
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %TEMPDIR%\Cab9CC7.tmp
    • %TEMPDIR%\Tar9CC8.tmp
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    變更下列檔案:
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    刪除下列檔案:
    • %TEMPDIR%\Cab9CC7.tmp
    • %TEMPDIR%\Tar9CC8.tmp
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2336.27628968
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2336.27628968
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2336.27628968
    載入下列驅動程式:
    • \Device\KsecDD
    • %APPDATA%\LocalLow
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll
    • %TEMPDIR%\%executed_sample%.config
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
    • %WINDIR%\assembly\NativeImages_v2.0.50727_32\index18f.dat
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_DF4CA81DC775CDA9B3214BDB5B55900E
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
    • %SYSDIR%\en-US\WINHTTP.dll.mui
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_CC22B1AB635D142AB5956AF90DD3E252
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    • %SYSDIR%\l_intl.nls
    • %WINDIR%\assembly\pubpol17.dat
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
    • %WINDIR%\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
    執行下列檔案:
    • \Device\KsecDD
    • %APPDATA%\LocalLow
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll
    • %TEMPDIR%\%executed_sample%.config
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
    • %WINDIR%\assembly\NativeImages_v2.0.50727_32\index18f.dat
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_DF4CA81DC775CDA9B3214BDB5B55900E
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
    • %SYSDIR%\en-US\WINHTTP.dll.mui
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_CC22B1AB635D142AB5956AF90DD3E252
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    • %SYSDIR%\l_intl.nls
    • %WINDIR%\assembly\pubpol17.dat
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
    • %WINDIR%\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
  • 登錄
    新增下列登錄授權碼:
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\8c\52C64B7E
    • HKEY_CLASSES_ROOT\Local Settings\MuiCache\8C\52C64B7E ("LanguageList": "en-USen") ("@%SystemRoot%\system32\p2pcollab.dll,-8042": "Peer to Peer Trust") ("@%SystemRoot%\system32\qagentrt.dll,-10": "System Health Authentication") ("@%SystemRoot%\system32\dnsapi.dll,-103": "Domain Name System (DNS) Server Trust") ("@%SystemRoot%\System32\fveui.dll,-843": "BitLocker Drive Encryption") ("@%SystemRoot%\System32\fveui.dll,-844": "BitLocker Data Recovery Agent") ("@%SystemRoot%\System32\wuaueng.dll,-400": "Windows Update")
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application ("AutoBackupLogFiles": "0x00000000")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("mscorlib,2.0.0.0,,b77a5c561934e089,x86": "D½?+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web.Services,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "´ê°Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System,2.0.0.0,,b77a5c561934e089,MSIL": "t>…+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Xml,2.0.0.0,,b77a5c561934e089,MSIL": "!.ƒ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "àÒ;+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Data,2.0.0.0,,b77a5c561934e089,x86": "w¸ÈŽ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Design,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¬G/˜+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "]B+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.EnterpriseServices,2.0.0.0,,b03f5f7f11d50a3a,x86": "êû_Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86": "€îõ™+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL": "ûȃ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "DÁ™“+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "ܼ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "<,Þ¬êÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "זêÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¯U¡+‰Ë")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application ("AutoBackupLogFiles": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\29\52C64B7E ("LanguageList": "en-USen")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing ("State": "146432")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": "")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": " 'œÖRÄâR¿¾R¬r"×r›¤ Œúžmž[¹N¯ñ TMicrosoft Root Certificate Authority 2011b „}ö§„—”?'ürë“ù¦72 µaЩ èzxí|ar-:1C¹Náê§Ç1Ñ#‰4î¶(Ö¥™HيMÝhaÀi0  +‚7<C(ŠÒró;o±B„…ê0À¼þ ñ0‚í0‚Õ ?‹ÈµüŸ²–CµiÖlBáD0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110 110322220528Z 360322221304Z0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110‚"0  *†H†÷ ‚0‚ ‚²€Aª58Mr2h"M¸²ñÿÕR¼lÇõÒJŒ6îÑÂ\~ŒŠ®¯(oÀsã:ÎÐ%¨Z:m器Y«#hÍ )‡Ño€\D]RX¬QÅ_*‡ÜÜØ Á¹{°Vè£Þdažøó|¹ì µTþL¶eOˆðœH™ B |1Yyx(‰:L%¾qj\ ç„`¤™"ãÒ¯„¤§ûÑ˜í ©Þ”‰á ÜÀΙ=êR»Vy䄺¸´ÄI\O1K‡ÝÝg&™€àq£¸¥Aâ¤S¹÷2)ƒ ¿6^³KCG/kâ‘ӘOÝBÈèü™©k>’~ÈÖi:üd½¶ Êý ¢›w`K”¤0iÖB-ÁALÊܪý[ƒFšÙü±Ñã³ÉHzÍ$ðA\tЬ° I·Ç-!ÈWãІóhûÐÎqÁ‰™Jdlýì0‘ÏA<’Ç庆a„Ç_ƒ9b®´’/Gó øUë Yлt›Ðvæòé×èúdÞiÆ5–ˆðF¸?'™oËq‰)5÷H5Õy|MÏ_늃OEqˆù© NréœÏINcQŒ^ØÁU,¶ÆàÂeNÉ49õœ³Ä~èan_Ä_Ù~íÎîDìË.†±ì8öpí«\ÁÙ ǀ²Uí4÷¬›äÃÚçG<¦µ1ßÅK¯ëñ£Q0O0 U†0Uÿ0ÿ0Ur-:1C¹Náê§Ç1Ñ#‰40 +‚70  *†H†÷  ‚rÏ·ÅۛÀIÊ&[þžæÓðÒۗ_òK?M³®®íח ¬ï©:£ÂA°å¸‘ž$æ ý?W@9!$VÑ/K@©6†K´SWšûñ~‰þlQªèí •µåqÉ¡é‡u¦É~7T^t“ÅÃgÌ Ok¨ m’~‹Ýª-p!Ã=»¿$^§„×?!"½KۗØ^ÔÅ \‡nP¤èÃ8¤ûË,Œf›…^Ëzl“|€)X[Wµ@iºy¦db‡–Eµf# ‹s Ó¢y3àPY†Û/å%ês*ŸÈ6ǒ;éNìØV ¹3IÒT «¬G¶‘)}L´u€RèʂöŸÌ¬œê/&°«r¬ þžQÇCUgOQ³WÖ¶ìîR·:éNáׁˆ¼OŽu»K¨ð5ª&ÔggI²pL;“Üßx†r²8¤ÑܒMÉXë+\Ô;®Œk°ƒå?ø 2ö“54"¯Ý7 w €+ÍHñŒ™GéÑ¿ÑNÐæ(C7™¤ JٚqsÒªÍ1cv¡7o’8}<f2çËmáüR‰ÝÊÖfš–a¾¢(Ç£§6P<:¤ßJnæ‡;Îëðà7<RŽ½¹4ÆÕ j=˜)pŒ‰*Ñ«‚HÜôï¥Å»U8c„N·l­•Tìe"I¸ÀǬTG")
    變更下列登錄授權碼:
    • HKEY_CLASSES_ROOT\Local Settings\MuiCache\8C\52C64B7E ("LanguageList": "en-USen") ("@%SystemRoot%\system32\p2pcollab.dll,-8042": "Peer to Peer Trust") ("@%SystemRoot%\system32\qagentrt.dll,-10": "System Health Authentication") ("@%SystemRoot%\system32\dnsapi.dll,-103": "Domain Name System (DNS) Server Trust") ("@%SystemRoot%\System32\fveui.dll,-843": "BitLocker Drive Encryption") ("@%SystemRoot%\System32\fveui.dll,-844": "BitLocker Data Recovery Agent") ("@%SystemRoot%\System32\wuaueng.dll,-400": "Windows Update")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application ("AutoBackupLogFiles": "0x00000000")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("mscorlib,2.0.0.0,,b77a5c561934e089,x86": "D½?+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web.Services,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "´ê°Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System,2.0.0.0,,b77a5c561934e089,MSIL": "t>…+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Xml,2.0.0.0,,b77a5c561934e089,MSIL": "!.ƒ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "àÒ;+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Data,2.0.0.0,,b77a5c561934e089,x86": "w¸ÈŽ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Design,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¬G/˜+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "]B+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.EnterpriseServices,2.0.0.0,,b03f5f7f11d50a3a,x86": "êû_Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86": "€îõ™+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL": "ûȃ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "DÁ™“+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "ܼ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "<,Þ¬êÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "זêÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¯U¡+‰Ë")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application ("AutoBackupLogFiles": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\29\52C64B7E ("LanguageList": "en-USen")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing ("State": "146432")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": "")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": " 'œÖRÄâR¿¾R¬r"×r›¤ Œúžmž[¹N¯ñ TMicrosoft Root Certificate Authority 2011b „}ö§„—”?'ürë“ù¦72 µaЩ èzxí|ar-:1C¹Náê§Ç1Ñ#‰4î¶(Ö¥™HيMÝhaÀi0  +‚7<C(ŠÒró;o±B„…ê0À¼þ ñ0‚í0‚Õ ?‹ÈµüŸ²–CµiÖlBáD0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110 110322220528Z 360322221304Z0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110‚"0  *†H†÷ ‚0‚ ‚²€Aª58Mr2h"M¸²ñÿÕR¼lÇõÒJŒ6îÑÂ\~ŒŠ®¯(oÀsã:ÎÐ%¨Z:m器Y«#hÍ )‡Ño€\D]RX¬QÅ_*‡ÜÜØ Á¹{°Vè£Þdažøó|¹ì µTþL¶eOˆðœH™ B |1Yyx(‰:L%¾qj\ ç„`¤™"ãÒ¯„¤§ûÑ˜í ©Þ”‰á ÜÀΙ=êR»Vy䄺¸´ÄI\O1K‡ÝÝg&™€àq£¸¥Aâ¤S¹÷2)ƒ ¿6^³KCG/kâ‘ӘOÝBÈèü™©k>’~ÈÖi:üd½¶ Êý ¢›w`K”¤0iÖB-ÁALÊܪý[ƒFšÙü±Ñã³ÉHzÍ$ðA\tЬ° I·Ç-!ÈWãІóhûÐÎqÁ‰™Jdlýì0‘ÏA<’Ç庆a„Ç_ƒ9b®´’/Gó øUë Yлt›Ðvæòé×èúdÞiÆ5–ˆðF¸?'™oËq‰)5÷H5Õy|MÏ_늃OEqˆù© NréœÏINcQŒ^ØÁU,¶ÆàÂeNÉ49õœ³Ä~èan_Ä_Ù~íÎîDìË.†±ì8öpí«\ÁÙ ǀ²Uí4÷¬›äÃÚçG<¦µ1ßÅK¯ëñ£Q0O0 U†0Uÿ0ÿ0Ur-:1C¹Náê§Ç1Ñ#‰40 +‚70  *†H†÷  ‚rÏ·ÅۛÀIÊ&[þžæÓðÒۗ_òK?M³®®íח ¬ï©:£ÂA°å¸‘ž$æ ý?W@9!$VÑ/K@©6†K´SWšûñ~‰þlQªèí •µåqÉ¡é‡u¦É~7T^t“ÅÃgÌ Ok¨ m’~‹Ýª-p!Ã=»¿$^§„×?!"½KۗØ^ÔÅ \‡nP¤èÃ8¤ûË,Œf›…^Ëzl“|€)X[Wµ@iºy¦db‡–Eµf# ‹s Ó¢y3àPY†Û/å%ês*ŸÈ6ǒ;éNìØV ¹3IÒT «¬G¶‘)}L´u€RèʂöŸÌ¬œê/&°«r¬ þžQÇCUgOQ³WÖ¶ìîR·:éNáׁˆ¼OŽu»K¨ð5ª&ÔggI²pL;“Üßx†r²8¤ÑܒMÉXë+\Ô;®Œk°ƒå?ø 2ö“54"¯Ý7 w €+ÍHñŒ™GéÑ¿ÑNÐæ(C7™¤ JٚqsÒªÍ1cv¡7o’8}<f2çËmáüR‰ÝÊÖfš–a¾¢(Ç£§6P<:¤ßJnæ‡;Îëðà7<RŽ½¹4ÆÕ j=˜)pŒ‰*Ñ«‚HÜôï¥Å»U8c„N·l­•Tìe"I¸ÀǬTG")
    移除下列登錄授權碼的值:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
  • 別名
    Avast: Win32:SecurityReviver-A
    ESET: MSIL/UwS.SecurityReviver.A application
    G Data: Adware.GenericKD.5523396

將可疑的檔案/URL 送予我們分析,助力構建更安全的網站。

送出您的檔案/URL 或者 請前往 Avira 問答區

為何送出可疑的檔案?

如果您遇到不在我們資料庫中的可疑檔案或網站,我們會對其進行分析,確定其是否有害。我們的分析結果將向數百萬名用戶公開,並納入下一次病毒資料庫更新。如果您擁有 Avira,您也將取得此更新。尚未擁有 Avira?請前往 我們的首頁獲取。

何為 Avira 問答區?

Avira 問答區是我們大力發展的社區,由專業技術人員和兼職專家並肩合作,幫助解決技術問題。這一 Avira 用戶社區是您提出問題的絕佳場所。