收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 Fedon 2/40 (5%)高質量
12
返回列表 发新帖
楼主: post8
 收起左侧

[病毒样本] Fedon 2/40 (5%)高質量

[复制链接]
hddu
发表于 2010-8-9 10:01:47 | 显示全部楼层
本帖最后由 hddu 于 2010.8.9 10:04 编辑

接10楼

2010-08-09 09:55:39    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\speednet_sph
注册表名称:[Key]
触发规则:所有程序规则->网络保护->HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services\WinSock*

2010-08-09 09:55:39    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\WINDOWS\system32\cmd.exe
命令行:/c netsh winsock reset > nul
触发规则:所有程序规则->系统程序设置->%windir%\system32\cmd.exe

2010-08-09 09:55:39    运行应用程序      操作:阻止
进程路径:C:\WINDOWS\system32\cmd.exe
文件路径:C:\WINDOWS\system32\netsh.exe
命令行:winsock reset
触发规则:所有程序规则->系统程序设置->%windir%\system32\net*.exe

2010-08-09 09:55:39    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\speednet_sph
注册表名称:[Key]
触发规则:所有程序规则->网络保护->HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services\WinSock*

2010-08-09 09:55:39    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\speednet_sph
注册表名称:[Key]
触发规则:所有程序规则->网络保护->HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services\WinSock*

2010-08-09 09:55:42    删除文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\Program Files\baidu\spass.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:42    删除文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\Program Files\baidu\dsetup.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:42    删除文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\Program Files\baidu\msfsg.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:43    删除文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\Program Files\baidu\ronown.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:43    删除文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\Program Files\baidu\ronown.sys
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:43    删除文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\Program Files\baidu\newnetgar.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:43    删除文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\Program Files\baidu\mpflt.inf
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:44    删除文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\Program Files\baidu\mpflt_m.inf
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:44    删除文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VMOHN.tmp\setup65004.tmp
文件路径:C:\Program Files\baidu\SysDat.bin
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:44    运行应用程序      操作:允许
进程路径:F:\virus\eqjbc1001[1]\eqjbc1001.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\nsk17.tmp\ns21.tmp
命令行:net start Dhcp
触发规则:所有程序规则->其它程序设置->*\Temp\*

2010-08-09 09:55:45    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\nsk17.tmp\ns21.tmp
文件路径:C:\WINDOWS\system32\conime.exe
触发规则:所有程序规则->系统程序设置->*\conime.exe

2010-08-09 09:55:45    运行应用程序      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\nsk17.tmp\ns21.tmp
文件路径:C:\WINDOWS\system32\net.exe
命令行:start Dhcp
触发规则:所有程序规则->系统程序设置->%windir%\system32\net*.exe

2010-08-09 09:55:48    删除文件      操作:使用任务隔离区操作
进程路径:F:\virus\eqjbc1001[1]\eqjbc1001.exe
文件路径:C:\Program Files\baidu\setup65004.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:53    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\eqjbc1001.exe
文件路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
触发规则:应用程序规则->其它文件设置->F:\*->F:\*.exe

2010-08-09 09:55:56    删除文件      操作:使用任务隔离区操作
进程路径:F:\virus\eqjbc1001[1]\eqjbc1001.exe
文件路径:C:\Program Files\baidu\\Program Files\baidu\error
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:55:57    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\CCPMachineInfo.dll
触发规则:所有程序规则->全局设置->?:\*.dll

2010-08-09 09:56:00    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\eqjbc1001.exe
文件路径:F:\virus\eqjbc1001[1]\kugou_1278.exe
触发规则:应用程序规则->其它文件设置->F:\*->F:\*.exe

2010-08-09 09:56:05    删除注册表      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
注册表名称:coopen
触发规则:所有程序规则->自动运行->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*

2010-08-09 09:56:06    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Program Files\Coopen
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:56:06    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Program Files\Coopen\Coopen.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:56:06    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Program Files\Coopen\CoopenAir.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:56:06    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Program Files\Coopen\CoopenMainManager.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:56:07    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Program Files\Coopen\CoopenActiveControl108.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:56:07    创建文件      操作:阻止
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Program Files\Coopen\Coopen.scr
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.scr

2010-08-09 09:56:09    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\Coopen
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:56:11    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\Coopen\Coopen播放器.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:56:12    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Program Files\Coopen\uninst.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:56:12    创建文件      操作:使用任务隔离区操作
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Coopen播放器.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\程序\启动\*.lnk

2010-08-09 09:56:14    创建文件      操作:阻止
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Documents and Settings\Administrator\Application Data\iGame27.ico
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\Application Data\*

2010-08-09 09:56:14    创建注册表值      操作:阻止
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
注册表路径:HKEY_CURRENT_USER\Control Panel\Desktop
注册表名称:SCRNSAVE.EXE
触发规则:所有程序规则->自动运行->*\Control Panel\Desktop

2010-08-09 09:56:19    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\coopen_setup_100207.exe
文件路径:C:\Documents and Settings\Administrator\桌面\Coopen.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\桌面\*.lnk

2010-08-09 09:56:33    删除文件      操作:使用任务隔离区操作
进程路径:F:\virus\eqjbc1001[1]\eqjbc1001.exe
文件路径:C:\Program Files\baidu\\Program Files\baidu\1
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:56:34    运行应用程序      操作:允许
进程路径:F:\virus\eqjbc1001[1]\kugou_1278.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
命令行:/SL5="$C04EC,9076844,334336,F:\virus\eqjbc1001[1]\kugou_1278.exe"
触发规则:所有程序规则->其它程序设置->*\Temp\*

2010-08-09 09:56:38    创建文件      操作:允许
进程路径:F:\virus\eqjbc1001[1]\eqjbc1001.exe
文件路径:F:\virus\eqjbc1001[1]\Loader_jixian_113689_s.exe
触发规则:应用程序规则->其它文件设置->F:\*->F:\*.exe

2010-08-09 09:56:39    删除文件      操作:使用任务隔离区操作
进程路径:F:\virus\eqjbc1001[1]\eqjbc1001.exe
文件路径:C:\Program Files\baidu\\Program Files\baidu\1
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:56:41    运行应用程序      操作:允许
进程路径:C:\Program Files\baidu\uninst18.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe
命令行: _?=C:\Program Files\baidu\
触发规则:所有程序规则->其它程序设置->*\Temp\*

2010-08-09 09:56:51    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\酷狗音乐
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:56:53    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\酷狗音乐\酷狗音乐2010
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:56:54    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\酷狗音乐\酷狗音乐2010\最新网页游戏.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:56:56    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

2010-08-09 09:56:56    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\unins000.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:56:56    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\unins000.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe


回复

举报

qwe1q2w
头像被屏蔽
发表于 2010-8-9 10:02:45 | 显示全部楼层
金山毒霸2011杀了
回复

举报

hddu
发表于 2010-8-9 10:03:04 | 显示全部楼层
本帖最后由 hddu 于 2010.8.9 10:05 编辑

接11楼

2010-08-09 09:56:58    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\KuGoo.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:56:58    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\KuGoo.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:56:59    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\MobileAssist.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:56:59    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\MobileAssist.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:56:59    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\KGPlayer.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:56:59    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\KGPlayer.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:01    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\Encode.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:01    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\Encode.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:01    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\MakeRing.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:01    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\MakeRing.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:02    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\SongSyn.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:02    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\SongSyn.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:03    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\WINDOWS\system32\KuGoo3DownXControl.ocx
触发规则:所有程序规则->WINDOWS文件夹全局阻止设置(一)->%windir%\system32\*.ocx

2010-08-09 09:57:03    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\WINDOWS\system32\KuGoo3DownXControl.ocx
触发规则:所有程序规则->WINDOWS文件夹全局阻止设置(一)->%windir%\system32\*.ocx

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\CrashReporter.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\CrashReporter.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\wmadmod.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\wmadmod.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\msdmo.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\msdmo.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\KGDaemon.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\KGDaemon.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_ape.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_ape.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_asf.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_asf.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_dmo.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_dmo.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_flac.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_flac.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_midi.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_midi.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_mms.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_mms.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_ogg.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_ogg.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_mp4.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_mp4.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_mpc.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_mpc.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_lame.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_lame.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_cd.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_cd.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_rm.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:07    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\AudioPlugins\kg_rm.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:07    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\DSPPlugins\dsp_DEE.DLL
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:07    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\DSPPlugins\dsp_DEE.DLL
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:07    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\GameDownload\KuGooGame.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:07    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\GameDownload\KuGooGame.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:11    创建文件      操作:允许进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\SkinMaker.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:11    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\SkinMaker.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.exe

2010-08-09 09:57:11    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\isx.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:11    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Program Files\KuGou\KuGou2010\isx.dll
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*.dll

2010-08-09 09:57:13    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\酷狗音乐\酷狗音乐2010\酷狗音乐2010.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:57:15    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\酷狗音乐\酷狗音乐2010\音乐格式转换.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:57:16    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\酷狗音乐\酷狗音乐2010\复制歌曲到随身听.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:57:17    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\酷狗音乐\酷狗音乐2010\酷狗铃声制作专家.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:57:18    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\酷狗音乐\酷狗音乐2010\卸载酷狗音乐2010.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:57:20    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\Administrator\桌面\酷狗音乐2010.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\桌面\*.lnk

2010-08-09 09:57:21    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\酷狗音乐2010.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*.lnk

2010-08-09 09:57:22    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\酷狗音乐2010.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\*菜单\*

2010-08-09 09:57:22    创建文件      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\酷狗音乐2010.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(一)->?:\Documents and Settings\*\Application Data\Microsoft\Internet Explorer\Quick Launch\*.lnk

2010-08-09 09:57:24    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-PBUHM.tmp\kugou_1278.tmp
文件路径:C:\Documents and Settings\Administrator\桌面\酷狗音乐文件夹.lnk
触发规则:所有程序规则->Documents and Settings文件夹设置(二)->?:\Documents and Settings\*\桌面\*.lnk


回复

举报

hj5abc
发表于 2010-8-9 10:41:20 | 显示全部楼层

to fs.
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-11 13:38 , Processed in 0.100607 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表