收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #4 (17.01.27)
12下一页
返回列表 发新帖
查看: 4822|回复: 12
收起左侧

[病毒样本] #4 (17.01.27)

[复制链接]
petr0vic
发表于 2017-1-27 23:20:01 | 显示全部楼层 |阅读模式




infected

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
学雷锋做人 + 1 拜年了

查看全部评分

回复

举报

心醉咖啡
发表于 2017-1-27 23:22:35 | 显示全部楼层
火绒
[mw_shl_code=css,true]病毒库:2017/01/27 18:38
开始时间:2017/01/27 23:21
总计用时:00:00:13
扫描对象:28个
发现威胁:3个
已处理威胁:3个
发现系统修复项:0个
处理系统修复项:0个

病毒详情

威胁路径:F:\浏览器下载\4\1.exe, 病毒名:Ransom/Cerber.f, 病毒ID:[1be9edd09119bdf5], 处理结果:已处理
威胁路径:F:\浏览器下载\4\3.exe, 病毒名:Ransom/Cerber.f, 病毒ID:[1be9edd09119bdf5], 处理结果:已处理
威胁路径:F:\浏览器下载\4\2.exe, 病毒名:VirTool/Kovter.p, 病毒ID:[e92bbf97494898d2], 处理结果:已处理
[/mw_shl_code]
回复

举报

嘉新
发表于 2017-1-27 23:33:40 | 显示全部楼层
诺顿完美防御
回复

举报

pal家族
发表于 2017-1-27 23:58:04 | 显示全部楼层
本帖最后由 pal家族 于 2017-1-28 00:23 编辑

卡巴 全杀

一个入库 2启发 1拉黑

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Eset小粉絲
发表于 2017-1-28 01:57:14 | 显示全部楼层
Avira 全殺
[mw_shl_code=css,true]
Type:        File
Source:        C:\Users\Ivan\Downloads\4\1.exe
Status:        Infected
Quarantine object:        7ab94a7e.qua
Restored:        NO
Uploaded to Avira:        NO
Operating system:        Windows XP/VISTA Workstation/Windows 7
Search engine:        8.03.42.158
Virus definition file:        8.12.150.84
Detection:        TR/Crypt.XPACK.2b6cc8 (Cloud)
Date/Time:        28/1/2017, 1:56


Type:        File
Source:        C:\Users\Ivan\Downloads\4\3.exe
Status:        Infected
Quarantine object:        150571d6.qua
Restored:        NO
Uploaded to Avira:        NO
Operating system:        Windows XP/VISTA Workstation/Windows 7
Search engine:        8.03.42.158
Virus definition file:        8.12.150.84
Detection:        TR/Crypt.XPACK.e1549c (Cloud)
Date/Time:        28/1/2017, 1:56


Type:        File
Source:        C:\Users\Ivan\Downloads\4\4.exe
Status:        Infected
Quarantine object:        10042ac0.qua
Restored:        NO
Uploaded to Avira:        NO
Operating system:        Windows XP/VISTA Workstation/Windows 7
Search engine:        8.03.42.158
Virus definition file:        8.12.150.84
Detection:        TR/Crypt.ZPACK.sfenc
Date/Time:        28/1/2017, 1:55


Type:        File
Source:        C:\Users\Ivan\Downloads\4\2.exe
Status:        Infected
Quarantine object:        10a02925.qua
Restored:        NO
Uploaded to Avira:        NO
Operating system:        Windows XP/VISTA Workstation/Windows 7
Search engine:        8.03.42.158
Virus definition file:        8.12.150.84
Detection:        TR/Crypt.Xpack.egmmr
Date/Time:        28/1/2017, 1:55[/mw_shl_code]
回复

举报

学雷锋做人
头像被屏蔽
发表于 2017-1-28 02:08:02 | 显示全部楼层
第一个样本双击拦截成功
[mw_shl_code=css,true]01:55:55(11):(自动允许)创建注册表键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb75dde0-d802-11e6-b8b3-806d6172696f}\

01:55:55(12):(阻止)写注册表值:\BaseClass

01:55:55(13):(自动允许)读取文件:\\.\MountPointManager     访问权限:0

01:55:55(14):(自动允许)读取文件:\\.\MountPointManager     访问权限:0

01:55:55(15):(自动允许)创建注册表键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb75ddde-d802-11e6-b8b3-806d6172696f}\

01:55:55(16):(阻止)写注册表值:\BaseClass

01:55:55(17):(自动允许)创建文件目录:C:\DOCUME~1\wang\LOCALS~1\Temp\

01:55:55(18):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsl1.tmp     访问权限:-2147483648

01:55:55(19):(自动允许)删除文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsl1.tmp

01:55:55(20):(自动允许)读取文件:C:\Documents and Settings\wang\桌面\File_safe\1.exe     访问权限:-2147483648

01:55:55(21):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsl2.tmp     访问权限:-2147483648

01:55:55(22):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsl2.tmp

01:55:55(23):(自动允许)创建文件目录:C:\DOCUME~1

01:55:55(24):(自动允许)创建文件目录:C:\DOCUME~1\wang

01:55:55(25):(自动允许)创建文件目录:C:\DOCUME~1\wang\LOCALS~1

01:55:55(26):(自动允许)创建文件目录:C:\DOCUME~1\wang\LOCALS~1\Temp

01:55:55(27):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\styling-24.min.js

01:55:55(28):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\icon_login_smp.png

01:55:55(29):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\ScriptResource.axd

01:55:55(30):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\btn_cart1_off.png

01:55:55(31):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\rc_tx_id_01.gif

01:55:55(32):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\weed.v

01:55:55(33):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp     访问权限:-2147483648

01:55:55(34):(自动允许)删除文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp

01:55:55(35):(自动允许)创建文件目录:C:\DOCUME~1

01:55:55(36):(自动允许)创建文件目录:C:\DOCUME~1\wang

01:55:55(37):(自动允许)创建文件目录:C:\DOCUME~1\wang\LOCALS~1

01:55:55(38):(自动允许)创建文件目录:C:\DOCUME~1\wang\LOCALS~1\Temp

01:55:55(39):(自动允许)创建文件目录:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp

01:55:55(40):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp\System.dll

01:55:55(41):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\weed.v     访问权限:-2147483648

01:55:55(42):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp\System.dll

01:55:55(43):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp\System.dll

01:55:55(44):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp\System.dll

01:55:55(45):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp\System.dll

01:55:55(46):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp\System.dll

01:55:55(47):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\nsv3.tmp\System.dll

01:55:57(48):(自动允许)读取文件:C:\WINDOWS\system32\ntdll.dll     访问权限:-2147483648

01:55:57(49):(自动允许)读取文件:C:\WINDOWS\system32\ntdll.dll     访问权限:-2147483648

01:55:57(50):(自动允许)读取文件:C:\WINDOWS\system32\ntdll.dll     访问权限:-2147483648

01:55:57(51):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\weed.v     访问权限:-2147483648

01:55:57(52):(自动允许)读取文件:C:\WINDOWS\system32\ntdll.dll     访问权限:-2147483648

01:55:57(53):(自动允许)读取文件:C:\WINDOWS\system32\rsaenh.dll     访问权限:-2147483648

01:55:57(54):(自动允许)读取文件:C:\WINDOWS\system32\rsaenh.dll     访问权限:-2147483648

01:55:57(55):(自动允许)读取文件:C:\WINDOWS\system32\rsaenh.dll     访问权限:-2147483648

01:55:57(56):(自动允许)读取文件:C:\WINDOWS\system32\rsaenh.dll     访问权限:-2147483648

01:55:57(57):(自动允许)读取文件:C:\WINDOWS\system32\ntdll.dll     访问权限:-2147483648

01:55:57(58):(阻止)创建进程:C:\Documents and Settings\wang\桌面\File_safe\1.exe     命令行:"C:\Documents and Settings\wang\桌面\File_safe\1.exe"[/mw_shl_code]
第二个样本
[mw_shl_code=css,true]
02:00:17(3):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo

02:00:17(4):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo

02:00:17(5):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer

02:00:17(6):(阻止)创建注册表键:428\BitBucket

02:00:17(7):(阻止)创建注册表键:428\BitBucket

02:00:17(8):(自动允许)打开驱动对象:LanmanWorkstation

02:00:17(9):(自动允许)创建文件:\\.\PIPE\lsarpc

02:00:17(10):(自动允许)读取文件:C:\WINDOWS\Registration\R000000000007.clb     访问权限:-2147483648

02:00:17(11):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM

02:00:17(12):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM

02:00:17(13):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM

02:00:17(14):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(15):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(16):(阻止)创建\打开注册表项:620\msacm.imaadpcm

02:00:17(17):(自动允许)创建注册表键:HKEY_CURRENT_USER\Software\Microsoft\Multimedia\

02:00:17(18):(阻止)创建注册表键:620\msacm.imaadpcm

02:00:17(19):(自动允许)打开驱动对象:AudioSrv

02:00:17(20):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:00:17(21):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:00:17(22):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:00:17(23):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:00:17(24):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses

02:00:17(25):(自动允许)创建文件:\\.\PIPE\lsarpc

02:00:17(26):(自动允许)创建文件:\\.\PIPE\lsarpc

02:00:17(27):(安全环境)创建文件:\\?\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}     访问权限:-1073741824

02:00:17(28):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:00:17(29):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:00:17(30):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:00:17(31):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:00:17(32):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses

02:00:17(33):(自动允许)创建文件:\\.\PIPE\lsarpc

02:00:17(34):(自动允许)创建文件:\\.\PIPE\lsarpc

02:00:17(35):(安全环境)创建文件:\\?\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}     访问权限:-1073741824

02:00:17(36):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:00:17(37):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:00:17(38):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:00:17(39):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:00:17(40):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses

02:00:17(41):(自动允许)创建文件:\\.\PIPE\lsarpc

02:00:17(42):(自动允许)创建文件:\\.\PIPE\lsarpc

02:00:17(43):(安全环境)创建文件:\\?\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}     访问权限:-1073741824

02:00:17(44):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(45):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(46):(阻止)创建\打开注册表项:636\msacm.msadpcm

02:00:17(47):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(48):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(49):(阻止)创建\打开注册表项:632\msacm.msg711

02:00:17(50):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(51):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(52):(阻止)创建\打开注册表项:636\msacm.msgsm610

02:00:17(53):(自动允许)创建注册表键:HKEY_CURRENT_USER\Software\Microsoft\Multimedia\

02:00:17(54):(阻止)创建注册表键:636\msacm.msgsm610

02:00:17(55):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(56):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(57):(阻止)创建\打开注册表项:636\msacm.trspch

02:00:17(58):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(59):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(60):(阻止)创建\打开注册表项:632\msacm.msg723

02:00:17(61):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(62):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(63):(阻止)创建\打开注册表项:636\msacm.msaudio1

02:00:17(64):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(65):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(66):(阻止)创建\打开注册表项:632\msacm.sl_anet

02:00:17(67):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(68):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(69):(阻止)创建\打开注册表项:632\msacm.iac2

02:00:17(70):(自动允许)创建\打开注册表项:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(71):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\AudioCompressionManager\DriverCache

02:00:17(72):(阻止)创建\打开注册表项:632\msacm.l3acm

02:00:36(73):(自动允许)创建文件:\\.\PIPE\wkssvc

02:00:36(74):(自动允许)创建文件:\\.\PIPE\wkssvc

02:00:36(75):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

02:00:36(76):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

02:00:36(77):(自动允许)读取文件:\\.\Ip     访问权限:536870912

02:00:36(78):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

02:00:36(79):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters[/mw_shl_code]
第三个样本跟第一个样本行为类似
第四个样本就比较有意思了,桌面放了流氓百度给样本跑
[mw_shl_code=css,true]02:05:43(3):(自动允许)读取文件:C:\WINDOWS\system32\rsaenh.dll     访问权限:-2147483648

02:05:43(4):(自动允许)读取文件:C:\WINDOWS\system32\rsaenh.dll     访问权限:-2147483648

02:05:43(5):(自动允许)读取文件:C:\WINDOWS\system32\rsaenh.dll     访问权限:-2147483648

02:05:43(6):(自动允许)读取文件:C:\WINDOWS\system32\rsaenh.dll     访问权限:-2147483648

02:05:43(7):(自动允许)读取文件:C:\Documents and Settings\wang\桌面\File_safe\4.exe     访问权限:-2147483648

02:05:43(8):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\9dc2ca8e\5926.tmp     访问权限:-2147483648

02:05:46(9):(自动允许)创建文件目录:C:\DOCUME~1\wang\LOCALS~1\Temp\9dc2ca8e

02:05:46(10):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\9dc2ca8e\4045.tmp

02:05:46(11):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\9dc2ca8e\5926.tmp

02:05:46(12):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\9dc2ca8e\5926.tmp     访问权限:-2147483648

02:05:46(13):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\9dc2ca8e\4045.tmp     访问权限:-2147483648

02:05:46(14):(自动允许)程序自身创建远程线程

02:05:46(15):(阻止)加载全局钩子:WH_KEYBOARD(钩子类型)     钩子地址:1952972800

02:05:46(16):(阻止)加载全局钩子:WH_MOUSE(钩子类型)     钩子地址:1952972800

02:05:46(17):(自动允许)创建文件:\\.\PIPE\lsarpc

02:05:46(18):(自动允许)创建文件:\\.\PIPE\lsarpc

02:05:46(19):(自动允许)创建文件:\\.\PIPE\lsarpc

02:05:48(20):(自动允许)创建文件:\\.\PIPE\samr

02:05:48(21):(自动允许)创建文件:\\.\PIPE\samr

02:05:48(22):(自动允许)创建文件:\\.\PIPE\samr

02:05:48(23):(自动允许)创建文件:\\.\PIPE\samr

02:05:48(24):(自动允许)创建文件:\\.\PIPE\samr

02:05:48(25):(自动允许)创建文件:\\.\PIPE\samr

02:05:48(26):(阻止)加载全局钩子:WH_KEYBOARD(钩子类型)     钩子地址:1952972800

02:05:48(27):(阻止)加载全局钩子:WH_MOUSE(钩子类型)     钩子地址:1952972800

02:05:48(28):(自动允许)创建文件:\\.\PIPE\lsarpc

02:05:48(29):(自动允许)创建文件:\\.\PIPE\lsarpc

02:05:48(30):(自动允许)读取文件:\\.\MountPointManager     访问权限:0

02:05:48(31):(自动允许)读取文件:\\.\MountPointManager     访问权限:0

02:05:48(32):(自动允许)读取文件:\\.\MountPointManager     访问权限:0

02:05:48(33):(自动允许)读取文件:\\.\MountPointManager     访问权限:0

02:05:48(34):(自动允许)创建注册表键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb75dde0-d802-11e6-b8b3-806d6172696f}\

02:05:48(35):(阻止)写注册表值:\BaseClass

02:05:48(36):(自动允许)读取文件:\\.\MountPointManager     访问权限:0

02:05:48(37):(自动允许)读取文件:\\.\MountPointManager     访问权限:0

02:05:48(38):(自动允许)创建注册表键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb75ddde-d802-11e6-b8b3-806d6172696f}\

02:05:48(39):(阻止)写注册表值:\BaseClass

02:05:49(40):(自动允许)创建注册表键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

02:05:49(41):(自动允许)创建注册表键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

02:05:49(42):(阻止)写注册表值:\Recent

02:05:49(43):(自动允许)程序自身创建远程线程

02:05:49(44):(阻止)加载全局钩子:WH_KEYBOARD(钩子类型)     钩子地址:1952972800

02:05:49(45):(阻止)加载全局钩子:WH_MOUSE(钩子类型)     钩子地址:1952972800

02:05:49(46):(自动允许)读取文件:C:\WINDOWS\Registration\R000000000007.clb     访问权限:-2147483648

02:05:49(47):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM

02:05:49(48):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM

02:05:49(49):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM

02:05:49(50):(自动允许)创建文件:\\.\PIPE\lsarpc

02:05:49(51):(自动允许)程序自身创建远程线程

02:05:49(52):(自动允许)程序自身创建远程线程

02:05:49(53):(自动允许)程序自身创建远程线程

02:05:49(54):(自动允许)创建文件:\\.\PIPE\lsarpc

02:05:49(55):(自动允许)程序自身创建远程线程

02:05:49(56):(安全环境)创建文件:C:\WINDOWS\system32\WBEM\Logs\wbemprox.log     访问权限:1073741824

02:05:49(57):(安全环境)创建文件:C:\WINDOWS\system32\WBEM\Logs\wbemprox.log     访问权限:1073741824

02:05:49(58):(安全环境)创建文件:C:\WINDOWS\system32\WBEM\Logs\wbemprox.log     访问权限:1073741824

02:05:49(59):(自动允许)创建文件:\\.\PIPE\samr

02:05:49(60):(自动允许)程序自身创建远程线程

02:05:49(61):(阻止)设置文件属性:c:

02:05:49(62):(阻止)设置文件属性:c:\documents and settings\

02:05:49(63):(阻止)设置文件属性:c:\documents and settings\all users\

02:05:49(64):(阻止)设置文件属性:c:\documents and settings\default user\

02:05:49(65):(阻止)设置文件属性:c:\documents and settings\localservice\

02:05:49(66):(阻止)设置文件属性:c:\documents and settings\networkservice\

02:05:49(67):(阻止)设置文件属性:c:\documents and settings\wang\

02:05:49(68):(阻止)设置文件属性:c:\documents and settings\wang\application data\

02:05:49(69):(阻止)设置文件属性:c:\documents and settings\wang\application data\identities\

02:05:49(70):(阻止)设置文件属性:c:\documents and settings\wang\application data\identities\{e501915d-4cfc-4936-b82d-0384cd6fc844}\

02:05:49(71):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\

02:05:49(72):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\credentials\

02:05:49(73):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\credentials\s-1-5-21-602162358-2139871995-1801674531-1003\

02:05:49(74):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\imjp8_1\

02:05:49(75):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\internet explorer\

02:05:49(76):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\internet explorer\quick launch\

02:05:49(77):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\media player\

02:05:50(78):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\systemcertificates\

02:05:50(79):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\systemcertificates\my\

02:05:50(80):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\systemcertificates\my\certificates\

02:05:50(81):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\systemcertificates\my\crls\

02:05:50(82):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\systemcertificates\my\ctls\

02:05:50(83):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\windows\

02:05:50(84):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\windows\themes\

02:05:50(85):(阻止)设置文件属性:c:\documents and settings\wang\cookies\

02:05:50(86):(阻止)设置文件属性:c:\documents and settings\wang\favorites\

02:05:50(87):(阻止)设置文件属性:c:\documents and settings\wang\favorites\链接\

02:05:50(88):(阻止)设置文件属性:c:\documents and settings\wang\local settings\

02:05:50(89):(阻止)设置文件属性:c:\documents and settings\wang\my documents\

02:05:50(90):(阻止)设置文件属性:c:\documents and settings\wang\my documents\my music\

02:05:50(91):(阻止)设置文件属性:c:\documents and settings\wang\my documents\my pictures\

02:05:50(92):(阻止)设置文件属性:c:\documents and settings\wang\nethood\

02:05:50(93):(阻止)设置文件属性:c:\documents and settings\wang\printhood\

02:05:50(94):(阻止)设置文件属性:c:\documents and settings\wang\recent\

02:05:50(95):(阻止)设置文件属性:c:\documents and settings\wang\sendto\

02:05:50(96):(阻止)设置文件属性:c:\documents and settings\wang\templates\

02:05:50(97):(阻止)设置文件属性:c:\documents and settings\wang\「开始」菜单\

02:05:50(98):(阻止)设置文件属性:c:\documents and settings\wang\「开始」菜单\程序\

02:05:50(99):(阻止)设置文件属性:c:\documents and settings\wang\「开始」菜单\程序\启动\

02:05:50(100):(阻止)设置文件属性:c:\documents and settings\wang\「开始」菜单\程序\附件\

02:05:50(101):(阻止)设置文件属性:c:\documents and settings\wang\「开始」菜单\程序\附件\娱乐\

02:05:50(102):(阻止)设置文件属性:c:\documents and settings\wang\「开始」菜单\程序\附件\辅助工具\

02:05:50(103):(阻止)设置文件属性:c:\documents and settings\wang\桌面\

02:05:50(104):(阻止)设置文件属性:c:\documents and settings\wang\桌面\4\

02:05:50(105):(阻止)设置文件属性:c:\documents and settings\wang\桌面\file_safe\

02:05:50(106):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\

02:05:50(107):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\

02:05:50(108):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\autoupdate\

02:05:50(109):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\autoupdate\download\

02:05:50(110):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\autoupdate\download\updater\

02:05:50(111):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\skin\

02:05:50(112):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\sounds\

02:05:50(113):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\

02:05:50(114):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\

02:05:50(115):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\autobackupfilelist\

02:05:50(116):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\学雷锋做人\

02:05:50(117):(阻止)设置文件属性:c:\program files\

02:05:50(118):(阻止)设置文件属性:c:\recycler\

02:05:50(119):(阻止)设置文件属性:c:\system volume information\

02:05:50(120):(阻止)设置文件属性:c:\windows\

02:05:50(121):(阻止)设置文件属性:c:\program files\bitcoin

02:05:50(122):(阻止)设置文件属性:c:\documents and settings\wang\application data\bitcoin

02:05:50(123):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\bitcoin

02:05:50(124):(阻止)设置文件属性:c:\program files\excel

02:05:50(125):(阻止)设置文件属性:c:\documents and settings\wang\application data\excel

02:05:50(126):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\excel

02:05:50(127):(阻止)设置文件属性:c:\program files\microsoft sql server

02:05:50(128):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft sql server

02:05:50(129):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\microsoft sql server

02:05:50(130):(阻止)设置文件属性:c:\program files\microsoft\excel

02:05:50(131):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\excel

02:05:50(132):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\microsoft\excel

02:05:50(133):(阻止)设置文件属性:c:\program files\microsoft\microsoft sql server

02:05:50(134):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\microsoft sql server

02:05:50(135):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\microsoft\microsoft sql server

02:05:50(136):(阻止)设置文件属性:c:\program files\microsoft\office

02:05:50(137):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\office

02:05:50(138):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\microsoft\office

02:05:50(139):(阻止)设置文件属性:c:\program files\microsoft\onenote

02:05:50(140):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\onenote

02:05:50(141):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\microsoft\onenote

02:05:50(142):(阻止)设置文件属性:c:\program files\microsoft\outlook

02:05:50(143):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\outlook

02:05:50(144):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\microsoft\outlook

02:05:50(145):(阻止)设置文件属性:c:\program files\microsoft\powerpoint

02:05:50(146):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\powerpoint

02:05:50(147):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\microsoft\powerpoint

02:05:50(148):(阻止)设置文件属性:c:\program files\microsoft\word

02:05:50(149):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\word

02:05:50(150):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\microsoft\word

02:05:50(151):(阻止)设置文件属性:c:\program files\office

02:05:50(152):(阻止)设置文件属性:c:\documents and settings\wang\application data\office

02:05:50(153):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\office

02:05:50(154):(阻止)设置文件属性:c:\program files\onenote

02:05:50(155):(阻止)设置文件属性:c:\documents and settings\wang\application data\onenote

02:05:50(156):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\onenote

02:05:50(157):(阻止)设置文件属性:c:\program files\outlook

02:05:50(158):(阻止)设置文件属性:c:\documents and settings\wang\application data\outlook

02:05:50(159):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\outlook

02:05:50(160):(阻止)设置文件属性:c:\program files\powerpoint

02:05:50(161):(阻止)设置文件属性:c:\documents and settings\wang\application data\powerpoint

02:05:50(162):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\powerpoint

02:05:50(163):(阻止)设置文件属性:c:\program files\steam

02:05:50(164):(阻止)设置文件属性:c:\documents and settings\wang\application data\steam

02:05:50(165):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\steam

02:05:50(166):(阻止)设置文件属性:c:\program files\the bat!

02:05:50(167):(阻止)设置文件属性:c:\documents and settings\wang\application data\the bat!

02:05:50(168):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\the bat!

02:05:50(169):(阻止)设置文件属性:c:\program files\thunderbird

02:05:50(170):(阻止)设置文件属性:c:\documents and settings\wang\application data\thunderbird

02:05:50(171):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\thunderbird

02:05:50(172):(阻止)设置文件属性:c:\program files\word

02:05:50(173):(阻止)设置文件属性:c:\documents and settings\wang\application data\word

02:05:50(174):(阻止)设置文件属性:c:\documents and settings\wang\local settings\application data\word

02:05:50(175):(阻止)设置文件属性:c:\documents and settings\wang\my documents

02:05:50(176):(阻止)设置文件属性:c:\documents and settings\wang\my documents\my music\

02:05:50(177):(阻止)设置文件属性:c:\documents and settings\wang\my documents\my pictures\

02:05:50(178):(阻止)设置文件属性:c:\documents and settings\wang\desktop

02:05:50(179):(自动允许)程序自身创建远程线程

02:05:50(180):(自动允许)程序自身创建远程线程

02:05:50(181):(阻止)设置文件属性:c:\bootfont.bin

02:05:50(182):(安全环境)创建文件:c:\bootfont.bin     访问权限:-1073741824

02:05:50(183):(阻止)设置文件属性:c:\documents and settings\wang\application data\microsoft\internet explorer\brndlog.txt

02:05:50(184):(安全环境)创建文件:c:\documents and settings\wang\application data\microsoft\internet explorer\brndlog.txt     访问权限:-1073741824

02:05:50(185):(阻止)设置文件属性:c:\documents and settings\wang\cookies\index.dat

02:05:50(186):(安全环境)创建文件:c:\documents and settings\wang\cookies\index.dat     访问权限:-1073741824

02:05:50(187):(阻止)设置文件属性:c:\documents and settings\wang\templates\excel.xls

02:05:50(188):(安全环境)创建文件:c:\documents and settings\wang\templates\excel.xls     访问权限:-1073741824

02:05:51(189):(阻止)设置文件属性:c:\documents and settings\wang\templates\powerpnt.ppt

02:05:51(190):(安全环境)创建文件:c:\documents and settings\wang\templates\powerpnt.ppt     访问权限:-1073741824

02:05:51(191):(阻止)设置文件属性:c:\documents and settings\wang\templates\quattro.wb2

02:05:51(192):(安全环境)创建文件:c:\documents and settings\wang\templates\quattro.wb2     访问权限:-1073741824

02:05:51(193):(阻止)设置文件属性:c:\documents and settings\wang\templates\winword.doc

02:05:51(194):(安全环境)创建文件:c:\documents and settings\wang\templates\winword.doc     访问权限:-1073741824

02:05:51(195):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\appsettingapp.dat

02:05:51(196):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\appsettingapp.dat     访问权限:-1073741824

02:05:51(197):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\resource.db

02:05:51(198):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\resource.db     访问权限:-1073741824

02:05:51(199):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\skin\default.db

02:05:51(200):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\skin\default.db     访问权限:-1073741824

02:05:51(201):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\skin\duiengineskin.zip

02:05:51(202):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\skin\duiengineskin.zip     访问权限:-1073741824

02:05:51(203):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\sounds\1.wav

02:05:51(204):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\sounds\1.wav     访问权限:-1073741824

02:05:51(205):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\sounds\2.wav

02:05:51(206):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\sounds\2.wav     访问权限:-1073741824

02:05:51(207):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\sounds\3.wav

02:05:51(208):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\sounds\3.wav     访问权限:-1073741824

02:05:51(209):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\sounds\4.wav

02:05:51(210):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\sounds\4.wav     访问权限:-1073741824

02:05:51(211):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyuncachefilev0.db

02:05:51(212):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyuncachefilev0.db     访问权限:-1073741824

02:05:51(213):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyundevice.db

02:05:51(214):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyundevice.db     访问权限:-1073741824

02:05:51(215):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyunguanjia.db

02:05:51(216):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyunguanjia.db     访问权限:-1073741824

02:05:51(217):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyunmboxv0.db

02:05:51(218):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyunmboxv0.db     访问权限:-1073741824

02:05:51(219):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyunpt2pt.db

02:05:51(220):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\baiduyunpt2pt.db     访问权限:-1073741824

02:05:51(221):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\personalsetting.xml

02:05:51(222):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\personalsetting.xml     访问权限:-1073741824

02:05:51(223):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\personalsetting.xml.bak

02:05:51(224):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\9a8d2268a393a3a626ece9d58f823e36\personalsetting.xml.bak     访问权限:-1073741824

02:05:51(225):(阻止)设置文件属性:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\baidunetdiskdata.dat

02:05:51(226):(安全环境)创建文件:c:\documents and settings\wang\桌面\流氓百度\baidunetdisk\users\baidunetdiskdata.dat     访问权限:-1073741824

02:05:51(227):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\tmp4.tmp     访问权限:-2147483648

02:05:51(228):(自动允许)设置文件属性:C:\DOCUME~1\wang\LOCALS~1\Temp\tmp4.tmp

02:05:51(229):(自动允许)创建文件:C:\DOCUME~1\wang\LOCALS~1\Temp\tmp4.bmp

02:05:51(230):(自动允许)读取文件:C:\DOCUME~1\wang\LOCALS~1\Temp\tmp4.bmp     访问权限:-2147483648

02:05:54(231):(安全环境)创建文件:c:\documents and settings\wang\桌面\_HELP_HELP_HELP_IQNKP.hta     访问权限:1073741824

02:05:54(232):(阻止)运行外部程序地址:c:\documents and settings\wang\桌面\_HELP_HELP_HELP_IQNKP.hta     命令行:

02:05:54(233):(安全环境)创建文件:c:\documents and settings\wang\桌面\_HELP_HELP_HELP_IQNKP.jpg     访问权限:1073741824

02:05:54(234):(阻止)运行外部程序地址:c:\documents and settings\wang\桌面\_HELP_HELP_HELP_IQNKP.jpg     命令行:

02:05:54(235):(阻止)创建注册表键:812\Software\Microsoft\Multimedia\Audio

02:05:54(236):(阻止)创建注册表键:824\Software\Microsoft\Multimedia\Audio Compression Manager\

02:05:54(237):(阻止)创建注册表键:824\Software\Microsoft\Multimedia\Audio Compression Manager\

02:05:54(238):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(239):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(240):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices

02:05:54(241):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(242):(阻止)写注册表值:\DefaultTokenId

02:05:54(243):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(244):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(245):(自动允许)打开驱动对象:AudioSrv

02:05:54(246):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:05:54(247):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:05:54(248):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:05:54(249):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:05:54(250):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses

02:05:54(251):(安全环境)创建文件:\\?\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}     访问权限:-1073741824

02:05:54(252):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:05:54(253):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:05:54(254):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:05:54(255):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:05:54(256):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses

02:05:54(257):(安全环境)创建文件:\\?\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}     访问权限:-1073741824

02:05:54(258):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:05:54(259):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:05:54(260):(自动允许)读取文件:wdmaud.drv     访问权限:0

02:05:54(261):(自动允许)读取文件:C:\WINDOWS\system32\wdmaud.drv     访问权限:0

02:05:54(262):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses

02:05:54(263):(安全环境)创建文件:\\?\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}     访问权限:-1073741824

02:05:54(264):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(265):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices

02:05:54(266):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(267):(阻止)写注册表值:\DefaultTokenId

02:05:54(268):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(269):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(270):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(271):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices

02:05:54(272):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(273):(阻止)写注册表值:\DefaultTokenId

02:05:54(274):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(275):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(276):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(277):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices

02:05:54(278):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(279):(阻止)写注册表值:\DefaultTokenId

02:05:54(280):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(281):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(282):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(283):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices

02:05:54(284):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(285):(阻止)写注册表值:\DefaultTokenId

02:05:54(286):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(287):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(288):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(289):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices

02:05:54(290):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Voices

02:05:54(291):(阻止)写注册表值:\DefaultTokenId

02:05:54(292):(自动允许)创建注册表键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(293):(自动允许)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\AudioOutput

02:05:54(294):(自动允许)创建文件:\\.\Global\hgfs

02:05:54(295):(自动允许)创建文件:\\.\Global\hgfs

02:05:54(296):(自动允许)创建文件:\\.\Global\hgfs

02:05:54(297):(自动允许)创建文件:\\.\Global\hgfs

02:05:54(298):(自动允许)创建文件:\\.\PIPE\wkssvc

02:05:54(299):(自动允许)打开驱动对象:LanmanWorkstation

02:06:07(300):(自动允许)打开驱动对象:LanmanWorkstation

02:06:07(301):(自动允许)读取文件:\\.\shadow     访问权限:32

02:06:32(302):(自动允许)打开驱动对象:WebClient

02:06:32(303):(自动允许)打开驱动对象:WebClient

02:06:32(304):(自动允许)创建文件:\\.\PIPE\DAV RPC SERVICE

02:06:32(305):(自动允许)访问其他进程:1388(进程PID)     进程句柄:448     获取权限:64

02:06:32(306):(自动允许)访问其他进程:1388(进程PID)     进程句柄:420     获取权限:64[/mw_shl_code]
回复

举报

欧阳宣
头像被屏蔽
发表于 2017-1-28 02:34:45 | 显示全部楼层
avast kill all
回复

举报

linzh
发表于 2017-1-28 03:25:24 | 显示全部楼层
本帖最后由 linzh 于 2017-1-28 03:28 编辑

ESET kill all
[mw_shl_code=css,true]时间;扫描程序;对象类型;对象;威胁;操作;用户;信息;哈希;此处首次所见
2017/1/27 14:27:48;文件系统实时防护;文件;C:\Users\linzh\Desktop\4\2.exe;Win32/Agent.RVQ 特洛伊木马;通过删除清除;LINZH-NOTEBOOK\linzh;在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe (ADD0B2FF92CE12DDBD58324FEBD3B09F43FA1A01).;0DF45A365E2135531B0BEBA8E50D0453EEE70047;2017/1/27 14:27:47
2017/1/27 14:27:48;文件系统实时防护;文件;C:\Users\linzh\Desktop\4\4.exe;Win32/Kryptik.FNMW 特洛伊木马 的变种;通过删除清除;LINZH-NOTEBOOK\linzh;在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe (ADD0B2FF92CE12DDBD58324FEBD3B09F43FA1A01).;234C29F8BF3EB05F433043A120CD272D2EB26D7C;2017/1/27 14:27:47
2017/1/27 14:27:48;文件系统实时防护;文件;C:\Users\linzh\Desktop\4\1.exe;NSIS/Injector.SR 特洛伊木马;通过删除清除;LINZH-NOTEBOOK\linzh;在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.;;
2017/1/27 14:27:48;文件系统实时防护;文件;C:\Users\linzh\Desktop\4\3.exe;NSIS/Injector.SR 特洛伊木马;通过删除清除;LINZH-NOTEBOOK\linzh;在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.;;[/mw_shl_code]
回复

举报

a939707506
头像被屏蔽
发表于 2017-1-28 09:32:35 | 显示全部楼层
Zemana kill NO.2
回复

举报

b0022
发表于 2017-1-28 10:53:09 | 显示全部楼层
immunet 解压全杀
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-6 16:18 , Processed in 0.128808 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表