2015/12/23 18:50:30,C:\Windows\explorer.exe,53,Allowed ;执行应用程序 ("C:\Users\AA\Desktop\1\root1605 (7).exe" )
2015/12/23 18:50:38,C:\Users\AA\Desktop\1\root1605 (7).exe,47,Allowed ;创建交换数据流 (C:\Users\AA\Desktop\1\root1605 (7).exe:Zone.Identifier)
2015/12/23 18:50:39,C:\Users\AA\Desktop\1\root1605 (7).exe,53,Allowed ;执行应用程序 (C:\Users\AA\AppData\Roaming\uwvgracroic.exe)
2015/12/23 18:50:41,C:\Users\AA\Desktop\1\root1605 (7).exe,53,Allowed ;执行应用程序 ("C:\windows\system32\cmd.exe" /c DEL C:\Users\AA\Desktop\1\RO5D50~1.EXE)
2015/12/23 18:50:46,C:\Users\AA\AppData\Roaming\uwvgracroic.exe,47,Allowed ;创建交换数据流 (C:\Users\AA\AppData\Roaming\uwvgracroic.exe:Zone.Identifier)
2015/12/23 18:51:00,C:\Users\AA\AppData\Roaming\uwvgracroic.exe,26,Blocked ;修改受保护的注册表键 (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,santa_svc)
2015/12/23 18:51:01,C:\Users\AA\AppData\Roaming\uwvgracroic.exe,40,Blocked ;以修改权限打开进程或线程 (esif_assist.exe(pid=3396))
2015/12/23 18:51:04,C:\Users\AA\AppData\Roaming\uwvgracroic.exe,53,Blocked ;执行应用程序 ("C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet )
2015/12/23 18:51:10,C:\Users\AA\AppData\Roaming\uwvgracroic.exe,53,Blocked ;执行应用程序 ("C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet )
2015/12/23 18:51:15,C:\Users\AA\AppData\Roaming\uwvgracroic.exe,53,Blocked ;执行应用程序 ("C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet )
2015/12/23 18:51:20,C:\Users\AA\AppData\Roaming\uwvgracroic.exe,53,Blocked ;执行应用程序 ("C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet )
2015/12/23 18:51:25,C:\Users\AA\AppData\Roaming\uwvgracroic.exe,53,Blocked ;执行应用程序 ("C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet )
2015/12/23 18:51:31,C:\Users\AA\AppData\Roaming\uwvgracroic.exe,53,Terminated ;执行应用程序 ("C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet )
|
发表于 2015-12-23 18:45:57
楼主
发表于 2015-12-23 22:28:32
