收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 高高高質量Result: 1/ 41 (2.4%)
123下一页
返回列表 发新帖
楼主: post8
 收起左侧

[病毒样本] 高高高質量Result: 1/ 41 (2.4%)

  [复制链接]
hddu
发表于 2011-1-6 13:09:38 | 显示全部楼层
2011-01-06 12:40:43    创建文件      操作:允许
进程路径:F:\virus\Windows\Windows.exe
文件路径:C:\windows\system32\reg.reg
触发规则:所有程序规则->白名单与黑名单->*\*.reg

2011-01-06 12:40:43    运行应用程序      操作:允许
进程路径:F:\virus\Windows\Windows.exe
文件路径:C:\WINDOWS\system32\cmd.exe
命令行:/c regedit /s C:\windows\system32\reg.reg
触发规则:所有程序规则->系统程序设置->%windir%\system32\cmd.exe

2011-01-06 12:40:44    运行应用程序      操作:阻止
进程路径:C:\WINDOWS\system32\cmd.exe
文件路径:C:\WINDOWS\regedit.exe
命令行:/s C:\windows\system32\reg.reg
触发规则:应用程序规则->系统程序->%windir%\system32\cmd.exe->%windir%\regedit.exe

2011-01-06 12:40:44    创建文件      操作:允许
进程路径:F:\virus\Windows\Windows.exe
文件路径:C:\windows\system32\Windows.exe
触发规则:所有程序规则->WINDOWS文件设置->%windir%\system32\*.exe

2011-01-06 12:40:44    运行应用程序      操作:允许
进程路径:F:\virus\Windows\Windows.exe
文件路径:C:\WINDOWS\system32\cmd.exe
命令行:/c tasklist
触发规则:所有程序规则->系统程序设置->%windir%\system32\cmd.exe

2011-01-06 12:40:44    运行应用程序      操作:阻止并结束进程
进程路径:C:\WINDOWS\system32\cmd.exe
文件路径:C:\WINDOWS\system32\tasklist.exe
触发规则:所有程序规则->系统程序设置->%windir%\system32\tasklist.exe





本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

hansyu
发表于 2011-1-6 13:44:10 | 显示全部楼层
miss,to AVG
回复

举报

sqcs 该用户已被删除
发表于 2011-1-6 14:03:49 | 显示全部楼层
微软说不是恶意软件
回复

举报

江湖的fans
发表于 2011-1-6 14:21:09 | 显示全部楼层
金山鉴定中.....
回复

举报

江湖的fans
发表于 2011-1-6 14:27:19 | 显示全部楼层
2011-01-06 14:25:06 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\system32\imm32.dll C:\WINDOWS\system32\imm32.dll
2011-01-06 14:25:06 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll
2011-01-06 14:25:06 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2011-01-06 14:25:06 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\system32\wsock32.dll C:\WINDOWS\system32\wsock32.dll
2011-01-06 14:25:07 C:\Documents and Settings\Administrator\桌面\Windows.exe创建文件C:\KSafeBox\DB72F90E\windows\system32\reg.reg C:\KSafeBox\DB72F90E\windows\system32\reg.reg
2011-01-06 14:25:07 C:\Documents and Settings\Administrator\桌面\Windows.exe写文件C:\KSafeBox\DB72F90E\windows\system32\reg.reg C:\KSafeBox\DB72F90E\windows\system32\reg.reg
2011-01-06 14:25:07 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\system32\apphelp.dll C:\WINDOWS\system32\apphelp.dll
2011-01-06 14:25:07 C:\Documents and Settings\Administrator\桌面\Windows.exe创建进程C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\WINDOWS\AppPatch\AcGenral.dll C:\WINDOWS\AppPatch\AcGenral.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\WINDOWS\system32\imm32.dll C:\WINDOWS\system32\imm32.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\ HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\WINDOWS\system32\apphelp.dll C:\WINDOWS\system32\apphelp.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建进程C:\WINDOWS\system32\conime.exe C:\WINDOWS\system32\conime.exe
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建进程C:\WINDOWS\regedit.exe C:\WINDOWS\regedit.exe
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe加载库文件C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe加载库文件C:\WINDOWS\AppPatch\AcGenral.dll C:\WINDOWS\AppPatch\AcGenral.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\ HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe加载库文件C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe加载库文件C:\WINDOWS\system32\authz.dll C:\WINDOWS\system32\authz.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe加载库文件C:\WINDOWS\system32\aclui.dll C:\WINDOWS\system32\aclui.dll
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe加载库文件C:\WINDOWS\system32\ulib.dll C:\WINDOWS\system32\ulib.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe加载库文件C:\Program Files\KSafe\ksfmon.dll C:\Program Files\KSafe\ksfmon.dll
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe加载库文件C:\WINDOWS\system32\clb.dll C:\WINDOWS\system32\clb.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe加载库文件C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSCTF.dll
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe加载库文件C:\WINDOWS\AppPatch\AcGenral.dll C:\WINDOWS\AppPatch\AcGenral.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\conime.exe加载库文件C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msctfime.ime
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe加载库文件C:\WINDOWS\system32\imm32.dll C:\WINDOWS\system32\imm32.dll
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\ HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\DB72F90E\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2011-01-06 14:25:07 C:\WINDOWS\regedit.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2011-01-06 14:25:07 结束进程C:\WINDOWS\regedit.exe C:\WINDOWS\regedit.exe
2011-01-06 14:25:07 结束进程C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe
2011-01-06 14:25:07 C:\Documents and Settings\Administrator\桌面\Windows.exe创建文件C:\KSafeBox\DB72F90E\windows\system32\Windows.exe C:\KSafeBox\DB72F90E\windows\system32\Windows.exe
2011-01-06 14:25:07 C:\Documents and Settings\Administrator\桌面\Windows.exe写文件C:\KSafeBox\DB72F90E\windows\system32\Windows.exe C:\KSafeBox\DB72F90E\windows\system32\Windows.exe
2011-01-06 14:25:07 C:\Documents and Settings\Administrator\桌面\Windows.exe创建进程C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\WINDOWS\AppPatch\AcGenral.dll C:\WINDOWS\AppPatch\AcGenral.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\WINDOWS\system32\imm32.dll C:\WINDOWS\system32\imm32.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\ HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe加载库文件C:\WINDOWS\system32\apphelp.dll C:\WINDOWS\system32\apphelp.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\cmd.exe创建进程C:\WINDOWS\system32\tasklist.exe C:\WINDOWS\system32\tasklist.exe
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\wbem\framedyn.dll C:\WINDOWS\system32\wbem\framedyn.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\netapi32.dll C:\WINDOWS\system32\netapi32.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\dbghelp.dll C:\WINDOWS\system32\dbghelp.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\AppPatch\AcGenral.dll C:\WINDOWS\AppPatch\AcGenral.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\imm32.dll C:\WINDOWS\system32\imm32.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\ HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe创建注册表键值HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 HKEY_USERS\S-1-5-21-1993962763-2111687655-1606980848-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\Program Files\KSafe\ksfmon.dll C:\Program Files\KSafe\ksfmon.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSCTF.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\system32\xpsp2res.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\clbcatq.dll C:\WINDOWS\system32\clbcatq.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\comres.dll C:\WINDOWS\system32\comres.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\wbem\wbemprox.dll C:\WINDOWS\system32\wbem\wbemprox.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\wbem\wbemcomn.dll C:\WINDOWS\system32\wbem\wbemcomn.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\winsta.dll C:\WINDOWS\system32\winsta.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\wbem\wbemsvc.dll C:\WINDOWS\system32\wbem\wbemsvc.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\wbem\fastprox.dll C:\WINDOWS\system32\wbem\fastprox.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\msvcp60.dll C:\WINDOWS\system32\msvcp60.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\ntdsapi.dll C:\WINDOWS\system32\ntdsapi.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe加载库文件C:\WINDOWS\system32\dnsapi.dll C:\WINDOWS\system32\dnsapi.dll
2011-01-06 14:25:07 C:\WINDOWS\system32\tasklist.exe创建注册表键值HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
2011-01-06 14:25:08 C:\WINDOWS\system32\tasklist.exe发送消息C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe
2011-01-06 14:25:08 C:\WINDOWS\system32\tasklist.exe发送消息C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
2011-01-06 14:25:08 结束进程C:\WINDOWS\system32\tasklist.exe C:\WINDOWS\system32\tasklist.exe
2011-01-06 14:25:08 结束进程C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe
2011-01-06 14:25:11 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\mswsock.dll
2011-01-06 14:25:11 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\system32\dnsapi.dll C:\WINDOWS\system32\dnsapi.dll
2011-01-06 14:25:11 C:\Documents and Settings\Administrator\桌面\Windows.exe创建注册表键值HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
2011-01-06 14:25:11 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\system32\winrnr.dll C:\WINDOWS\system32\winrnr.dll
2011-01-06 14:25:11 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\rasadhlp.dll
2011-01-06 14:25:11 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\hnetcfg.dll
2011-01-06 14:25:11 C:\Documents and Settings\Administrator\桌面\Windows.exe加载库文件C:\WINDOWS\system32\wshtcpip.dll C:\WINDOWS\system32\wshtcpip.dll
回复

举报

594157544
发表于 2011-1-6 14:58:47 | 显示全部楼层
过AVG和 小红伞
回复

举报

kafan120
发表于 2011-1-6 16:47:42 | 显示全部楼层
本帖最后由 kafan120 于 2011-1-6 16:49 编辑

微点杀毒报     真给力


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

dalianjhc1986
发表于 2011-1-6 17:25:08 | 显示全部楼层
Dear Dalianjhc1986,

Thank you for your submission.
The detection for this threat will be included in our next signature update.

Windows.exe - Win32/Agent.SCR trojan
Windows.exe - Win32/Agent.SCR trojan

Regards,

Szczepankiewicz Beniamin
Virus Researcher
ESET spol. s r.o.

回复

举报

恋亿晓
发表于 2011-1-6 17:27:17 | 显示全部楼层
to avast!
回复

举报

jack827
发表于 2011-1-6 20:38:05 | 显示全部楼层
NOD32已可殺


回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-15 06:54 , Processed in 0.103226 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表