本帖最后由 路过~~~ 于 2020-3-4 23:22 编辑
【1】2020-03-04 23:00:00,高级防护,自定义防护,DrvInst.exe触犯自定义防护规则, 已允许
操作进程:C:\WINDOWS\system32\DrvInst.exe
命令行:DrvInst.exe "2" "201" "USB\VID_0AC8&PID_301B\5&35EA971A&1&1" "C:\WINDOWS\INF\oem33.inf" "usbvm31b.inf:6750340babadbc7e:VM.USBDCam302.NTamd64:301.4.328.7:usb\vid_0ac8&pid_301b," "4285409cb" "00000000000001D0"
防护项目:[结束]木马行为防护.B.01
操作目标:【写入】 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Domino\Owners
操作结果:已允许
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【2】2020-03-04 22:59:59,高级防护,自定义防护,DrvInst.exe触犯自定义防护规则, 已允许
操作进程:C:\WINDOWS\system32\DrvInst.exe
命令行:DrvInst.exe "2" "201" "USB\VID_0AC8&PID_301B\5&35EA971A&1&1" "C:\WINDOWS\INF\oem33.inf" "usbvm31b.inf:6750340babadbc7e:VM.USBDCam302.NTamd64:301.4.328.7:usb\vid_0ac8&pid_301b," "4285409cb" "00000000000001D0"
防护项目:[结束]木马行为防护.B.01
操作目标:【写入】 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Domino
操作结果:已允许
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【3】2020-03-04 22:57:44,高级防护,自定义防护,DrvInst.exe触犯自定义防护规则, 已允许
操作进程:C:\WINDOWS\system32\DrvInst.exe
命令行:DrvInst.exe "1" "0" "USB\VID_0AC8&PID_301B\5&35ea971a&1&1" "" "" "4e72cbcdb" "0000000000000000"
防护项目:[结束]木马行为防护.B.01
操作目标:【写入】 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Domino
操作结果:已允许
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
看样子貌似是系统在对我的一个远古摄像头的相关驱动在进行操作?(刚刚写错了,看了一眼摄像头还连着)一开机连弹三个拦截窗口 |
楼主: Jerry.Lin
[复制链接]
发表于 2020-3-4 21:12:43
楼主