H网下的，谁测试一下，大部分是冷门杀软在报！！

显示全部楼层 · 发表于 2016-6-15 16:40:44

这个文件能解压，但是看起来没什么大用

显示全部楼层 · 发表于 2016-6-15 17:55:57

轩夏发表于 2016-6-15 14:26
微软 miss

windows defender右键扫描不报，但是打开解压以后的文件夹时，监控报了

显示全部楼层 · 发表于 2016-6-15 20:20:38

lzy2010000 发表于 2016-6-15 11:46
成功运行，ESET不杀。补充一句，观看需付费。

意思是无毒了？？

显示全部楼层 · 发表于 2016-6-15 20:22:27

Virus: Trojan.GenericKD.3313198 (Engine A)

Virus found while downloading content from the web.

Address: https://att.kafan.cn/forum.php?mo ... TZ8MjA0NDc1Mw%3D%3D
Status: Access denied.

显示全部楼层 · 发表于 2016-6-15 20:28:59

楼主故意来，，，，。。。。

显示全部楼层 · 发表于 2016-6-15 23:17:26

[mw_shl_code=css,true]2016-6-15 23:15:22 加载动态链接库风险级别:中允许
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: c:\windows\system32\msvbvm60.dll
规则: [应用程序]*.exe -> [动态链接库]c:\windows\system32\msvbvm60.dll

2016-6-15 23:15:22 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-6-15 23:15:22 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-6-15 23:15:22 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-6-15 23:15:22 读文件夹风险级别:低阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: C:\Documents and Settings\Administrator\Cookies
规则: [文件组]终止_禁读 -> [文件]*; cookie*

2016-6-15 23:15:22 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; ProxyBypass

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; IntranetName

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; UNCAsIntranet

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; AutoDetect

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; ProxyBypass

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; IntranetName

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; UNCAsIntranet

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [注册表组]拦截_重要关联 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; AutoDetect

2016-6-15 23:15:23 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\ROUTER
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:23 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-6-15 23:15:23 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\ROUTER
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:23 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-6-15 23:15:23 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [注册表组]拦截_Network Protection -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings; ProxyEnable

2016-6-15 23:15:23 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-6-15 23:15:23 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
值: *.local
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-6-15 23:15:23 删除注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*

2016-6-15 23:15:26 修改注册表值风险级别:未知允许
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 c1 24 00 00 01 00 00 00 00 00 00 00 07 00 00 00 2a 2e 6c 6f 63 61 6c 00 00 00 00 04 00 00 00 00 00 00 00 90 3e 8e 41 72 62 d1 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 c0 a8 01 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections; SavedLegacySettings

2016-6-15 23:15:29 加载动态链接库风险级别:中允许
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: c:\windows\system32\dnsapi.dll
规则: [应用程序]*.exe -> [动态链接库]c:\windows\system32\dnsapi.dll

2016-6-15 23:15:29 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:35 访问网络允许
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: TCP [本机 : 2280] -> [120.52.19.50 : 80 (http)]
规则: [应用程序]*.exe -> [网络组]询问_所有允许或阻止

2016-6-15 23:15:35 读文件风险级别:未知 (2) 阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: C:\Program Files\Microsoft Office\OFFICE11\OUTLLIB.DLL
规则: [文件组]拦截_{应用软件保护}常见软件 -> [文件]?:\program files\microsoft office\*

2016-6-15 23:15:35 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:35 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: C:\WINDOWS\system32\mlang.dat
规则: [文件组]终止_禁读 -> [文件]c:\windows*; *.dat

2016-6-15 23:15:35 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:36 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:36 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
值: C:\Documents and Settings\Administrator\Local Settings\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-6-15 23:15:36 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
规则: [应用程序]?:\*\*\*\*\* -> [文件]c:\documents and settings\*\local settings\application data\*

2016-6-15 23:15:41 读文件风险级别:未知 (2) 阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:42 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:42 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:48 加载动态链接库风险级别:中允许
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: c:\windows\system32\msacm32.drv
规则: [应用程序]*.exe -> [动态链接库]c:\windows\system32\msacm32.drv

2016-6-15 23:15:48 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:58 安装全局消息钩子风险级别:高阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: c:\windows\system32\dinput8.dll
钩子类型: WH_MOUSE_LL
规则: [应用程序]* -> [钩子模块]c:\windows\system32\dinput8.dll

2016-6-15 23:15:58 读文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:15:58 修改注册表值风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [应用程序]* -> [注册表]*\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2016-6-15 23:15:58 修改文件风险级别:未知阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\NativeCache\NativeCache.directory
规则: [应用程序]?:\*\*\*\*\* -> [文件]c:\documents and settings\*\application data\*

2016-6-15 23:15:59 读文件风险级别:未知 (2) 阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: \Device\NamedPipe\{A4A8723A-44EA-465e-A48F-1A700FC991C7}
规则: [文件组]Namedpipe -> [文件]\device\namedpipe\*

2016-6-15 23:16:59 修改注册表值风险级别:未知 (7) 阻止
进程: c:\documents and settings\administrator\桌面\私密快播_ac7_670\私密快播_ac7_670.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\LastScavenge
值: 0x00000001(1)
规则: [注册表组]拦截_Ilegal Keys -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion*
[/mw_shl_code]

显示全部楼层 · 发表于 2016-6-15 23:35:29

卡巴不杀,不过还是小心点好

显示全部楼层 · 发表于 2016-6-16 00:28:27

540923555 发表于 2016-6-15 17:55
windows defender右键扫描不报，但是打开解压以后的文件夹时，监控报了

你好，还有历史记录吗？

显示全部楼层 · 发表于 2016-6-16 00:31:29

SEP 解压

显示全部楼层 · 发表于 2016-6-16 11:26:54

蓝天二号发表于 2016-6-15 13:52
成功运行，，，，，估计是敲诈。。。

你这样子变相发福利不好吧

不过我喜欢

[可疑文件] H网下的，谁测试一下，大部分是冷门杀软在报！！

本帖子中包含更多资源

浏览过的版块