很流氓，过火绒主防！！

显示全部楼层 · 发表于 2016-3-13 18:30:48

干抓到的。。

显示全部楼层 · 发表于 2016-3-13 18:34:12

本帖最后由 windows7爱好者于 2016-3-13 18:37 编辑

里面附带了11个安装包，我已经可以想象我允许后会是怎样的可怕景象了

显示全部楼层 · 发表于 2016-3-13 18:41:49

windows7爱好者发表于 2016-3-13 18:34
里面附带了11个安装包，我已经可以想象我允许后会是怎样的可怕景象了

没防火墙就挂了

显示全部楼层 · 发表于 2016-3-13 18:48:09

本帖最后由左手于 2016-3-13 18:54 编辑

[mw_shl_code=css,true]2016-3-13 18:44:15 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:15 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:15 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:44:15 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:44:15 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:44:15 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:15 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:15 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:15 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:15 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:15 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:15 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:15 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:15 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:15 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\ROUTER
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\ROUTER
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:16 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:16 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:16 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [注册表组]拦截_Network Protection -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings; ProxyEnable

2016-3-13 18:44:16 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:44:16 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:44:16 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 0f 10 00 00 01 00 00 00 00 00 00 00 07 00 00 00 2a 2e 6c 6f 63 61 6c 00 00 00 00 04 00 00 00 00 00 00 00 90 3e 8e 41 72 62 d1 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 c0 a8 01 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections; SavedLegacySettings

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:27 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:27 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:27 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:27 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; ProxyBypass

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; IntranetName

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; UNCAsIntranet

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; AutoDetect

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; ProxyBypass

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; IntranetName

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; UNCAsIntranet

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; AutoDetect

2016-3-13 18:44:27 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:27 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:27 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:27 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [注册表组]拦截_Network Protection -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings; ProxyEnable

2016-3-13 18:44:27 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:44:27 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:44:27 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 0f 10 00 00 01 00 00 00 00 00 00 00 07 00 00 00 2a 2e 6c 6f 63 61 6c 00 00 00 00 04 00 00 00 00 00 00 00 90 3e 8e 41 72 62 d1 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 c0 a8 01 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [应用程序]c:\documents and settings\administrator\桌面\yenaldjglcjie.exe -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections; SavedLegacySettings

2016-3-13 18:44:27 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:27 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:27 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:27 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:27 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:27 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:27 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:37 访问网络允许
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: TCP [本机 : 4447] ->  [117.25.155.240 : 80 (http)]
规则: [应用程序]*.exe -> [网络组]询问_所有允许或阻止

2016-3-13 18:44:37 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:44:37 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:37 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:44:45 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:44:45 向其他进程发送消息风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: c:\windows\explorer.exe
消息: 0x0419
规则: [应用程序]*\temp\*.* -> [目标应用程序]*

2016-3-13 18:44:45 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:44:45 创建注册表项风险级别:中阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
规则: [注册表组]拦截_HEUR.Win32.Malware Regs -> [注册表]*\Software\Microsoft\Windows*\*

2016-3-13 18:44:45 创建注册表项风险级别:中阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant
规则: [注册表组]拦截_HEUR.Win32.Malware Regs -> [注册表]*\Software\Microsoft\Windows*\*

2016-3-13 18:44:45 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Program Files\Tencent\QQBrowser\QQBrowser.exe
规则: [注册表组]拦截_HEUR.Win32.Malware Regs -> [注册表]*\Software\Microsoft\Windows*\*

2016-3-13 18:44:45 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Program Files\Tencent\QQBrowser\uninst.exe
规则: [注册表组]拦截_HEUR.Win32.Malware Regs -> [注册表]*\Software\Microsoft\Windows*\*

2016-3-13 18:44:45 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw1D.tmp\V8._85296_20150814221218.exe
规则: [注册表组]拦截_HEUR.Win32.Malware Regs -> [注册表]*\Software\Microsoft\Windows*\*

2016-3-13 18:44:46 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\12au17fcfd\appdata\video\vd.ini
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:01 创建文件夹风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: C:\Documents and Settings\Administrator\Application Data\Tencent\QQBrowser
规则: [应用程序]?:\*\*\*\*\*\* -> [文件]c:\documents and settings\*\application data\*

2016-3-13 18:45:01 创建文件夹风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: C:\Program Files\Tencent\QQBrowser
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:01 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:02 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:45:06 创建文件夹风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Application Data\Tencent\QQBrowser
规则: [应用程序]?:\*\*\*\*\*\* -> [文件]c:\documents and settings\*\application data\*

2016-3-13 18:45:06 创建文件夹风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Application Data\Tencent\QQBrowser
规则: [应用程序]c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe -> [文件]c:\documents and settings\*\application data\*

2016-3-13 18:45:06 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
值: C:\Documents and Settings\Administrator\Local Settings\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:45:06 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:45:06 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:45:06 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:45:06 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:06 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:06 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:06 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:06 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:06 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:06 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:06 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:06 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:06 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:06 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:06 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:06 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:06 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序]*\temp\*.* -> [文件]*\namedpipe\router

2016-3-13 18:45:06 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:45:06 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:06 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-3-13 18:45:06 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:06 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序]*\temp\*.* -> [文件]*\namedpipe\router

2016-3-13 18:45:06 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:06 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:06 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:06 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [注册表组]拦截_Network Protection -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings; ProxyEnable

2016-3-13 18:45:06 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:45:06 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:45:06 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 0f 10 00 00 01 00 00 00 00 00 00 00 07 00 00 00 2a 2e 6c 6f 63 61 6c 00 00 00 00 04 00 00 00 00 00 00 00 90 3e 8e 41 72 62 d1 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 c0 a8 01 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections; SavedLegacySettings

2016-3-13 18:45:18 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:18 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:18 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:18 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:18 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:18 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; ProxyBypass

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; IntranetName

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; UNCAsIntranet

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; AutoDetect

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; ProxyBypass

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; IntranetName

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; UNCAsIntranet

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; AutoDetect

2016-3-13 18:45:18 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:18 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:18 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [注册表组]拦截_Network Protection -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings; ProxyEnable

2016-3-13 18:45:18 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:45:18 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-3-13 18:45:18 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 0f 10 00 00 01 00 00 00 00 00 00 00 07 00 00 00 2a 2e 6c 6f 63 61 6c 00 00 00 00 04 00 00 00 00 00 00 00 90 3e 8e 41 72 62 d1 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 c0 a8 01 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [应用程序]c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections; SavedLegacySettings

2016-3-13 18:45:18 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:18 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:18 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:18 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:18 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:18 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:18 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:18 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:18 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
规则: [应用程序]*\temp\*.* -> [文件组]系统加固_访问控制受保护的对象

2016-3-13 18:45:18 访问网络阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: TCP [本机 : 4585] ->  [119.147.16.149 : 80 (http)]
规则: [应用程序]c:\documents and settings\*\local settings\temp\*.exe -> [网络组]询问_所有允许或阻止

2016-3-13 18:45:18 访问网络阻止
进程: c:\documents and settings\administrator\local settings\temp\12au17fcfd\bin\qqbrowser.exe
目标: TCP [本机 : 4586] ->  [119.147.201.16 : 443 (https)]
规则: [应用程序]c:\documents and settings\*\local settings\temp\*.exe -> [网络组]询问_所有允许或阻止

2016-3-13 18:45:18 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\local settings\temp\nsw1d.tmp\v8._85296_20150814221218.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*

2016-3-13 18:45:19 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-3-13 18:45:19 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-3-13 18:45:19 创建文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\yenaldjglcjie.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
规则: [应用程序]?:\*\*\*\* -> [文件]*\cookies\*
[/mw_shl_code]

QQ浏览器。KUWO等，全来。

显示全部楼层 · 发表于 2016-3-13 18:56:27

干掉流氓

显示全部楼层 · 发表于 2016-3-13 19:08:08

本帖最后由 xyz0703 于 2016-3-13 19:11 编辑

nis双击

然而还是有一个QQ浏览器

[mw_shl_code=css,true]文件名: yenaldjglcjie.exe
威胁名称: SONAR.Heuristic.142完整路径: 不可用

____________________________

____________________________

在电脑上
2016/3/13 星期日 ( 19:04:44 )

上次使用时间
2016/3/13 星期日 ( 19:04:44 )

启动项
否

已启动
是

SONAR 主动防护监视电脑上的可疑程序活动。

____________________________

yenaldjglcjie.exe 威胁名称: SONAR.Heuristic.142
定位

极少用户信任的文件
诺顿社区中有不到 5 名用户使用了此文件。

极新的文件
该文件已在不到 1 周前发行。

高
此文件具有高风险。

____________________________

来源: 外部介质

源文件:
yenaldjglcjie.exe

____________________________

文件操作

文件: c:\users\yizhou\desktop\ yenaldjglcjie.exe 威胁已删除
文件: c:\sandbox\yizhou\defaultbox\user\current\appdata\local\temp\nsm185f.tmp\ 2.ico 威胁已删除
文件: c:\sandbox\yizhou\defaultbox\user\current\appdata\local\microsoft\windows\inetcache\ counters.dat 威胁已删除
文件: c:\sandbox\yizhou\defaultbox\user\current\appdata\local\microsoft\windows\inetcache\ie\fkqjbimo\ 7185bdf1gw1f05vpdktqrg20go0a5u10[1].gif 威胁已删除
文件: c:\sandbox\yizhou\defaultbox\user\current\appdata\local\temp\nsm185f.tmp\ 21.tmp 威胁已删除
目录: c:\Sandbox\Yizhou\defaultbox\user\current\AppData\Local\Temp\ nsm185F.tmp 需要重新启动
____________________________

注册表操作

注册表更改: HKEY_USERS\Sandbox_Yizhou_DefaultBox\MACHINE\Software\Microsoft\ WindowsRuntime, 注册表配置单元: 64 位威胁已删除
注册表更改: HKEY_USERS\Sandbox_Yizhou_DefaultBox\MACHINE\Software\Classes\ ActivatableClasses, 注册表配置单元: 64 位威胁已删除
注册表更改: HKEY_USERS\SANDBOX_YIZHOU_DEFAULTBOX\user\current_classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache->C:\Users\Yizhou\Desktop\ yenaldjglcjie.exe.FriendlyAppName, 注册表配置单元: 64 位威胁已删除
注册表更改: HKEY_USERS\Sandbox_Yizhou_DefaultBox\user\current\Software\Microsoft\Windows\CurrentVersion\ Internet Settings, 注册表配置单元: 64 位威胁已删除
注册表更改: HKEY_USERS\Sandbox_Yizhou_DefaultBox\machine\Software\Microsoft\Windows NT\CurrentVersion\ PeerDist, 注册表配置单元: 64 位威胁已删除
注册表更改: HKEY_USERS\Sandbox_Yizhou_DefaultBox\user\current\Software\Microsoft\Windows\CurrentVersion\ OnDemandInterfaceCache, 注册表配置单元: 64 位威胁已删除
注册表更改: HKEY_USERS\Sandbox_Yizhou_DefaultBox\machine\software\Classes\CLSID\ {0358B920-0AC7-461F-98F4-58E32CD89148}, 注册表配置单元: 64 位威胁已删除
____________________________

网络操作

事件: 网络活动 (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
事件: 网络通信上检测到 Symantec IDS 特征 (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
____________________________

系统设置操作

事件: 进程启动 (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
事件: PE 文件创建: c:\Sandbox\Yizhou\defaultbox\user\current\AppData\Local\Temp\nsm185F.tmp\ System.dll (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
(执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
事件: PE 文件创建: c:\Sandbox\Yizhou\defaultbox\user\current\AppData\Local\Temp\nsm185F.tmp\ Inetc.dll (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
事件: PE 文件创建: c:\Sandbox\Yizhou\defaultbox\user\current\AppData\Local\Temp\nsm185F.tmp\ ZipDLL.dll (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
事件: PE 文件创建: c:\Sandbox\Yizhou\defaultbox\user\current\AppData\Local\Temp\nsm185F.tmp\ v8._85296_20150814221218.exe (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
事件: 进程启动: c:\Sandbox\Yizhou\defaultbox\user\current\AppData\Local\Temp\nsm185F.tmp\ v8._85296_20150814221218.exe, PID:6308 (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
事件: 进程启动: c:\users\yizhou\desktop\ yenaldjglcjie.exe, PID:7600 (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
事件: PE 文件创建: c:\sandbox\yizhou\defaultbox\user\current\appdata\local\temp\nsm185f.tmp\ browser_v5.5.7852.9_r_4640_(build1512022057).exe (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
事件: PE 文件创建: c:\sandbox\yizhou\defaultbox\user\current\appdata\local\microsoft\windows\inetcache\ie\ziaudeiu\ browser_v5.6.10551.6_r_4640_(build1602291105)[1].exe (执行者 c:\users\yizhou\desktop\yenaldjglcjie.exe, PID:7600) 未采取操作
____________________________

文件指纹 - SHA:
不可用
文件指纹 - MD5:
不可用
[/mw_shl_code]

显示全部楼层 · 发表于 2016-3-13 19:13:07

文件 ID 文件名大小(字节) 结果
28749665 wb.zip 237.37 KB OK

以下位置提供了存档中包含的文件及其结果的列表:
文件 ID 文件名大小(字节) 结果
28749664 yenaldjglcjie.exe 258.65 KB UNDER ANALYSIS

显示全部楼层 · 发表于 2016-3-13 19:23:09

过sep

显示全部楼层 · 发表于 2016-3-13 19:34:19

信誉风险

显示全部楼层 · 发表于 2016-3-13 19:34:38

请叫我德玛西亚发表于 2016-3-13 19:23
过sep

为什么人家的sonar杀了一个

[可疑文件] 很流氓，过火绒主防！！

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块