Urgent Purchase Order ...

显示全部楼层 · 发表于 2015-8-21 23:54:20

费尔智能杀毒

显示全部楼层 · 发表于 2015-8-22 06:09:55

显示全部楼层 · 发表于 2015-8-22 08:15:55

辽宁大连~~小海发表于 2015-8-21 23:52
你不是趋势吗？

俺喜欢折腾

显示全部楼层 · 发表于 2015-8-22 08:40:53

pal家族发表于 2015-8-22 08:15
俺喜欢折腾

太能折腾了，不是才买的趋势嘛！真是治不了

显示全部楼层 · 发表于 2015-8-22 08:45:02

文件名: purchaseorderiv.scr
威胁名称: SONAR.Heuristic.132完整路径: 不可用

____________________________

____________________________

在电脑上的创建时间
不可用

上次使用时间
( )

启动项目
否

已启动
是

SONAR 主动防护监视电脑上的可疑程序活动。

____________________________

purchaseorderiv.scr 威胁名称: SONAR.Heuristic.132
定位

未知
诺顿社区中使用了此文件的用户数未知。

未知
此文件版本当前未知。

高
此文件具有高风险。

____________________________

来源: 外部介质

____________________________

文件操作

文件: c:\sandbox\lch\defaultbox\user\current\appdata\local\temp\rar$dia0.536\ purchaseorderiv.scr 不需要操作
____________________________

注册表操作

注册表更改: HKEY_USERS\SANDBOX_LCH_DEFAULTBOX\user\current_classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache->C:\Sandbox\lch\DefaultBox\user\current\AppData\Local\Temp\Rar$DIa0.536\ PurchaseOrderIV.scr 不需要操作
注册表更改: HKEY_USERS\SANDBOX_LCH_DEFAULTBOX\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap->UNCAsIntranet:0 不需要操作
注册表更改: HKEY_USERS\SANDBOX_LCH_DEFAULTBOX\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap->AutoDetect:1 不需要操作
注册表更改: HKEY_USERS\SANDBOX_LCH_DEFAULTBOX\user\current_classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache->C:\Windows\System32\ cmd.exe 不需要操作
____________________________

系统设置操作

事件: 进程启动 (执行者 c:\sandbox\lch\defaultbox\user\current\appdata\local\temp\rar$dia0.536\purchaseorderiv.scr, PID:5604) 未采取操作
(执行者 c:\sandbox\lch\defaultbox\user\current\appdata\local\temp\rar$dia0.536\purchaseorderiv.scr, PID:5604) 未采取操作
事件: 进程启动: c:\Windows\System32\ cmd.exe, PID:4320 (执行者 c:\sandbox\lch\defaultbox\user\current\appdata\local\temp\rar$dia0.536\purchaseorderiv.scr, PID:5604) 未采取操作
事件: PE 文件创建: c:\sandbox\lch\defaultbox\user\current\appdata\roaming\microsoft\windows\ dslsvc.exe (执行者 c:\sandbox\lch\defaultbox\user\current\appdata\local\temp\rar$dia0.536\purchaseorderiv.scr, PID:5604) 未采取操作
事件: 进程启动: c:\sandbox\lch\defaultbox\user\current\appdata\local\temp\rar$dia0.536\ purchaseorderiv.scr, PID:5604 (执行者 c:\sandbox\lch\defaultbox\user\current\appdata\local\temp\rar$dia0.536\purchaseorderiv.scr, PID:5604) 未采取操作
____________________________

文件指纹 - SHA:
不可用
文件指纹 - MD5:
不可用

显示全部楼层 · 发表于 2015-8-22 09:26:11

eset 下载不报，手动扫描杀……

显示全部楼层 · 发表于 2015-8-22 11:03:01

蜘蛛右键扫描报了，下载下来没反应

显示全部楼层 · 发表于 2015-8-22 12:19:37

[mw_shl_code=css,true]  <?xml version="1.0" encoding="utf-16" ?>
- <vscope ver="2.0">
- <process pid="10040" path="C:\Users\wuliao\Desktop\Urgent Purchase Order\PurchaseOrderIV\PurchaseOrderIV.scr" cmdline="" createtime="2015-08-22T04:09:09.716Z" sha1="0912C061FA54D5782C7BF0A840F1029FE9032D7F" hashCrc32="88766704" trusted="false" detected="false" restrictionLevel="KioskClientRestriction" parentpath="C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe">
- <activities>
  <activity timestamp="2015-08-22T04:09:08.714Z" id="416608" type="LoadImageFile" path="C:\Windows\SYSTEM32\wow64.dll" />
  <activity timestamp="2015-08-22T04:09:08.714Z" id="416609" type="LoadImageFile" path="C:\Windows\SYSTEM32\wow64win.dll" />
  <activity timestamp="2015-08-22T04:09:08.715Z" id="416610" type="LoadImageFile" path="C:\Windows\SYSTEM32\wow64cpu.dll" />
  <activity timestamp="2015-08-22T04:09:08.727Z" id="416616" type="LoadImageFile" path="C:\Windows\SysWOW64\mscoree.dll" />
  <activity timestamp="2015-08-22T04:09:08.737Z" id="416623" type="LoadImageFile" path="C:\Windows\SysWOW64\guard32.dll" />
  <activity timestamp="2015-08-22T04:09:08.738Z" id="416624" type="LoadImageFile" path="C:\Windows\SysWOW64\sechost.dll" />
  <activity timestamp="2015-08-22T04:09:08.740Z" id="416626" type="LoadImageFile" path="C:\Windows\SysWOW64\VERSION.dll" />
  <activity timestamp="2015-08-22T04:09:08.742Z" id="416628" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\IMM32.DLL" />
  <activity timestamp="2015-08-22T04:09:08.750Z" id="416635" type="LoadImageFile" path="C:\Windows\Globalization\Sorting\SortDefault.nls" />
  <activity timestamp="2015-08-22T04:09:08.750Z" id="416636" type="LoadImageFile" path="C:\Windows\SysWOW64\fltlib.dll" />
  <activity timestamp="2015-08-22T04:09:08.809Z" id="416672" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\CMDVRT32.DLL" />
  <activity timestamp="2015-08-22T04:09:08.811Z" id="416674" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\KERNELBASE.DLL" />
  <activity timestamp="2015-08-22T04:09:08.812Z" id="416677" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\NTDLL.DLL" />
  <activity timestamp="2015-08-22T04:09:08.813Z" id="416678" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\KERNEL32.DLL" />
  <activity timestamp="2015-08-22T04:09:08.816Z" id="416684" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\USER32.DLL" />
  <activity timestamp="2015-08-22T04:09:08.817Z" id="416687" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\ADVAPI32.DLL" />
  <activity timestamp="2015-08-22T04:09:08.969Z" id="416902" type="LoadImageFile" path="C:\Windows\SysWOW64\ole32.dll" />
  <activity timestamp="2015-08-22T04:09:08.972Z" id="416905" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\GDI32.DLL" />
  <activity timestamp="2015-08-22T04:09:09.141Z" id="417044" type="KernelObject" name="\Sessions\1\BaseNamedObjects\mchMixCache$2738!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.143Z" id="417048" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771eff70!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.144Z" id="417053" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f06f0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.145Z" id="417059" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f0870!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.147Z" id="417064" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f07e0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.148Z" id="417069" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f0000!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.151Z" id="417078" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f0080!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.153Z" id="417088" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f1cb0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.156Z" id="417097" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f1d88!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.160Z" id="417106" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771efcac!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.163Z" id="417115" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f0690!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.164Z" id="417121" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f0df0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.166Z" id="417130" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f1be0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.169Z" id="417139" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771effa0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.170Z" id="417144" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771efdc4!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.172Z" id="417149" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f00b0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.173Z" id="417155" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771efd60!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.174Z" id="417160" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771efebc!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.175Z" id="417164" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002738, API $771efebc" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.177Z" id="417170" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f0888!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.178Z" id="417174" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002738, API $771f0888" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.180Z" id="417180" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f0ed4!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.181Z" id="417184" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002738, API $771f0ed4" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.182Z" id="417191" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771efb24!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.183Z" id="417195" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002738, API $771efb24" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.184Z" id="417201" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f08a0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.185Z" id="417205" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002738, API $771f08a0" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.187Z" id="417212" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $771f03b4!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.207Z" id="417215" type="LoadImageFile" path="C:\Users\wuliao\Desktop\Urgent Purchase Order\PurchaseOrderIV\PurchaseOrderIV.scr" />
  <activity timestamp="2015-08-22T04:09:09.536Z" id="417227" type="LoadImageFile" path="C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" />
  <activity timestamp="2015-08-22T04:09:09.569Z" id="417230" type="LoadImageFile" path="C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll" />
  <activity timestamp="2015-08-22T04:09:09.601Z" id="417235" type="KernelObject" name="\BaseNamedObjects\Cor_Private_IPCBlock_10040!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.601Z" id="417236" type="KernelObject" name="\BaseNamedObjects\Cor_Public_IPCBlock_10040!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.601Z" id="417237" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Global\CorDBIPCSetupSyncEvent_10040!comodo_6" isCreate="true" objectType="Event" />
  <activity timestamp="2015-08-22T04:09:09.605Z" id="417240" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\SHELL32.DLL" />
  <activity timestamp="2015-08-22T04:09:09.606Z" id="417243" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $75c4534a!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.607Z" id="417245" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002738, API $75c4534a" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.608Z" id="417250" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $75a21e06!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.609Z" id="417252" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002738, API $75a21e06" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.613Z" id="417261" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $75c5b4d1!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.614Z" id="417263" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002738, API $75c5b4d1" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.616Z" id="417268" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002738, API $75a59708!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:09.618Z" id="417270" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002738, API $75a59708" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:09.622Z" id="417274" type="LoadImageFile" path="C:\Windows\SysWOW64\profapi.dll" />
  <activity timestamp="2015-08-22T04:09:10.709Z" id="417378" type="LoadImageFile" path="C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll" />
  <activity timestamp="2015-08-22T04:09:10.737Z" id="417385" type="LoadImageFile" path="C:\Windows\system32\rpcss.dll" />
  <activity timestamp="2015-08-22T04:09:10.753Z" id="417388" type="LoadImageFile" path="C:\Windows\SysWOW64\l_intl.nls" />
  <activity timestamp="2015-08-22T04:09:10.764Z" id="417390" type="LoadImageFile" path="C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" />
  <activity timestamp="2015-08-22T04:09:10.851Z" id="417397" type="LoadImageFile" path="C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp" />
  <activity timestamp="2015-08-22T04:09:10.949Z" id="417398" type="LoadImageFile" path="C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp" />
  <activity timestamp="2015-08-22T04:09:10.949Z" id="417399" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NLS_00000804_Exception_Table_3_2!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:11.030Z" id="417405" type="LoadImageFile" path="C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp" />
  <activity timestamp="2015-08-22T04:09:11.095Z" id="417406" type="LoadImageFile" path="C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll" />
  <activity timestamp="2015-08-22T04:09:11.555Z" id="417416" type="LoadImageFile" path="C:\Windows\Microsoft.NET\Framework\v2.0.50727\zh-CHS\mscorrc.dll" />
  <activity timestamp="2015-08-22T04:09:12.398Z" id="417455" type="LoadImageFile" path="C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll" />
  <activity timestamp="2015-08-22T04:09:12.498Z" id="417465" type="LoadImageFile" path="C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\238f7a4a7dba5830d5aa15b99bdcc848\Microsoft.VisualBasic.ni.dll" />
  <activity timestamp="2015-08-22T04:09:12.548Z" id="417472" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NLS_CodePage_936_3_2_0_0!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:12.578Z" id="417473" type="LoadImageFile" path="C:\Windows\SysWOW64\CRYPTSP.dll" />
  <activity timestamp="2015-08-22T04:09:12.582Z" id="417478" type="LoadImageFile" path="C:\Windows\SysWOW64\rsaenh.dll" />
  <activity timestamp="2015-08-22T04:09:12.594Z" id="417490" type="KernelObject" name="\Sessions\1\BaseNamedObjects\dd3b797c-61ef-4498-812e-c9ae7e1096d!comodo_6" isCreate="true" objectType="Event" />
  <activity timestamp="2015-08-22T04:09:12.719Z" id="417497" type="LoadImageFile" path="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5a401fd2a7689ff13fb54182953f9c40\System.Drawing.ni.dll" />
  <activity timestamp="2015-08-22T04:09:13.197Z" id="417527" type="LoadImageFile" path="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6949c4470a81970ec3de0a575d93babc\System.Windows.Forms.ni.dll" />
  <activity timestamp="2015-08-22T04:09:13.317Z" id="417534" type="LoadImageFile" path="C:\Windows\SysWOW64\shfolder.dll" />
  <activity timestamp="2015-08-22T04:09:15.863Z" id="417651" type="LoadImageFile" path="C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.1.7601.18834_NONE_72D38C5186679D48\GDIPLUS.DLL" />
  <activity timestamp="2015-08-22T04:09:15.868Z" id="417658" type="LoadImageFile" path="C:\Windows\SysWOW64\UxTheme.dll" />
  <activity timestamp="2015-08-22T04:09:15.879Z" id="417666" type="LoadImageFile" path="C:\Windows\SysWOW64\WindowsCodecs.dll" />
  <activity timestamp="2015-08-22T04:09:15.881Z" id="417668" type="LoadImageFile" path="C:\Program Files (x86)\ADSafe\adsPop32.dll" />
  <activity timestamp="2015-08-22T04:09:15.893Z" id="417676" type="LoadImageFile" path="C:\PROGRAM FILES (X86)\ADSAFE\ADSNET32.DLL" />
  <activity timestamp="2015-08-22T04:09:15.904Z" id="417686" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\APPHELP.DLL" />
  <activity timestamp="2015-08-22T04:09:15.910Z" id="417691" type="LoadImageFile" path="C:\Windows\AppPatch\sysmain.sdb" />
  <activity timestamp="2015-08-22T04:09:15.912Z" id="417698" type="FindFile" path="C:\Windows\SysWOW64" pattern="*" />
  <activity timestamp="2015-08-22T04:09:15.917Z" id="417699" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\PALMINPUTIME.IME" />
  <activity timestamp="2015-08-22T04:09:15.932Z" id="417707" type="LoadImageFile" path="C:\Windows\SysWOW64\dbghelp.dll" />
  <activity timestamp="2015-08-22T04:09:15.935Z" id="417708" type="KernelObject" name="\Sessions\1\BaseNamedObjects\{05B5091A-2D45-44A6-B586-DD700A72F05F}-V5!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:15.936Z" id="417709" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\NTMARTA.DLL" />
  <activity timestamp="2015-08-22T04:09:15.948Z" id="417715" type="KernelObject" name="\Sessions\1\BaseNamedObjects\{4F4AFDEA-05EC-4162-9CB6-9D69FD13B92E}-V2!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:15.956Z" id="417716" type="KernelObject" name="\Sessions\1\BaseNamedObjects\{34EC97F5-F214-498F-B60F-186E5B0322AB}-V60!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:15.985Z" id="417717" type="LoadImageFile" path="C:\Windows\Fonts\staticcache.dat" />
  <activity timestamp="2015-08-22T04:09:15.998Z" id="417723" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\PROPSYS.DLL" />
  <activity timestamp="2015-08-22T04:09:16.004Z" id="417730" type="LoadImageFile" path="C:\Windows\SysWOW64\dwmapi.dll" />
  <activity timestamp="2015-08-22T04:09:16.005Z" id="417732" type="LoadImageFile" path="E:\PROGRAM FILES\PALMINPUT\2.1.0.1146\PALMINPUTSERVICE.EXE" />
  <activity timestamp="2015-08-22T04:09:16.009Z" id="417741" type="LoadImageFile" path="E:\Program Files\PalmInput\2.1.0.1146\PalmInputStartUp.exe" />
  <activity timestamp="2015-08-22T04:09:16.009Z" id="417742" type="LoadImageFile" path="C:\USERS\WULIAO\APPDATA\ROAMING\TAOBAOPROTECT\TAOBAOPROTECTSE.DLL" />
  <activity timestamp="2015-08-22T04:09:16.012Z" id="417745" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\SFC.DLL" />
  <activity timestamp="2015-08-22T04:09:16.013Z" id="417746" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\SFC_OS.DLL" />
  <activity timestamp="2015-08-22T04:09:16.018Z" id="417750" type="LoadImageFile" path="C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\COMCTL32.dll" />
  <activity timestamp="2015-08-22T04:09:16.026Z" id="417761" type="LoadImageFile" path="C:\Windows\WindowsShell.Manifest" />
  <activity timestamp="2015-08-22T04:09:16.042Z" id="417771" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\NCRYPT.DLL" />
  <activity timestamp="2015-08-22T04:09:16.042Z" id="417772" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\BCRYPT.DLL" />
  <activity timestamp="2015-08-22T04:09:16.046Z" id="417774" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\BCRYPTPRIMITIVES.DLL" />
  <activity timestamp="2015-08-22T04:09:16.067Z" id="417790" type="LoadImageFile" path="C:\Windows\SysWOW64\ieframe.dll" />
  <activity timestamp="2015-08-22T04:09:16.069Z" id="417793" type="LoadImageFile" path="C:\Windows\SysWOW64\OLEACC.dll" />
  <activity timestamp="2015-08-22T04:09:16.071Z" id="417794" type="LoadImageFile" path="C:\Windows\SysWOW64\oleaccrc.dll" />
  <activity timestamp="2015-08-22T04:09:16.083Z" id="417803" type="LoadImageFile" path="C:\Windows\SysWOW64\USERENV.dll" />
  <activity timestamp="2015-08-22T04:09:16.088Z" id="417808" type="FindFile" path="C:\Users\wuliao\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates" pattern="*" />
  <activity timestamp="2015-08-22T04:09:16.089Z" id="417809" type="FindFile" path="C:\Users\wuliao\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs" pattern="*" />
  <activity timestamp="2015-08-22T04:09:16.089Z" id="417810" type="FindFile" path="C:\Users\wuliao\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs" pattern="*" />
  <activity timestamp="2015-08-22T04:09:16.164Z" id="417814" type="FindFile" path="C:\Users\wuliao\Desktop\Urgent Purchase Order\PurchaseOrderIV" pattern="cmd"*" />
  <activity timestamp="2015-08-22T04:09:16.164Z" id="417815" type="FindFile" path="C:\Windows\SysWOW64" pattern="cmd"*" />
  <activity timestamp="2015-08-22T04:09:16.249Z" id="417820" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\GPAPI.DLL" />
  <activity timestamp="2015-08-22T04:09:16.268Z" id="417826" type="LoadImageFile" path="C:\Users\wuliao\AppData\Local\Microsoft\Windows\Caches\cversions.1.db" />
  <activity timestamp="2015-08-22T04:09:16.268Z" id="417827" type="KernelObject" name="\Sessions\1\BaseNamedObjects\C:*Users*wuliao*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:16.269Z" id="417828" type="LoadImageFile" path="C:\Users\wuliao\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000038.db" />
  <activity timestamp="2015-08-22T04:09:16.269Z" id="417829" type="KernelObject" name="\Sessions\1\BaseNamedObjects\C:*Users*wuliao*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000038.db!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:16.283Z" id="417875" type="LoadImageFile" path="C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db" />
  <activity timestamp="2015-08-22T04:09:16.283Z" id="417878" type="KernelObject" name="\Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:16.284Z" id="417882" type="LoadImageFile" path="C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000a.db" />
  <activity timestamp="2015-08-22T04:09:16.284Z" id="417885" type="KernelObject" name="\Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000a.db!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:16.286Z" id="417893" type="LoadImageFile" path="C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" />
  <activity timestamp="2015-08-22T04:09:16.286Z" id="417895" type="KernelObject" name="\Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:16.296Z" id="417918" type="CreateKey" regKey="\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\MICROSOFT\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config" />
  <activity timestamp="2015-08-22T04:09:16.301Z" id="417924" type="CreateKey" regKey="\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\MICROSOFT\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config" />
  <activity timestamp="2015-08-22T04:09:16.354Z" id="417934" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\CRYPTNET.DLL" />
  <activity timestamp="2015-08-22T04:09:16.362Z" id="417941" type="FindFile" path="C:\Users\wuliao\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData" pattern="E8F253959121E089B0D4AA8B6682E44B_*" />
  <activity timestamp="2015-08-22T04:09:16.363Z" id="417942" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:16.367Z" id="417944" type="FindFile" path="C:\Users\wuliao\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData" pattern="3CD99F6CD2961AEFAF9D21EA27618F63_*" />
  <activity timestamp="2015-08-22T04:09:16.380Z" id="417947" type="FindFile" path="C:\Users\wuliao\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData" pattern="B18C72BA0B1A93578E6698C361385449_*" />
  <activity timestamp="2015-08-22T04:09:16.384Z" id="417949" type="LoadImageFile" path="C:\Windows\SysWOW64\sensapi.dll" />
  <activity timestamp="2015-08-22T04:09:16.392Z" id="417955" type="KernelObject" name="\Sessions\1\BaseNamedObjects\UrlZonesSM_wuliao!comodo_6" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T04:09:16.393Z" id="417956" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:16.401Z" id="417957" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:16.412Z" id="417961" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T04:09:18.552Z" id="418028" type="LoadImageFile" path="C:\Windows\SysWOW64\zh-CN\KernelBase.dll.mui" />
  <activity timestamp="2015-08-22T04:09:18.563Z" id="418029" type="CreateFile" path="C:\Users\wuliao\AppData\Roaming\Microsoft\Windows\isshost.exe" />
  <activity timestamp="2015-08-22T04:09:19.889Z" id="418058" type="LoadImageFile" path="C:\Users\wuliao\AppData\Roaming\Microsoft\Windows\isshost.exe" />
  <activity timestamp="2015-08-22T04:09:20.231Z" id="418067" type="LoadImageFile" path="C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_zh-CHS_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll" />
  </activities>
  <children />
  </process>
  </vscope>[/mw_shl_code]
看着不像是好东西，HIPS一直拦截isshost这个进程。

显示全部楼层 · 发表于 2015-8-22 15:53:55

KIS killed.
拦截迅雷下载

显示全部楼层 · 发表于 2015-8-28 05:31:16

卡巴秒杀

[可疑文件] Urgent Purchase Order ...

本帖子中包含更多资源

本帖子中包含更多资源