[PUP] pcfixspeedirm.exe

显示全部楼层 · 发表于 2017-8-23 18:20:19

火绒 Adware/Crawler.a

infected

显示全部楼层 · 发表于 2017-8-23 18:22:18

显示全部楼层 · 发表于 2017-8-23 18:24:06

卡巴

显示全部楼层 · 发表于 2017-8-23 19:11:25

WD

显示全部楼层 · 发表于 2017-8-23 19:15:37

[mw_shl_code=css,true]360 Total Security扫描日志

扫描时间：2017-08-23 19:15:11
扫描用时：00:00:04
扫描项目总数：1
威胁总数：0
处理威胁数：0

扫描选项
----------------------
扫描压缩包：否
常规引擎设置：Bitdefender引擎, 小红伞引擎

扫描内容
----------------------
C:\Users\LH\Desktop\pcfixspeed_irm.exe

扫描结果
======================
未发现威胁
[/mw_shl_code]

显示全部楼层 · 发表于 2017-8-23 20:05:46

安天 miss
毒霸miss
iObit kill

显示全部楼层 · 发表于 2017-8-23 21:36:37

SOPHOS解压杀

显示全部楼层 · 发表于 2017-8-23 22:01:17

[mw_shl_code=css,true]2017-8-23 21:56:50 创建文件夹风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: C:\Program Files\PCFixSpeed
规则: [文件组]《询问》f252_ProgramFiles安装询问 -> [文件]?:\program files\*

2017-8-23 21:56:54 创建文件风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: C:\Program Files\PCFixSpeed\unins000.dat
规则: [文件组]《询问》f252_ProgramFiles安装询问 -> [文件]?:\program files\*\*

2017-8-23 21:57:03 创建文件夹风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: C:\Documents and Settings\All Users\「开始」菜单\程序\PC Fix Speed
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]c:\documents and settings\*\「开始」菜单\程序

2017-8-23 21:57:03 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: C:\Documents and Settings\Administrator\My Documents
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:03 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:03 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:03 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:10 创建文件风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: C:\Documents and Settings\All Users\「开始」菜单\程序\PC Fix Speed\PC Fix Speed.lnk
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]c:\documents and settings\all users\「开始」菜单\程序\*\*; *.lnk

2017-8-23 21:57:10 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu
值: C:\Documents and Settings\Administrator\「开始」菜单
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:10 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu
值: C:\Documents and Settings\All Users\「开始」菜单
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:10 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:10 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:10 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Pictures
值: C:\Documents and Settings\Administrator\My Documents\My Pictures
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:10 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonPictures
值: C:\Documents and Settings\All Users\Documents\My Pictures
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:10 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonMusic
值: C:\Documents and Settings\All Users\Documents\My Music
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:10 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonVideo
值: C:\Documents and Settings\All Users\Documents\My Videos
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:18 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: C:\Documents and Settings\All Users\桌面\Optimize Your PC.lnk
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《拦截》f100_桌面快捷方式

2017-8-23 21:57:27 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Optimize Your PC.lnk
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《拦截》f100_桌面快捷方式

2017-8-23 21:57:28 创建注册表项风险级别:中允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\Inno Setup: Setup Version
值: 5.3.8 (a)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\Inno Setup: App Path
值: C:\Program Files\PCFixSpeed
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\InstallLocation
值: C:\Program Files\PCFixSpeed\
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\Inno Setup: Icon Group
值: PC Fix Speed
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\Inno Setup: User
值: Administrator
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\Inno Setup: Language
值: en
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\DisplayName
值: PC Fix Speed 1.2.0.42
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\DisplayIcon
值: C:\Program Files\PCFixSpeed\PCFixSpeed.exe
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\UninstallString
值: "C:\Program Files\PCFixSpeed\unins000.exe"
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\QuietUninstallString
值: "C:\Program Files\PCFixSpeed\unins000.exe" /SILENT
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\DisplayVersion
值: 1.2.0.42
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\Publisher
值: Crawler, LLC
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\URLInfoAbout
值: http://www.PCFixSpeed.com/
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\HelpLink
值: http://www.PCFixSpeed.com/
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\URLUpdateInfo
值: http://www.PCFixSpeed.com/
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\NoModify
值: 0x00000001(1)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\NoRepair
值: 0x00000001(1)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\InstallDate
值: 20170823
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\MajorVersion
值: 0x00000001(1)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:28 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1\MinorVersion
值: 0x00000002(2)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:57:34 创建新进程风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-4988c.tmp\pcfixspeed_irm.tmp
目标: c:\program files\pcfixspeed\pcfixspeed.exe
命令行: "C:\Program Files\PCFixSpeed\PCFixSpeed.exe" /INSTALL
规则: [应用程序]* -> [子应用程序]?:\program files\*

2017-8-23 21:57:35 创建文件夹风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\All Users\Application Data\PCFixSpeed
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\documents and settings\*\application data\*

2017-8-23 21:57:35 创建文件夹风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\All Users\Application Data\PCFixSpeed\Translate
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\documents and settings\*\application data\*

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCFixSpeed
值: "C:\Program Files\PCFixSpeed\PCFixTray.exe" /startup
规则: [注册表组]r005_阻止_记录日志 -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
值: 150.176.182.31;80:80
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 创建文件夹风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Application Data\PCFixSpeed
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\documents and settings\*\application data\*

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
值: 150.176.182.31;80:80
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:57:35 创建文件夹风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\All Users\Application Data\PCFixSpeed\Backup
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\documents and settings\*\application data\*

2017-8-23 21:57:35 创建文件夹风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\All Users\Application Data\PCFixSpeed\Startup
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\documents and settings\*\application data\*

2017-8-23 21:57:35 创建文件夹风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Application Data\PCFixSpeed\Startup
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\documents and settings\*\application data\*

2017-8-23 21:57:35 修改文件夹权限风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Program Files\PCFixSpeed
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\*

2017-8-23 21:57:45 修改文件权限风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Program Files\PCFixSpeed\PCFixSpeed.exe
规则: [应用程序]?:\program files\*\*.exe -> [文件]c:\program files\*; *.exe

2017-8-23 21:57:45 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\SZXCR0F4.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:57:53 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\SZXCR0F4.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:02 修改文件权限风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Program Files\PCFixSpeed\PCFixTray.exe
规则: [应用程序]?:\program files\*\*.exe -> [文件]c:\program files\*; *.exe

2017-8-23 21:58:03 创建新进程风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-ls5sb.tmp\pctechhotlinesetup.exe
目标: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-SR2RT.tmp\PCTechHotlineSetup.tmp" /SL5="$45088A,1237582,100864,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LS5SB.tmp\PCTechHotlineSetup.exe" /VERYSILENT /NORESTART
规则: [应用程序]??\?* -> [子应用程序]c:\documents and settings\*\local settings\temp\*.tmp

2017-8-23 21:58:03 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Programs
值: C:\Documents and Settings\Administrator\「开始」菜单\程序
规则: [应用程序]?:\*\*\*\*\*\* -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:03 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Programs
值: C:\Documents and Settings\All Users\「开始」菜单\程序
规则: [应用程序]?:\*\*\*\*\*\* -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:12 创建文件夹风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: C:\Program Files\PCTechHotline
规则: [文件组]《询问》f252_ProgramFiles安装询问 -> [文件]?:\program files\*

2017-8-23 21:58:16 创建文件风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: C:\Program Files\PCTechHotline\unins000.dat
规则: [文件组]《询问》f252_ProgramFiles安装询问 -> [文件]?:\program files\*\*

2017-8-23 21:58:19 创建文件夹风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: C:\Documents and Settings\All Users\「开始」菜单\程序\PC Tech Hotline
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]c:\documents and settings\*\「开始」菜单\程序

2017-8-23 21:58:19 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: C:\Documents and Settings\Administrator\My Documents
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:19 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:19 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:19 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:26 创建文件风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: C:\Documents and Settings\All Users\「开始」菜单\程序\PC Tech Hotline\PC Tech Hotline.lnk
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]c:\documents and settings\all users\「开始」菜单\程序\*\*; *.lnk

2017-8-23 21:58:26 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu
值: C:\Documents and Settings\Administrator\「开始」菜单
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:26 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu
值: C:\Documents and Settings\All Users\「开始」菜单
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:26 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:26 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:26 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Pictures
值: C:\Documents and Settings\Administrator\My Documents\My Pictures
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:26 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonPictures
值: C:\Documents and Settings\All Users\Documents\My Pictures
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:26 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonMusic
值: C:\Documents and Settings\All Users\Documents\My Music
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:26 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonVideo
值: C:\Documents and Settings\All Users\Documents\My Videos
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:29 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: C:\Documents and Settings\All Users\桌面\PC Tech Hotline.lnk
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《拦截》f100_桌面快捷方式

2017-8-23 21:58:33 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tech Hotline.lnk
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《拦截》f100_桌面快捷方式

2017-8-23 21:58:34 创建注册表项风险级别:中允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\Inno Setup: Setup Version
值: 5.3.8 (a)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\Inno Setup: App Path
值: C:\Program Files\PCTechHotline
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\InstallLocation
值: C:\Program Files\PCTechHotline\
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\Inno Setup: Icon Group
值: PC Tech Hotline
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\Inno Setup: User
值: Administrator
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\Inno Setup: Language
值: en
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\DisplayName
值: PC Tech Hotline
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\DisplayIcon
值: C:\Program Files\PCTechHotline\PCTechHotline.exe
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\UninstallString
值: "C:\Program Files\PCTechHotline\unins000.exe"
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\QuietUninstallString
值: "C:\Program Files\PCTechHotline\unins000.exe" /SILENT
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\DisplayVersion
值: 3.0.0.4
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\Publisher
值: Crawler, LLC
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\URLInfoAbout
值: http://www.PCTechHotline.com/
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\HelpLink
值: http://www.PCTechHotline.com/
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\URLUpdateInfo
值: http://www.PCTechHotline.com/
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\NoModify
值: 0x00000001(1)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\NoRepair
值: 0x00000001(1)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\InstallDate
值: 20170823
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\MajorVersion
值: 0x00000003(3)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:34 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1\MinorVersion
值: 0x00000000(0)
规则: [注册表组]r002_例外_允许_记录日志 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*

2017-8-23 21:58:45 创建新进程风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: c:\program files\pctechhotline\pctechhotline.exe
命令行: "C:\Program Files\PCTechHotline\PCTechHotline.exe" /INSTALL
规则: [应用程序]* -> [子应用程序]?:\program files\*

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixtray.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: C:\Documents and Settings\Administrator\My Documents
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixtray.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixtray.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixtray.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixtray.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixtray.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
值: 150.176.182.31;80:80
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
值: 150.176.182.31;80:80
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: C:\Documents and Settings\Administrator\My Documents
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 修改注册表值风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:45 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:45 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: E:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]e:\*

2017-8-23 21:58:45 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\CATUHWDQ.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:50 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\CATUHWDQ.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:50 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:\Program Files\Ultra Video Splitter
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:50 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:\Program Files\鲁大师.5.15.16.1270
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:50 修改文件夹权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Program Files\PCTechHotline
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\*

2017-8-23 21:58:50 修改文件夹权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Program Files\PCTechHotline\Update
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\*

2017-8-23 21:58:50 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCTechHotline
值: "C:\Program Files\PCTechHotline\PCTechHotline.exe" /STARTUP
规则: [注册表组]r005_阻止_记录日志 -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*

2017-8-23 21:58:50 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:50 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:58:50 创建新进程风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: c:\windows\system32\regsvr32.exe
命令行: "C:\WINDOWS\system32\regsvr32.exe" /s PCTHdesk.dll
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [子应用程序]c:\windows\system32\regsvr32.exe

2017-8-23 21:58:50 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:\Program Files\Rolan
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:50 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:\Program Files\电脑速度卫士
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:50 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\20759AMO.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:54 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\20759AMO.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:54 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:\Program Files\Photoshop
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:54 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: I:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]i:\*

2017-8-23 21:58:54 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:\Program Files\电脑速度卫士
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:54 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:54 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\PMLS9G9J.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:56 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\PMLS9G9J.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:56 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\86UPBK6A.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:57 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\86UPBK6A.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: E:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]e:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: F:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]f:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: G:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]g:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: H:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]h:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: I:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]i:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: J:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]j:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: K:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]k:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: D:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]d:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: E:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]e:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: F:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]f:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: G:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]g:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: H:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]h:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: I:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]i:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: J:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]j:\*

2017-8-23 21:58:57 读文件夹风险级别:低阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: K:
规则: [文件组]《坚固》f111_隐藏磁盘 -> [文件]k:\*

2017-8-23 21:58:58 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\JE1HHT34.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:59 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\JE1HHT34.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:58:59 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\NGNM48BH.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:00 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\NGNM48BH.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:00 创建文件夹风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Application Data\PCFixSpeed\News
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\documents and settings\*\application data\*

2017-8-23 21:59:00 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\25MHJ4H9.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:01 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\25MHJ4H9.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:01 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\NR11ZD9X.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:01 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\NR11ZD9X.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:02 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\53OY62VR.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:03 删除文件风险级别:未知允许
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\53OY62VR.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:04 修改文件风险级别:未知阻止
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\8ZEY744D.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:06 删除文件风险级别:未知阻止并结束进程
进程: c:\program files\pcfixspeed\pcfixspeed.exe
目标: C:\Documents and Settings\Administrator\Cookies\8ZEY744D.txt
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.txt

2017-8-23 21:59:08 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:59:08 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:59:08 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:59:08 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:59:08 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
值: 150.176.182.31;80:80
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:59:08 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:59:08 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:59:08 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
值: 150.176.182.31;80:80
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:59:08 修改注册表值风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [应用程序]?:\program files\*\*.exe -> [注册表组]阻止_优先黑名单

2017-8-23 21:59:14 创建新进程风险级别:未知允许
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: c:\program files\pctechhotline\pctechhotlinesvc.exe
命令行: "C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe" -i
规则: [应用程序]* -> [子应用程序]?:\program files\*

2017-8-23 21:59:22 创建注册表项风险级别:中阻止
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCTechHotlineSvc
规则: [应用程序]c:\windows\system32\services.exe -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services

2017-8-23 21:59:22 创建新进程风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\is-sr2rt.tmp\pctechhotlinesetup.tmp
目标: c:\windows\system32\cmd.exe
命令行: "cmd.exe" /C net start PCTechHotlineService
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [子应用程序]?:\windows\system32\cmd.exe

2017-8-23 21:59:23 创建文件夹风险级别:未知允许
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\documents and settings\*\application data\*

2017-8-23 21:59:23 创建文件夹风险级别:未知允许
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\documents and settings\*\application data\*

2017-8-23 21:59:23 修改文件夹权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件]?:\*

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7_UploaderDark01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7bubble_Left.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7bubble_Right.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7bubble_X00.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7bubble_X01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7bubble_X02.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7Dark_NoTabs_Back00.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7Dark_NoTabs_PhoneIcon.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7Dark001_SettingsActive.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7Dark001_SettingsBack.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7Dark001_SettingsHover.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7logoNew_dark01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\24x7man_dark01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\ArrowSmall.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\ArrowSmallHot.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\bubble.xml
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.xml

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Hardware_Icon.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\HotInactiveTabLeft.bmp
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.bmp

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\HotInactiveTabRight.bmp
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.bmp

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\MainImg_SettingsDark01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Navigation_HomeIcon00_Dark01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Navigation_HomeIcon01_Dark01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Navigation_SettingsIcon00_Dark01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Navigation_SettingsIcon01_Dark01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\OK_IconGreen01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\PeriodicSystemCheckBubble.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Phones_Icon.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\PushedInactiveTabLeft.bmp
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.bmp

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\PushedInactiveTabRight.bmp
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.bmp

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Security_Icon.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\skin.xml
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.xml

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Software_Icon.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\SupportCheck01_arrow00.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\SupportCheck01_arrow01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Warning_Icon01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Warning_IconOrange01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\Warning_IconRed01.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\WhiteTabLeft.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:23 修改文件权限风险级别:未知阻止
进程: c:\program files\pctechhotline\pctechhotline.exe
目标: C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline\skin\WhiteTabRight.png
规则: [应用程序组]→a999_★《临时规则_安装模式》★ -> [文件组]《坚固》f299_询问修改的文件>a100 -> [文件]*; *.png

2017-8-23 21:59:35 安装全局消息钩子风险级别:高阻止
进程: c:\program files\pctechhotline\pcthhook.exe
目标: c:\program files\pctechhotline\pcthhook.dll
钩子类型: WH_CALLWNDPROCRET
规则: [应用程序]?:\program files\*\*.exe -> [钩子模块].\*
[/mw_shl_code]

显示全部楼层 · 发表于 2017-8-23 22:05:34

运行后，除了几步我没有允许。感觉安装正常，卸载也正常。无恶意的作为。

显示全部楼层 · 发表于 2017-8-24 10:48:56

管家扫描miss

[病毒样本] [PUP] pcfixspeedirm.exe

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源