eShield.exe

显示全部楼层 · 发表于 2017-8-3 21:54:24

解压密码123
eset a variant of Win32/Toolbar.TNT2.L potentially unwanted application
http://pan.stnts.com/s/UzyydcT

显示全部楼层 · 发表于 2017-8-3 21:59:29

显示全部楼层 · 发表于 2017-8-3 22:17:47

[mw_shl_code=css,true]2017-8-3 22:14:57 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:57 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument
值: XML DOM Document
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:57 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:57 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument\CurVer
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:57 删除注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32\ThreadingModel
规则: [注册表组]r222_允许_记录日志 -> [注册表]*\SOFTWARE\Classes\CLSID\*\InProcServer32\*

2017-8-3 22:14:57 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\CLSID\*

2017-8-3 22:14:57 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\ProgID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\CLSID\*

2017-8-3 22:14:57 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\VersionIndependentProgID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\CLSID\*

2017-8-3 22:14:57 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\Version
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\CLSID\*

2017-8-3 22:14:57 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\TypeLib
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\CLSID\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\OLEScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveScript\CLSID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveScript\OLEScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript\CLSID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript\OLEScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.1\CLSID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.1\OLEScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.1
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.2\CLSID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.2\OLEScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.2
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.3\CLSID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.3\OLEScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.3
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ECMAScript\CLSID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ECMAScript\OLEScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ECMAScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\CLSID\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\CLSID\*

2017-8-3 22:14:58 删除注册表项风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
规则: [注册表组]《保护》_重要注册表项 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript
值: JScript Language
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID
值: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveScript
值: JScript Language
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveScript\CLSID
值: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript
值: JScript Language
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript\CLSID
值: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.1
值: JScript Language
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.1\CLSID
值: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.2
值: JScript Language
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.2\CLSID
值: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.3
值: JScript Language
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.3\CLSID
值: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ECMAScript
值: JScript Language
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ECMAScript\CLSID
值: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\*

2017-8-3 22:14:58 创建注册表项风险级别:中阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript
规则: [注册表组]《保护》_重要注册表项 -> [注册表]*\Software\Classes\CLSID\*

2017-8-3 22:15:09 创建文件夹风险级别:未知允许
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Application Data\TNT2
规则: [应用程序]?:\*\*\*\* -> [文件]c:\documents and settings\*\local settings\application data\*

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: d:\program files\fscapture8.4_chs\fscapture.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\NetHood
值: C:\Documents and Settings\Administrator\NetHood
规则: [应用程序组]a028_《低防御模式》_ProgramData -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 创建文件风险级别:未知允许
进程: d:\program files\fscapture8.4_chs\fscapture.exe
目标: C:\Documents and Settings\Administrator\桌面\2017-08-03_221504.png
规则: [应用程序组]a028_《低防御模式》_ProgramData -> [文件]c:\documents and settings\*\桌面\*

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
值: 150.176.182.31;80:80
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
值: 150.176.182.31;80:80
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:09 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [应用程序组]→a999_★《临时规则_安装软件》★ -> [注册表组]阻止_优先黑名单

2017-8-3 22:15:16 加载动态链接库风险级别:中允许
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: c:\windows\system32\dnsapi.dll
规则: [应用程序]* -> [动态链接库]c:\windows\system32\dnsapi.dll

2017-8-3 22:15:30 创建文件风险级别:未知允许
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-527237240-1659004503-1801674531-500\3310a4fa6cb9c60504498d7eea986fc2_02077a4e-268f-48e0-8a3d-904d0fe4860e
规则: [应用程序]?:\*\*\*\* -> [文件]c:\documents and settings\*\application data\*

2017-8-3 22:15:30 创建文件风险级别:未知允许
进程: d:\program files\fscapture8.4_chs\fscapture.exe
目标: C:\Documents and Settings\Administrator\桌面\2017-08-03_221513.png
规则: [应用程序组]a028_《低防御模式》_ProgramData -> [文件]c:\documents and settings\*\桌面\*

2017-8-3 22:15:37 访问网络允许
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: TCP [本机 : 3013] -> [50.97.63.217 : 80 (http)]
规则: [应用程序]*.exe -> [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2017-8-3 22:15:37 创建文件风险级别:未知允许
进程: d:\program files\fscapture8.4_chs\fscapture.exe
目标: C:\Documents and Settings\Administrator\桌面\2017-08-03_221523.png
规则: [应用程序组]a028_《低防御模式》_ProgramData -> [文件]c:\documents and settings\*\桌面\*

2017-8-3 22:15:37 创建文件风险级别:未知阻止并结束进程
进程: c:\documents and settings\administrator\桌面\eshield.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Application Data\TNT2\2.0.0.2101\Autorun.inf
规则: [应用程序组]a022_《行为防御》_自动运行 -> [应用程序]c:\documents and settings\*\* -> [文件组]《终止》f022_高优先禁读 -> [文件]*; autorun.inf

2017-8-3 22:15:37 创建文件风险级别:未知允许
进程: d:\program files\fscapture8.4_chs\fscapture.exe
目标: C:\Documents and Settings\Administrator\桌面\2017-08-03_221535.png
规则: [应用程序组]a028_《低防御模式》_ProgramData -> [文件]c:\documents and settings\*\桌面\*
[/mw_shl_code]

显示全部楼层 · 发表于 2017-8-3 22:25:57

火绒Miss，转交工程师

显示全部楼层 · 发表于 2017-8-3 22:27:32

图

显示全部楼层 · 发表于 2017-8-4 09:15:52

毒霸

[mw_shl_code=css,true]扫描时间：[2017-08-04 09:15:01]
扫描用时：[00:00:05]
扫描类型：自定义查杀
扫描文件总数：1
扫描速度：1文件/秒
发现威胁：1个
清除威胁：1个
=============================================
[2017-08-04 09:15:13]
威胁：f:\浏览器下载\eshield\eshield.exe
类型：win32.troj.downdownload.ao.(kcloud)
处理方式：删除

[/mw_shl_code]

显示全部楼层 · 发表于 2017-8-4 09:35:01

BDTS

显示全部楼层 · 发表于 2017-8-4 10:28:08

微点拦截

显示全部楼层 · 发表于 2017-8-5 21:45:34

a445441 发表于 2017-8-4 10:28
微点拦截

我这里怎么哑火了？

显示全部楼层 · 发表于 2017-8-5 23:05:39

wd miss , comodo 防火墙拦截传出信息 , HMPA blocked

[可疑文件] eShield.exe

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源