收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 国外杀毒软件 COMODO xp下的v4简单规则【3月8日更新】
12345678910... 11下一页
返回列表 发新帖
楼主: 柯林
 收起左侧

[规则] xp下的v4简单规则【3月8日更新】

  [复制链接]
308099459
发表于 2010-4-4 22:00:01 | 显示全部楼层
柯老大给俺看看这是怎么了把
回复

举报

308099459
发表于 2010-4-4 22:07:16 | 显示全部楼层

部分 日志

本帖最后由 308099459 于 2010-4-8 20:47 编辑

回复 1# 柯林   柯老大你给俺看看吧什么原因 QQ截图直接黑屏  上逍遥传说  无法更新公告 D+事件提示
DNS/RPC 客户端访问\RPC Control\DNSResolver
还有QQ拼音提示也 相同            附件就是那个让人伤心的规则
[size=+1]COMODO Firewall - Log Viewer 日志
: Defense+ 事件
日期创建: 2010-4-4 21:50:24
过滤: [日期] BETWEEN 04/04/10 00:00:00 AND 04/05/10 00:00:00
记录数: 1153
日期应用程序标志目标
04/04/10 18:37:31C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe修改文件\Device\Afd\Endpoint
04/04/10 18:41:25F:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe访问COM接口C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe
04/04/10 18:41:35C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe创建进程C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderLiveUD.exe
04/04/10 18:41:38C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe修改文件\Device\Afd\Endpoint
04/04/10 18:41:40C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderLiveUD.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 18:43:13C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe修改文件\Device\Afd\Endpoint
04/04/10 18:43:43E:\多益网络\逍遥传说\xy.exe创建进程E:\多益网络\逍遥传说\patch\xy.bin
04/04/10 18:43:57E:\多益网络\逍遥传说\patch\xy.bin访问COM接口Shell.Explorer.2
04/04/10 18:44:27F:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe创建进程C:\Documents and Settings\Administrator\Local Settings\Temp\XMPSetup3.exe
04/04/10 18:44:27C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe创建进程C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\upnp.exe
04/04/10 18:44:33C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\upnp.exe修改文件\Device\Afd\Endpoint
04/04/10 18:59:07C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exeSandbox中运行低权限级别
04/04/10 18:59:07\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exeDNS/RPC 客户端访问
04/04/10 19:01:32F:\Program Files\SogouExplorer\setask.exe访问COM接口Shell.Explorer.2
04/04/10 19:01:39F:\Program Files\SogouExplorer\SogouExplorer.exeSandbox中运行低权限级别
04/04/10 19:01:39\Device\HarddiskVolume4\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问
04/04/10 19:01:39F:\Program Files\SogouExplorer\SogouExplorer.exeSandbox中运行低权限级别
04/04/10 19:01:39F:\Program Files\SogouExplorer\setask.exeSandbox中运行低权限级别
04/04/10 19:01:39F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:01:39F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:01:39F:\Program Files\SogouExplorer\setask.exeSandbox中运行低权限级别
04/04/10 19:01:44F:\Program Files\SogouExplorer\setask.exe修改注册表项HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:01:44F:\Program Files\SogouExplorer\setask.exe修改注册表项HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:01:53F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:01:53F:\Program Files\SogouExplorer\SogouExplorer.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:01:59F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:05:58C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeSandbox中运行低权限级别
04/04/10 19:05:58\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问
04/04/10 19:05:58C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:06:17C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:06:17C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:07:03C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exeSandbox中运行低权限级别
04/04/10 19:07:03\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exeDNS/RPC 客户端访问
04/04/10 19:07:28C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exeSandbox中运行低权限级别
04/04/10 19:07:28\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exeDNS/RPC 客户端访问
04/04/10 19:07:47C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeSandbox中运行低权限级别
04/04/10 19:07:47\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问
04/04/10 19:07:47C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:08:50C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeSandbox中运行低权限级别
04/04/10 19:08:50\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问
04/04/10 19:08:50C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYClipboard.exeSandbox中运行低权限级别
04/04/10 19:08:53C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exe访问COM接口Shell.Explorer.2
04/04/10 19:08:59\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYClipboard.exeDNS/RPC 客户端访问
04/04/10 19:08:59C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exeSandbox中运行低权限级别
04/04/10 19:09:00\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exeDNS/RPC 客户端访问
04/04/10 19:09:06C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exe修改注册表项HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:09:32C:\WINDOWS\Explorer.EXE修改文件C:\WINDOWS\system.ini
04/04/10 19:10:08C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exeSandbox中运行低权限级别
04/04/10 19:10:08\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exeDNS/RPC 客户端访问
04/04/10 19:10:08C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYTrayBar.exeSandbox中运行低权限级别
04/04/10 19:10:08C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:10:14C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exeSandbox中运行低权限级别
04/04/10 19:10:14C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe修改注册表项HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:10:14C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exeSandbox中运行低权限级别
04/04/10 19:10:14C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:10:14C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:10:25\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYTrayBar.exeDNS/RPC 客户端访问
04/04/10 19:10:27C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:10:27C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:10:27C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:10:30\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exeDNS/RPC 客户端访问
04/04/10 19:10:43C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe修改文件C:\Documents and Settings\Administrator\Application Data\Tencent\QQPinyin\unuseime.txt
04/04/10 19:10:48C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe修改文件\Device\NamedPipe\lsarpc
04/04/10 19:11:51C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe创建进程, 执行镜像C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe
04/04/10 19:12:08C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYLevel.exeSandbox中运行低权限级别
04/04/10 19:12:08\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYLevel.exeDNS/RPC 客户端访问
04/04/10 19:12:08C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYLevel.exe访问内存C:\WINDOWS\Explorer.EXE
04/04/10 19:12:08C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeSandbox中运行低权限级别
04/04/10 19:12:08C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:12:28C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:12:35C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:12:40F:\Program Files\SogouExplorer\SogouExplorer.exeSandbox中运行低权限级别
04/04/10 19:12:40\Device\HarddiskVolume4\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问
04/04/10 19:12:40F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:12:40F:\Program Files\SogouExplorer\setask.exeSandbox中运行低权限级别
04/04/10 19:12:40F:\Program Files\SogouExplorer\setask.exe修改注册表项HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:12:40F:\Program Files\SogouExplorer\setask.exeSandbox中运行低权限级别
04/04/10 19:12:40F:\Program Files\SogouExplorer\setask.exe修改注册表项HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:12:46F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:12:46F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:12:51C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeSandbox中运行低权限级别
04/04/10 19:12:51C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:12:59F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:13:01\Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问
04/04/10 19:13:05C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:13:05F:\Program Files\SogouExplorer\SogouExplorer.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:05F:\Program Files\SogouExplorer\setask.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:13:18F:\Program Files\SogouExplorer\SogouExplorer.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:18C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:13:18F:\Program Files\SogouExplorer\SogouExplorer.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:23F:\Program Files\SogouExplorer\SogouExplorer.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:23F:\Program Files\SogouExplorer\setask.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:13:36F:\Program Files\SogouExplorer\SogouExplorer.exeSandbox中运行低权限级别
04/04/10 19:13:36F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:13:36F:\Program Files\SogouExplorer\setask.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:13:36F:\Program Files\SogouExplorer\SogouExplorer.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:13:36F:\Program Files\SogouExplorer\SogouExplorer.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:36C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:13:47F:\Program Files\SogouExplorer\SogouExplorer.exe访问内存C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:47F:\Program Files\SogouExplorer\setask.exeDNS/RPC 客户端访问\RPC Control\DNSResolver
04/04/10 19:32:39F:\Program Files\SogouExplorer\setask.exe访问COM接口{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
04/04/10 19:32:48F:\Program Files\SogouExplorer\SogouExplorer.exe直接磁盘访问PhysicalDrive0
04/04/10 19:32:48F:\Program Files\SogouExplorer\setask.exe直接磁盘访问PhysicalDrive0
04/04/10 19:32:48F:\Program Files\SogouExplorer\setask.exe直接磁盘访问PhysicalDrive0
04/04/10 19:38:51F:\Program Files\SogouExplorer\setask.exe发送消息F:\Program Files\SogouExplorer\SogouExplorer.exe
04/04/10 19:38:51F:\Program Files\SogouExplorer\SogouExplorer.exe直接显示器访问
04/04/10 19:38:52E:\多益网络\逍遥传说\patch\xy.bin访问COM接口Shell.Explorer.2
04/04/10 19:38:59E:\多益网络\逍遥传说\patch\xy.bin修改文件\Device\Tcp
04/04/10 19:39:36E:\多益网络\逍遥传说\xymain.dllSandbox中运行低权限级别
04/04/10 19:39:37\Device\HarddiskVolume3\多益网络\逍遥传说\xymain.dllDNS/RPC 客户端访问
回复

举报

柯林
 楼主| 发表于 2010-4-4 22:13:29 | 显示全部楼层
回复 52# 308099459
你上日志吧,现在在用EQ,没个规则查看器也不好看规则。
52楼贴图来看,QQ在沙盘内运行造成的,要使用它的全功能,不要放沙盘内。
回复

举报

xuan33
发表于 2010-4-6 10:52:40 | 显示全部楼层
下来试试
回复

举报

308099459
发表于 2010-4-8 20:46:25 | 显示全部楼层
回复 53# 柯林
COMODO Firewall - Log Viewer 日志
    表 :  Defense+ 事件
    日期创建 :  2010-4-4 21:50:24
    过滤 :  [日期] BETWEEN 04/04/10 00:00:00 AND 04/05/10 00:00:00
    记录数 :  1153
日期 应用程序 标志 目标
04/04/10 18:37:31 C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe 修改文件 \Device\Afd\Endpoint
04/04/10 18:41:25 F:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe 访问COM接口 C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe
04/04/10 18:41:35 C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe 创建进程 C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderLiveUD.exe
04/04/10 18:41:38 C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe 修改文件 \Device\Afd\Endpoint
04/04/10 18:41:40 C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderLiveUD.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 18:43:13 C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe 修改文件 \Device\Afd\Endpoint
04/04/10 18:43:43 E:\多益网络\逍遥传说\xy.exe 创建进程 E:\多益网络\逍遥传说\patch\xy.bin
04/04/10 18:43:57 E:\多益网络\逍遥传说\patch\xy.bin 访问COM接口 Shell.Explorer.2
04/04/10 18:44:27 F:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe 创建进程 C:\Documents and Settings\Administrator\Local Settings\Temp\XMPSetup3.exe
04/04/10 18:44:27 C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\ThunderService.exe 创建进程 C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\upnp.exe
04/04/10 18:44:33 C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.71\upnp.exe 修改文件 \Device\Afd\Endpoint
04/04/10 18:59:07 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe Sandbox中运行 低权限级别
04/04/10 18:59:07 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe DNS/RPC 客户端访问   
04/04/10 19:01:32 F:\Program Files\SogouExplorer\setask.exe 访问COM接口 Shell.Explorer.2
04/04/10 19:01:39 F:\Program Files\SogouExplorer\SogouExplorer.exe Sandbox中运行 低权限级别
04/04/10 19:01:39 \Device\HarddiskVolume4\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问   
04/04/10 19:01:39 F:\Program Files\SogouExplorer\SogouExplorer.exe Sandbox中运行 低权限级别
04/04/10 19:01:39 F:\Program Files\SogouExplorer\setask.exe Sandbox中运行 低权限级别
04/04/10 19:01:39 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:01:39 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:01:39 F:\Program Files\SogouExplorer\setask.exe Sandbox中运行 低权限级别
04/04/10 19:01:44 F:\Program Files\SogouExplorer\setask.exe 修改注册表项 HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:01:44 F:\Program Files\SogouExplorer\setask.exe 修改注册表项 HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:01:53 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:01:53 F:\Program Files\SogouExplorer\SogouExplorer.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:01:59 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:05:58 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe Sandbox中运行 低权限级别
04/04/10 19:05:58 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问   
04/04/10 19:05:58 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:06:17 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:06:17 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:07:03 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exe Sandbox中运行 低权限级别
04/04/10 19:07:03 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exe DNS/RPC 客户端访问   
04/04/10 19:07:28 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exe Sandbox中运行 低权限级别
04/04/10 19:07:28 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exe DNS/RPC 客户端访问   
04/04/10 19:07:47 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe Sandbox中运行 低权限级别
04/04/10 19:07:47 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问   
04/04/10 19:07:47 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:08:50 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe Sandbox中运行 低权限级别
04/04/10 19:08:50 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问   
04/04/10 19:08:50 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYClipboard.exe Sandbox中运行 低权限级别
04/04/10 19:08:53 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exe 访问COM接口 Shell.Explorer.2
04/04/10 19:08:59 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYClipboard.exe DNS/RPC 客户端访问   
04/04/10 19:08:59 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exe Sandbox中运行 低权限级别
04/04/10 19:09:00 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exe DNS/RPC 客户端访问   
04/04/10 19:09:06 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exe 修改注册表项 HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:09:32 C:\WINDOWS\Explorer.EXE 修改文件 C:\WINDOWS\system.ini
04/04/10 19:10:08 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exe Sandbox中运行 低权限级别
04/04/10 19:10:08 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYStrokesHelper.exe DNS/RPC 客户端访问   
04/04/10 19:10:08 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYTrayBar.exe Sandbox中运行 低权限级别
04/04/10 19:10:08 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYDict.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:10:14 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe Sandbox中运行 低权限级别
04/04/10 19:10:14 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe 修改注册表项 HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:10:14 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe Sandbox中运行 低权限级别
04/04/10 19:10:14 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:10:14 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:10:25 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYTrayBar.exe DNS/RPC 客户端访问   
04/04/10 19:10:27 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:10:27 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:10:27 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:10:30 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYWizard.exe DNS/RPC 客户端访问   
04/04/10 19:10:43 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe 修改文件 C:\Documents and Settings\Administrator\Application Data\Tencent\QQPinyin\unuseime.txt
04/04/10 19:10:48 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe 修改文件 \Device\NamedPipe\lsarpc
04/04/10 19:11:51 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe 创建进程, 执行镜像 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe
04/04/10 19:12:08 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYLevel.exe Sandbox中运行 低权限级别
04/04/10 19:12:08 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYLevel.exe DNS/RPC 客户端访问   
04/04/10 19:12:08 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYLevel.exe 访问内存 C:\WINDOWS\Explorer.EXE
04/04/10 19:12:08 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe Sandbox中运行 低权限级别
04/04/10 19:12:08 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:12:28 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:12:35 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:12:40 F:\Program Files\SogouExplorer\SogouExplorer.exe Sandbox中运行 低权限级别
04/04/10 19:12:40 \Device\HarddiskVolume4\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问   
04/04/10 19:12:40 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:12:40 F:\Program Files\SogouExplorer\setask.exe Sandbox中运行 低权限级别
04/04/10 19:12:40 F:\Program Files\SogouExplorer\setask.exe 修改注册表项 HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:12:40 F:\Program Files\SogouExplorer\setask.exe Sandbox中运行 低权限级别
04/04/10 19:12:40 F:\Program Files\SogouExplorer\setask.exe 修改注册表项 HKUS\S-1-5-21-2000478354-842925246-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb0b44-3e48-11df-8992-806d6172696f}\BaseClass
04/04/10 19:12:46 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:12:46 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:12:51 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe Sandbox中运行 低权限级别
04/04/10 19:12:51 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:12:59 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:13:01 \Device\HarddiskVolume1\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问   
04/04/10 19:13:05 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:13:05 F:\Program Files\SogouExplorer\SogouExplorer.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:05 F:\Program Files\SogouExplorer\setask.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:13:18 F:\Program Files\SogouExplorer\SogouExplorer.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:18 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:13:18 F:\Program Files\SogouExplorer\SogouExplorer.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:23 F:\Program Files\SogouExplorer\SogouExplorer.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:23 F:\Program Files\SogouExplorer\setask.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:13:36 F:\Program Files\SogouExplorer\SogouExplorer.exe Sandbox中运行 低权限级别
04/04/10 19:13:36 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:13:36 F:\Program Files\SogouExplorer\setask.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:13:36 F:\Program Files\SogouExplorer\SogouExplorer.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:13:36 F:\Program Files\SogouExplorer\SogouExplorer.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:36 C:\Program Files\Tencent\QQPinyin\3.1.730.201\QQPYConfig.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:13:47 F:\Program Files\SogouExplorer\SogouExplorer.exe 访问内存 C:\WINDOWS\System32\ctfmon.exe
04/04/10 19:13:47 F:\Program Files\SogouExplorer\setask.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
04/04/10 19:32:39 F:\Program Files\SogouExplorer\setask.exe 访问COM接口 {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
04/04/10 19:32:48 F:\Program Files\SogouExplorer\SogouExplorer.exe 直接磁盘访问 PhysicalDrive0
04/04/10 19:32:48 F:\Program Files\SogouExplorer\setask.exe 直接磁盘访问 PhysicalDrive0
04/04/10 19:32:48 F:\Program Files\SogouExplorer\setask.exe 直接磁盘访问 PhysicalDrive0
04/04/10 19:38:51 F:\Program Files\SogouExplorer\setask.exe 发送消息 F:\Program Files\SogouExplorer\SogouExplorer.exe
04/04/10 19:38:51 F:\Program Files\SogouExplorer\SogouExplorer.exe 直接显示器访问   
04/04/10 19:38:52 E:\多益网络\逍遥传说\patch\xy.bin 访问COM接口 Shell.Explorer.2
04/04/10 19:38:59 E:\多益网络\逍遥传说\patch\xy.bin 修改文件 \Device\Tcp
04/04/10 19:39:36 E:\多益网络\逍遥传说\xymain.dll Sandbox中运行 低权限级别
04/04/10 19:39:37 \Device\HarddiskVolume3\多益网络\逍遥传说\xymain.dll DNS/RPC 客户端访问
回复

举报

308099459
发表于 2010-4-8 20:50:05 | 显示全部楼层
对不起哈  ~~~刚刚卡机的  发重了 对不住了
回复

举报

duan
发表于 2010-4-9 10:54:27 | 显示全部楼层
感谢柯大的热心指导!
回复

举报

ppy0606
发表于 2010-4-9 11:21:36 | 显示全部楼层
谢谢柯大!我现在就是用你以前的规则,加上自己打磨的。嘿嘿·感觉很安逸。上次解决我的那个设计规则后,更加好了。
试了下V4,有点不习惯,卸了装V3
回复

举报

柯林
 楼主| 发表于 2010-4-9 19:44:54 | 显示全部楼层
本帖最后由 柯林 于 2010-4-9 19:47 编辑

回复 55# 308099459
n多日志,头都看晕。总体来说,拦截是因为没有规则明确允许,个别是路径不对。
搜狗浏览器,归入浏览器组,套浏览器权限。
QQ输入法,归入输入法组。
QQ升级服务,如果非要允许它QQ才正常,请添加进聊天工具组。

迅雷服务,添加进P2P软件组。

那个逍遥传说是游戏的话,请归入合适的游戏组。一般来说,程序只管exe文件,dll文件一般只作钩子之类的设定。
回复

举报

kingkongzh
发表于 2010-4-9 22:15:36 | 显示全部楼层
哈哈谢谢分享,收藏了
回复

举报

下一页 »
12345678910... 11下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-21 07:38 , Processed in 0.556127 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表