收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 多引擎VBA32报
12下一页
返回列表 发新帖
查看: 3666|回复: 15
收起左侧

[病毒样本] 多引擎VBA32报

[复制链接]
edwardcl
发表于 2011-1-6 10:19:27 | 显示全部楼层 |阅读模式

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

星晨
发表于 2011-1-6 10:22:09 | 显示全部楼层
本帖最后由 星晨 于 2011-1-6 10:27 编辑


AhnLab-V3 2011.01.06.00 2011.01.05 -
AntiVir 7.11.1.34 2011.01.05 -
Antiy-AVL 2.0.3.7 2011.01.06 -
Avast 4.8.1351.0 2011.01.05 -
Avast5 5.0.677.0 2011.01.05 -
AVG 9.0.0.851 2011.01.06 -
BitDefender 7.2 2011.01.06 -
CAT-QuickHeal 11.00 2011.01.05 -
ClamAV 0.96.4.0 2011.01.05 -
Command 5.2.11.5 2011.01.05 -
Comodo 7308 2011.01.06 -
DrWeb 5.0.2.03300 2011.01.06 -
Emsisoft 5.1.0.1 2011.01.06 -
eSafe 7.0.17.0 2011.01.05 -
eTrust-Vet 36.1.8083 2011.01.05 -
F-Prot 4.6.2.117 2011.01.05 -
F-Secure 9.0.16160.0 2011.01.06 -
Fortinet 4.2.254.0 2011.01.05 -
GData 21 2011.01.05 -
Ikarus T3.1.1.90.0 2011.01.06 -
Jiangmin 13.0.900 2011.01.05 -
K7AntiVirus 9.75.3448 2011.01.05 -
Kaspersky 7.0.0.125 2011.01.06 -
McAfee 5.400.0.1158 2011.01.06 -
McAfee-GW-Edition 2010.1C 2011.01.05 -
Microsoft 1.6402 2011.01.05 -
NOD32 5763 2011.01.05 -
Norman 6.06.12 2011.01.05 -
nProtect 2011-01-05.01 2011.01.05 -
Panda 10.0.2.7 2011.01.05 -
PCTools 7.0.3.5 2011.01.06 -
Prevx 3.0 2011.01.06 -
Rising 22.81.02.03 2011.01.05 -
Sophos 4.60.0 2011.01.06 -
SUPERAntiSpyware 4.40.0.1006 2011.01.06 -
Symantec 20101.3.0.103 2011.01.06 -
TheHacker 6.7.0.1.110 2011.01.03 -
TrendMicro 9.120.0.1004 2011.01.05 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.06 -
VBA32 3.12.14.2 2011.01.05 -
VIPRE 7970 2011.01.06 -
ViRobot 2011.1.5.4238 2011.01.05 -
VirusBuster 13.6.130.0 2011.01.05 -
回复

举报

jayavira
发表于 2011-1-6 10:46:16 | 显示全部楼层
病毒
to eset

http://samples.nod32.com.hk/inde ... b755674bb0d7ce36a14

http://www.sunbeltsecurity.com/c ... 79031DBFF3D56C10F64
回复

举报

留侯
发表于 2011-1-6 10:53:44 | 显示全部楼层
大蜘蛛clean,以上报!
回复

举报

jayavira
发表于 2011-1-6 10:55:26 | 显示全部楼层
TE分析报告

http://www.threatexpert.com/repo ... b755674bb0d7ce36a14
回复

举报

星晨
发表于 2011-1-6 10:58:07 | 显示全部楼层
2011-01-06 10:49:44  C:\UUSEE_ad9_Setup_228.exe  创建进程  C:\Program Files\uusee\UUSeePlayer.exe  
2011-01-06 10:49:59  C:\Program Files\uusee\UUSeePlayer.exe  访问内存  C:\UUSEE_ad9_Setup_228.exe  
2011-01-06 10:50:06  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  在线扫描发现恶意程序    
2011-01-06 10:50:09  C:\Users\k\AppData\Local\Temp\UUSeeDownLoad.exe  创建进程, 拦截病毒  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  
2011-01-06 10:50:14  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\uusee\UUSeePlayer.exe  
2011-01-06 10:50:15  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEE\shell\open\command  
2011-01-06 10:50:17  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEE\shell\open\command\  
2011-01-06 10:50:18  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEEREC\shell\open\command  
2011-01-06 10:50:19  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable  
2011-01-06 10:50:19  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:50:20  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEEREC\shell\open  
2011-01-06 10:50:21  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEEREC\shell\open\command\  
2011-01-06 10:50:23  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEENOTIFY\shell\open\command  
2011-01-06 10:50:24  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEENOTIFY\shell\open  
2011-01-06 10:50:26  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEENOTIFY\shell\open\command\  
2011-01-06 10:50:28  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\.ucf\  
2011-01-06 10:50:29  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEE.ucf\Shell\Open\Command  
2011-01-06 10:50:30  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEE.ucf\Shell\Open  
2011-01-06 10:50:32  C:\Users\k\AppData\Local\Temp\UUSeeDownLoad.exe  创建进程  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  
2011-01-06 10:50:33  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Classes\UUSEE.ucf\Shell\Open\Command\  
2011-01-06 10:50:33  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:50:33  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:50:33  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:50:35  C:\Program Files\uusee\UUSeePlayer.exe  直接磁盘访问  PhysicalDrive0  
2011-01-06 10:50:36  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  
2011-01-06 10:50:39  C:\Program Files\uusee\UUSeePlayer.exe  修改文件  C:\Windows\struct~.ini  
2011-01-06 10:50:40  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudServer.exe  
2011-01-06 10:50:41  C:\Users\k\AppData\Local\Temp\UUSeeDownLoad.exe  创建进程  C:\Users\k\AppData\Local\Temp\mxsetup_UUSEE.exe  
2011-01-06 10:50:43  C:\Users\k\AppData\Local\Temp\CloudServer.exe  修改注册表项  HKLM\SYSTEM\ControlSet???\Services\CloudServer  
2011-01-06 10:50:44  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable  
2011-01-06 10:50:45  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudServer.exe  
2011-01-06 10:50:46  C:\Users\k\AppData\Local\Temp\mxsetup_UUSEE.exe  创建进程  C:\Users\k\AppData\Local\Temp\nsc519C.tmp\install_data\MxInstall.exe  
2011-01-06 10:50:47  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer  
2011-01-06 10:50:47  C:\Users\k\AppData\Local\Temp\CloudServer.exe  修改注册表项  HKLM\SYSTEM\ControlSet???\Services\CloudServer  
2011-01-06 10:50:49  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride  
2011-01-06 10:50:50  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  
2011-01-06 10:50:52  C:\Program Files\uusee\UUSeePlayer.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:50:55  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudServer.exe  
2011-01-06 10:50:56  C:\Users\k\AppData\Local\Temp\nsc519C.tmp\install_data\MxInstall.exe  访问内存  C:\Program Files\COMODO\COMODO Internet Security\cfp.exe  
2011-01-06 10:50:57  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:50:57  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:50:58  C:\Program Files\uusee\UUSeePlayer.exe  访问COM接口  Shell.Explorer.2  
2011-01-06 10:50:58  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:51:00  C:\Users\k\AppData\Local\Temp\CloudServer.exe  修改注册表项  HKLM\SYSTEM\ControlSet???\Services\CloudServer  
2011-01-06 10:51:01  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudServer.exe  
2011-01-06 10:51:03  C:\Users\k\AppData\Local\Temp\CloudServer.exe  修改注册表项  HKLM\SYSTEM\ControlSet???\Services\CloudServer  
2011-01-06 10:51:07  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  在线扫描发现恶意程序    
2011-01-06 10:51:09  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}  
2011-01-06 10:51:10  C:\Users\k\AppData\Local\Temp\360Inst-uusee.exe  在线扫描发现恶意程序    
2011-01-06 10:51:10  C:\Users\k\AppData\Local\Temp\nsc519C.tmp\install_data\MxInstall.exe  在线扫描发现安全程序    
2011-01-06 10:51:10  C:\Users\k\AppData\Local\Temp\nsc519C.tmp\install_data\MxInstall.exe  在线扫描发现安全程序    
2011-01-06 10:51:10  C:\Users\k\AppData\Roaming\Maxthon2\Maxthon.exe  在线扫描发现安全程序    
2011-01-06 10:51:10  C:\Users\k\AppData\Local\Temp\nsc519C.tmp\install_data\MxInstall.exe  在线扫描发现安全程序    
2011-01-06 10:51:13  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\  
2011-01-06 10:51:15  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\ProgID  
2011-01-06 10:51:15  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\ProgID\  
2011-01-06 10:51:16  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\VersionIndependentProgID  
2011-01-06 10:51:16  C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe  在线扫描发现安全程序    
2011-01-06 10:51:16  C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe  在线扫描发现安全程序    
2011-01-06 10:51:17  C:\Program Files\uusee\UUSeePlayer.exe  创建进程  C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe  
2011-01-06 10:51:17  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\VersionIndependentProgID\  
2011-01-06 10:51:18  C:\Program Files\uusee\UUSeePlayer.exe  修改文件  C:\Windows\system32\catroot  
2011-01-06 10:51:19  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Programmable  
2011-01-06 10:51:20  C:\Program Files\uusee\UUSeePlayer.exe  修改文件  C:\Windows\system32\catroot2  
2011-01-06 10:51:20  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\InprocServer32  
2011-01-06 10:51:22  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\SystemCertificates\My  
2011-01-06 10:51:23  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\InprocServer32\  
2011-01-06 10:51:24  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\SystemCertificates\CA  
2011-01-06 10:51:25  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\InprocServer32\ThreadingModel  
2011-01-06 10:51:25  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\SystemCertificates\CA\Certificates  
2011-01-06 10:51:26  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\TypeLib  
2011-01-06 10:51:27  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\SystemCertificates\CA\CRLs  
2011-01-06 10:51:27  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\TypeLib\  
2011-01-06 10:51:28  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\SystemCertificates\CA\CTLs  
2011-01-06 10:51:28  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}  
2011-01-06 10:51:29  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Policies\Microsoft\SystemCertificates\CA  
2011-01-06 10:51:29  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID  
2011-01-06 10:51:30  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Policies\Microsoft\SystemCertificates\CA\Certificates  
2011-01-06 10:51:30  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Implemented Categories  
2011-01-06 10:51:31  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Policies\Microsoft\SystemCertificates\CA\CRLs  
2011-01-06 10:51:31  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Policies\Microsoft\SystemCertificates\CA\CTLs  
2011-01-06 10:51:32  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\Software\Microsoft\SystemCertificates\CA  
2011-01-06 10:51:32  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates  
2011-01-06 10:51:33  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs  
2011-01-06 10:51:33  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}  
2011-01-06 10:51:34  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs  
2011-01-06 10:51:34  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  
2011-01-06 10:51:35  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\Software\Policies\Microsoft\SystemCertificates\CA  
2011-01-06 10:51:36  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\Software\Microsoft\Windows\CurrentVersion\Run  
2011-01-06 10:51:36  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates  
2011-01-06 10:51:37  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cloud.exe  
2011-01-06 10:51:37  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs  
2011-01-06 10:51:38  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  
2011-01-06 10:51:38  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs  
2011-01-06 10:51:39  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\.lva\  
2011-01-06 10:51:39  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\SystemCertificates\Disallowed  
2011-01-06 10:51:40  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\lva.file\shell\open\command  
2011-01-06 10:51:40  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\SystemCertificates\Disallowed\Certificates  
2011-01-06 10:51:41  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\lva.file\shell\open  
2011-01-06 10:51:41  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\SystemCertificates\Disallowed\CRLs  
2011-01-06 10:51:42  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\lva.file\shell\open\command\  
2011-01-06 10:51:42  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\SystemCertificates\Disallowed\CTLs  
2011-01-06 10:51:42  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\  
2011-01-06 10:51:43  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Policies\Microsoft\SystemCertificates\Disallowed  
2011-01-06 10:51:44  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\open  
2011-01-06 10:51:44  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates  
2011-01-06 10:51:45  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\open\  
2011-01-06 10:51:45  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs  
2011-01-06 10:51:47  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\open\command  
2011-01-06 10:51:47  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs  
2011-01-06 10:51:48  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\open\command\  
2011-01-06 10:51:48  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\Software\Microsoft\SystemCertificates\Disallowed  
2011-01-06 10:51:49  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Program Files\cloud\CloudServer.exe  
2011-01-06 10:51:49  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates  
2011-01-06 10:51:50  C:\Program Files\cloud\CloudServer.exe  修改注册表项  HKLM\SYSTEM\ControlSet???\Services\CloudServer  
2011-01-06 10:51:50  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs  
2011-01-06 10:51:51  C:\Program Files\cloud\CloudServer.exe  修改注册表项  HKLM\SYSTEM\ControlSet001\services\eventlog\Application\CloudServer\EventMessageFile  
2011-01-06 10:51:51  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs  
2011-01-06 10:51:52  C:\Program Files\cloud\CloudServer.exe  修改注册表项  HKLM\SYSTEM\ControlSet001\services\eventlog\Application\CloudServer\TypesSupported  
2011-01-06 10:51:52  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\Software\Policies\Microsoft\SystemCertificates\Disallowed  
2011-01-06 10:51:52  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Program Files\cloud\CloudServer.exe  
2011-01-06 10:51:53  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates  
2011-01-06 10:51:53  C:\Program Files\cloud\CloudServer.exe  修改注册表项  HKLM\SYSTEM\ControlSet???\Services\CloudServer  
2011-01-06 10:51:54  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs  
2011-01-06 10:51:54  C:\Program Files\cloud\CloudServer.exe  修改注册表项  HKLM\SYSTEM\ControlSet???\Services\LongRADrv  
2011-01-06 10:51:55  C:\Program Files\uusee\UUSeePlayer.exe  修改注册表项  HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs  
2011-01-06 10:51:56  C:\Program Files\cloud\CloudAssist.exe  在线扫描发现安全程序    
2011-01-06 10:51:56  C:\Program Files\cloud\CloudAssist.exe  在线扫描发现安全程序    
2011-01-06 10:51:56  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudExtractExpandInfo.exe  
2011-01-06 10:51:56  C:\Program Files\cloud\CloudServer.exe  创建进程  C:\Program Files\cloud\CloudAssist.exe  
2011-01-06 10:51:57  C:\Program Files\uusee\UUSeePlayer.exe  访问COM接口  C:\Windows\System32\svchost.exe  
2011-01-06 10:51:57  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  
2011-01-06 10:51:58  C:\Program Files\cloud\CloudServer.exe  创建进程  C:\Program Files\cloud\CloudAssist.exe  
2011-01-06 10:51:58  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Windows\System32\taskhost.exe  
2011-01-06 10:51:59  C:\Program Files\Common Files\uusee\UUUpgrade.exe  在线扫描发现安全程序    
2011-01-06 10:51:59  C:\Program Files\uusee\UUSeePlayer.exe  创建进程  C:\Program Files\Common Files\uusee\UUUpgrade.exe  
2011-01-06 10:51:59  C:\Program Files\Common Files\uusee\UUUpgrade.exe  在线扫描发现安全程序    
2011-01-06 10:51:59  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Windows\System32\dwm.exe  
2011-01-06 10:52:02  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Windows\explorer.exe  
2011-01-06 10:52:03  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe  
2011-01-06 10:52:03  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe  
2011-01-06 10:52:04  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\cFosSpeed\cfosspeed.exe  
2011-01-06 10:52:05  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\GOSURF2\gsfbwsr.exe  
2011-01-06 10:52:05  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\Shadow Defender\DefenderDaemon.exe  
2011-01-06 10:52:07  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\COMODO\COMODO Internet Security\cfp.exe  
2011-01-06 10:52:08  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Users\k\Desktop\Windows.exe  
2011-01-06 10:52:13  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Users\k\Desktop\cfwg_228.exe  
2011-01-06 10:52:16  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\Internet Explorer\iexplore.exe  
2011-01-06 10:52:18  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\Funshion Online\Funshion\Funshion.exe  
2011-01-06 10:52:19  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\Funshion Online\Funshion\FunshionService.exe  
2011-01-06 10:52:21  C:\Program Files\uusee\UUSeePlayer.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:52:23  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\115\browser\115br.exe  
2011-01-06 10:52:25  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Program Files\uusee\UUSeePlayer.exe  
2011-01-06 10:52:27  C:\Users\k\AppData\Local\Temp\CloudTool-uusee.exe  访问内存  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  
2011-01-06 10:52:29  C:\Users\k\AppData\Local\Temp\updatestat.exe  在线扫描发现安全程序    
2011-01-06 10:52:29  C:\Users\k\AppData\Local\Temp\updatestat.exe  在线扫描发现安全程序    
2011-01-06 10:52:29  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Users\k\AppData\Local\Temp\updatestat.exe  
2011-01-06 10:52:31  C:\Program Files\uusee\UUSeePlayer.exe  访问COM接口  Shell.Explorer.2  
2011-01-06 10:52:32  C:\Users\k\AppData\Local\Temp\xinhezuo-uusee-1.exe  创建进程  C:\Program Files\cloud\cloud.exe  
2011-01-06 10:52:34  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\  
2011-01-06 10:52:35  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\3tmp0  
2011-01-06 10:52:37  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\open\  
2011-01-06 10:52:38  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\open\3tmp0  
2011-01-06 10:52:40  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\open\command\  
2011-01-06 10:52:42  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\stp\shell\open\command\3tmp0  
2011-01-06 10:52:43  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}  
2011-01-06 10:52:45  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}  
2011-01-06 10:52:46  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Implemented Categories  
2011-01-06 10:52:48  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\InprocServer32  
2011-01-06 10:52:50  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\ProgID  
2011-01-06 10:52:52  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Programmable  
2011-01-06 10:52:53  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\TypeLib  
2011-01-06 10:52:55  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\VersionIndependentProgID  
2011-01-06 10:52:58  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}  
2011-01-06 10:52:59  C:\Program Files\cloud\cloud.exe  修改注册表项  \REGISTRY\\Registry\Machine\Software\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}  
2011-01-06 10:53:01  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\  
2011-01-06 10:53:02  C:\Program Files\cloud\cloud.exe  修改注册表项  \REGISTRY\\Registry\Machine\Software\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\ProgID  
2011-01-06 10:53:05  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\ProgID\  
2011-01-06 10:53:10  C:\Program Files\cloud\cloud.exe  修改注册表项  \REGISTRY\\Registry\Machine\Software\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\VersionIndependentProgID  
2011-01-06 10:53:13  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\VersionIndependentProgID\  
2011-01-06 10:53:14  C:\Program Files\cloud\cloud.exe  修改注册表项  \REGISTRY\\Registry\Machine\Software\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Programmable  
2011-01-06 10:53:16  C:\Program Files\cloud\cloud.exe  修改注册表项  \REGISTRY\\Registry\Machine\Software\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\InprocServer32  
2011-01-06 10:53:18  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\InprocServer32\  
2011-01-06 10:53:20  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\InprocServer32\ThreadingModel  
2011-01-06 10:53:22  C:\Program Files\cloud\cloud.exe  修改注册表项  \REGISTRY\\Registry\Machine\Software\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\TypeLib  
2011-01-06 10:53:24  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\TypeLib\  
2011-01-06 10:53:43  C:\Program Files\cloud\cloud.exe  修改注册表项  \REGISTRY\\Registry\Machine\Software\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}  
2011-01-06 10:53:47  C:\Program Files\cloud\cloud.exe  修改注册表项  \REGISTRY\\Registry\Machine\Software\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Implemented Categories  
2011-01-06 10:53:48  C:\Program Files\cloud\cloud.exe  修改注册表项  \REGISTRY\\Registry\Machine\Software\Classes\CLSID\{05FF1822-FC58-4578-B979-1F5863867DD7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}  
2011-01-06 10:53:50  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\.lva\  
2011-01-06 10:53:52  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\.lva\3tmp0  
2011-01-06 10:53:54  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\lva.file\shell\open\command\  
2011-01-06 10:53:56  C:\Program Files\cloud\cloud.exe  修改注册表项  HKLM\SOFTWARE\Classes\lva.file\shell\open\command\3tmp0  
2011-01-06 10:53:58  C:\Program Files\cloud\cloud.exe  访问COM接口  LocalSecurityAuthority.Backup  
2011-01-06 10:54:00  C:\Program Files\cloud\cloud.exe  访问COM接口  LocalSecurityAuthority.Restore  
2011-01-06 10:54:02  C:\Program Files\cloud\cloud.exe  DNS/RPC 客户端访问  \RPC Control\DNSResolver  
2011-01-06 10:54:03  C:\Program Files\cloud\cloud.exe  访问COM接口  Shell.Explorer.2  
2011-01-06 10:54:11  C:\Program Files\cloud\cloud.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable  
2011-01-06 10:54:13  C:\Program Files\cloud\cloud.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer  
2011-01-06 10:54:17  C:\Program Files\cloud\cloud.exe  修改注册表项  HKUS\S-1-5-21-3799767426-424094828-1398871737-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride  
2011-01-06 10:54:19  C:\Program Files\cloud\cloud.exe  安装钩子  C:\Program Files\cloud\cloud.exe  
回复

举报

星晨
发表于 2011-1-6 11:08:01 | 显示全部楼层
BitDefender上报
回复

举报

猪头大队
头像被屏蔽
发表于 2011-1-6 12:29:46 | 显示全部楼层
360网盾未知,瑞星无视,上报
回复

举报

z2009
发表于 2011-1-6 12:31:17 | 显示全部楼层
过卡巴和360卫士
回复

举报

hansyu
发表于 2011-1-6 13:46:53 | 显示全部楼层
miss,to AVG
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-15 07:00 , Processed in 0.161033 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表