收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 有趣的样本!
1234下一页
返回列表 发新帖
楼主: Markel.Scofield
 收起左侧

[病毒样本] 有趣的样本!

  [复制链接]
win98sp123
发表于 2010-10-28 20:40:23 | 显示全部楼层
xiaoyaosanren 发表于 2010-10-24 22:12
NIS完美拦截

微点拦截不彻底

     不彻底是怎么说的,没看出来哪部彻底啊。。。
回复

举报

xiaoyaosanren
发表于 2010-10-28 21:08:50 | 显示全部楼层
回复 21楼 win98sp123 的帖子

你没看到截图上啊  生成那些删不掉的垃圾文件IE图标啊
回复

举报

hx1997
发表于 2010-10-28 22:06:32 | 显示全部楼层
2010-10-28 21:51:17    创建文件      操作:允许
进程路径:G:\Documents and Settings\Administrator.HX-C0987054243B\桌面\LEE\@#$%.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:20    运行应用程序      操作:允许
进程路径:G:\Documents and Settings\Administrator.HX-C0987054243B\桌面\LEE\@#$%.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
触发规则:所有程序规则->[应用程序防护] 3.其他->*


2010-10-28 21:51:26    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\q9q.dll
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:27    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Tencent\QQ\Bin\TaskTray.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:27    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Tencent\QQ\Bin\TaskTray.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:27    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Tencent\QQ\Bin\Shareds.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:27    删除文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Tencent\QQ\Bin\TaskTray.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:27    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Tencent\QQ\BinShareds.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:27    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Tencent\QQ\Bin\TaskTray.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:28    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\q9q.dll
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:28    删除文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Tencent\QQ\Bin\TaskTray.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:28    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Tencent\QQ\Bin\TaskTray.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:28    删除文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\q9q.dll
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:28    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Tencent\QQ\BinTaskTray.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:28    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\ips888.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:28    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\lrmjrg.txt
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:29    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\rvnumr.jpg
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:29    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\oamere.bmp
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:29    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\xxgair.gif
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:29    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\kkckft.doc
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:29    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Common Desktop
触发规则:所有程序规则->[注册表防护] 7.资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders


2010-10-28 21:51:29    安装全局钩子      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Program Files\Common Files\ips888.dll
钩子类型:WH_CBT
触发规则:所有程序规则->[应用程序防护] 3.其他->*


2010-10-28 21:51:29    安装全局钩子      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Program Files\Common Files\ips888.dll
钩子类型:WH_CBT
触发规则:所有程序规则->[应用程序防护] 3.其他->*


2010-10-28 21:51:30    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Common Desktop
触发规则:所有程序规则->[注册表防护] 7.资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders


2010-10-28 21:51:30    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:(隐藏文件)G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\ips888.dll
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:32    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\lrmjrg.txt
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:32    创建文件      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\user\all\桌面\Intennet Exploner.lnk
触发规则:所有程序规则->[文件防护] 6.桌面快捷方式控制->*\Sandbox\*\桌面\*.lnk


2010-10-28 21:51:32    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\rvnumr.jpg
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:32    创建文件      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\user\all\桌面\改变你的一生.url
触发规则:所有程序规则->[文件防护] 6.桌面快捷方式控制->*\Sandbox\*\桌面\*.url


2010-10-28 21:51:33    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\oamere.bmp
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:33    创建文件      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\user\all\桌面\淘宝购物A.url
触发规则:所有程序规则->[文件防护] 6.桌面快捷方式控制->*\Sandbox\*\桌面\*.url


2010-10-28 21:51:33    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\D\My Documents.exe
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:33    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\xxgair.gif
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:33    创建文件      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\user\all\桌面\免费电影C.url
触发规则:所有程序规则->[文件防护] 6.桌面快捷方式控制->*\Sandbox\*\桌面\*.url


2010-10-28 21:51:35    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\E\My Documents.exe
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:35    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\kkckft.doc
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:35    创建文件      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\user\current\Favorites\&缤纷网址导航&.url
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Favorites\*.url


2010-10-28 21:51:35    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\F\My Documents.exe
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:37    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\G\My Documents.exe
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:38    删除文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\lrmjrg.txt
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:38    删除文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\rvnumr.jpg
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:38    删除文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\oamere.bmp
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:38    删除文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\xxgair.gif
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:38    删除文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\kkckft.doc
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:40    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\TSTP
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:40    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Common Startup
触发规则:所有程序规则->[注册表防护] 7.资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders


2010-10-28 21:51:40    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Common Startup
触发规则:所有程序规则->[注册表防护] 7.资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders


2010-10-28 21:51:42    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\85S22.dat
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:42    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\85S22.dat
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:44    创建文件      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\user\all\「开始」菜单\程序\启动
触发规则:所有程序规则->[文件防护] 1.高危目录访问控制->*\Sandbox\*\「开始」菜单\程序\启动


2010-10-28 21:51:44    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:(隐藏文件)G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
触发规则:所有程序规则->[文件防护] 4.常用目录访问控制->*\Sandbox\*\Program Files\*


2010-10-28 21:51:44    修改文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\TSTP
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:48    创建文件      操作:允许
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
文件路径:G:\Sandbox\HX\TestVirus\drive\C\TSTP\winlogon.exe
触发规则:所有程序规则->[文件防护] 7.其他->*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravcopy.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravcopy.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanU3.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanU3.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:52    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvU3Launcher.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvU3Launcher.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*
回复

举报

hx1997
发表于 2010-10-28 22:09:36 | 显示全部楼层


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:53    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:54    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:54    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:54    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:54    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:54    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:54    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:54    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:54    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorMain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorMain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atpup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atpup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:55    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWSMain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWSMain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:56    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSMain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSMain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwstray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwstray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*
回复

举报

hx1997
发表于 2010-10-28 22:14:25 | 显示全部楼层


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:57    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:58    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:58    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:58    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:58    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:58    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:58    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:58    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:58    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:58    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiU.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiU.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp2.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:51:59    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp2.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:00    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:00    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:00    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:00    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:00    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:00    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:00    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:00    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:00    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:01    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:01    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:01    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:01    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:01    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:01    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:01    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:01    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:01    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp3.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp3.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*
回复

举报

hx1997
发表于 2010-10-28 22:15:04 | 显示全部楼层


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:02    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:03    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:03    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:03    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:03    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:03    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:03    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:03    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:03    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:03    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:04    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:05    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:05    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:05    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:05    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:05    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:05    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:05    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:05    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:05    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*
回复

举报

hx1997
发表于 2010-10-28 22:15:28 | 显示全部楼层


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:06    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWSUpd.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWSUpd.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sdrun.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sdrun.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:07    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:08    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:08    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:08    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:08    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:08    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:08    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:08    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:08    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:08    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngPS.EXE
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngPS.EXE
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\XDelBox.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\XDelBox.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:09    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\appdllman.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\appdllman.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*
回复

举报

hx1997
发表于 2010-10-28 22:15:48 | 显示全部楼层


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UFO.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\UFO.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TNT.Exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TNT.Exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:10    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:11    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\XP.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:11    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\XP.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:11    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Wsyscheck.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:11    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Wsyscheck.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:11    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TxoMoU.Exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:11    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TxoMoU.Exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:11    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AoYun.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AoYun.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Discovery.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Discovery.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernelwind32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernelwind32.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\logogo.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\logogo.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorRtp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorRtp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDGames.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDGames.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\servet.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\servet.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:12    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:13    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:13    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:13    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:13    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:13    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:13    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*
回复

举报

hx1997
发表于 2010-10-28 22:16:08 | 显示全部楼层


2010-10-28 21:52:13    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:13    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:13    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:14    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:14    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:14    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:14    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:14    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:14    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:14    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp2.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:14    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp2.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:14    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp3.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp3.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jisu.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jisu.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\filmst.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\filmst.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qheart.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qheart.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qsetup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qsetup.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxgame.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxgame.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbapp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbapp.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfserver.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfserver.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\799d.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\799d.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stormii.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stormii.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:15    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCSmashFile.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:16    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCSmashFile.exe
注册表名称:Debugger
触发规则:所有程序规则->[注册表防护] 4.映像劫持->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


2010-10-28 21:52:16    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\Classes\exefile
注册表名称:NeverShowExt
触发规则:所有程序规则->[注册表防护] 10.其他->*


2010-10-28 21:52:16    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\system\CurrentControlSet\Control\StorageDevicePolicies
注册表名称:WriteProtect
触发规则:所有程序规则->[注册表防护] 10.其他->*


2010-10-28 21:52:16    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Common Programs
触发规则:所有程序规则->[注册表防护] 7.资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders


2010-10-28 21:52:16    创建注册表值      操作:阻止
进程路径:G:\Sandbox\HX\TestVirus\drive\G\Program Files\Common Files\Microsoft Shared\explorer.exe
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows\CurrentVersion\Policies\System
注册表名称:DisableRegistryTools
触发规则:所有程序规则->[注册表防护] 10.其他->*

小动作真多...
回复

举报

Hacker29cn
发表于 2010-10-29 11:21:36 | 显示全部楼层
金山表示无压力

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-9 10:29 , Processed in 0.109318 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表