你好:

     感谢你访问我的 Blog ,本博客只提供博主的技术经验分享,你可以在此做简单的留言和评论,我会抽空回复你;若是要深入交流探讨,请联系QQ:47853253或者加QQ群:12012081


 

新版万象客户端绿化时精简说明

使用370去,阻止万象客户端的cltupdate.exe与收费机IP连接,可以阻止万象客户端自动升级,从而达到去广告目的。经证实,泡泡加速器也是万象客户端的wxcltaidex.exe的随机文件名推送的,而且发现非万象平台下的其它顺网软件也会推送该加速器。
新版万象OL 安装完毕之后,会在服务里边添加一个client start名称的服务,服务执行:rundll32 "C:\Windows\syswow64\ClientServices.dll" Main 启动万象客户端,但该服务禁用万象依然能启动,只能将下边几个DLL更名。

锁屏相关:
ClientServices.dll   (这个就是启动万象客户端的DLL)
ClientCred.dll    (单禁止启动以上那个DLL可以达到禁止启动客户端目的但鼠标被锁定,必须禁止这个DLL)
ClientCred-x64.dll (同上)
loguser.dll (XP系统下才用改这个)
万象桌面相关:
DesktopLauncher.exe
desktopstart.exe
wxdtoptimize.exe
desktop_install_verify.dll
desktop_package4.zip
desktop_package3.zip
desktop_package2.zip
desktop_package1.zip
注册表相关:
RegDelete ("HKCR64\CLSID\{18E425E3-2B83-4254-A72F-860A4384B80D}")
RegDelete ("HKLM64\SOFTWARE\Classes\CLSID\{18E425E3-2B83-4254-A72F-860A4384B80D}")

正常的注册表:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ginadll"="C:\\Windows\\SysWOW64\\loguser.dll"
"wxFAutoAdminLogon"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Sicent\wx2004Clt]
"PCltedPar"="lgEoF+mhzTxtthz0zxkyAQ7MLVEIfdGo3vtaaaSJdJn+SoSMoxvfImun3xxDvp+SJAwh8r2CzyFXRB7Wk5dPGIADxjHsczx5kOi2isUEsGpG6mXC/kAvkWTeOevq4ctDmxiNWuKarKeLx2eVEVRFNR6ZAp5jaECke5KIu8lK6uXOM/j7lCPPzTIPmk0CsXIDdMwdm7NvS2ZXkq7NaaPMr2z4lt74PPz88g1Wrzxnr+5brLHER+8xRUr6Fn9FzVBQdspaJzriyi1jicL5hHgcM/ZbtNCfvg6hMZLnsPnqCZUXJIbt+BYHHdHbKwV9tFPXweuBKNUCxB5Aiew6JfSHqhl0NRm/cfs7utAutXW5w0bgMMgQ5/q7/9yAAOvUVsM8jljSASZlcNePyS7VuvfI2/j2vXnJ5djxkRcW++ehh39M88FFJpe9MNC67WPdgI3K7AvxYgHmacFXAQAA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sicent\wx2004Clt]
"PCltedPar"="lgEoF+mhzTxtthz0zxkyAQ7MLVEIfdGo3vtaaaSJdJn+SoSMoxvfImun3xxDvp+SJAwh8r2CzyFXRB7Wk5dPGIADxjHsczx5kOi2isUEsGpG6mXC/kAvkWTeOevq4ctDmxiNWuKarKeLx2eVEVRFNR6ZAp5jaECke5KIu8lK6uXOM/j7lCPPzTIPmk0CsXIDdMwdm7NvS2ZXkq7NaaPMr2z4lt74PPz88g1Wrzxnr+5brLHER+8xRUr6Fn9FzVBQdspaJzriyi1jicL5hHgcM/ZbtNCfvg6hMZLnsPnqCZUXJIbt+BYHHdHbKwV9tFPXweuBKNUCxB5Aiew6JfSHqhl0NRm/cfs7utAutXW5w0bgMMgQ5/q7/9yAAOvUVsM8jljSASZlcNePyS7VuvfI2/j2vXnJ5djxkRcW++ehh39M88FFJpe9MNC67WPdgI3K7AvxYgHmacFXAQAA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sicent\wx2004Clt\Plugins2]
"C:\\Windows\\system32\\wxGlw2CltPlg.wxe"="C:\\Windows\\SysWOW64\\wxGlw2CltPlg.wxe"


[本日志由 lq3447 于 2018-04-20 01:32 PM 编辑]
文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
评论: 0 | 引用: 0 | 查看次数: 516
发表评论
你没有权限发表留言!