收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 这个是不是病毒?帮忙鉴定
12
返回列表 发新帖
楼主: 缘木求鱼me
 收起左侧

[病毒样本] 这个是不是病毒?帮忙鉴定

[复制链接]
冰飒
发表于 2011-1-6 17:11:19 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

江湖的fans
发表于 2011-1-6 17:13:01 | 显示全部楼层
类似流氓

无实质危害
回复

举报

sjminh
发表于 2011-1-6 17:48:42 | 显示全部楼层
回复 10楼 星晨 的帖子

请问这个是什么软件的结果啊?
求下载
回复

举报

小茂
发表于 2011-1-6 20:16:58 | 显示全部楼层
回复 1楼 缘木求鱼me 的帖子

2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\IMM32.DLL
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\KisDcom.dll C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\KisDcom.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe创建文件C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe创建文件C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe写文件C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\uxtheme.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\kwsui.dll C:\Program Files\Common Files\Kingsoft\kiscommon\kwsui.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\kswebshield.dll C:\Program Files\Common Files\Kingsoft\kiscommon\kswebshield.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件D:\360\safemon\safemon.dll D:\360\safemon\safemon.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\WINDOWS\system32\MSIMG32.dll C:\WINDOWS\system32\MSIMG32.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\MSVCP60.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSCTF.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msctfime.ime
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe加载库文件C:\WINDOWS\system32\Apphelp.dll C:\WINDOWS\system32\Apphelp.dll
2011-01-06 20:11:31 C:\Documents and Settings\Administrator\桌面\1.exe创建进程C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\IMM32.DLL
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\KisDcom.dll C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\KisDcom.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\Program Files\Micropoint\mp110031.dll C:\Program Files\Micropoint\mp110031.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\uxtheme.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\kwsui.dll C:\Program Files\Common Files\Kingsoft\kiscommon\kwsui.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\kswebshield.dll C:\Program Files\Common Files\Kingsoft\kiscommon\kswebshield.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件D:\360\safemon\safemon.dll D:\360\safemon\safemon.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\MSIMG32.dll C:\WINDOWS\system32\MSIMG32.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\MSVCP60.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSCTF.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msctfime.ime
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp发送消息C:\Program Files\Common Files\Kingsoft\kiscommon\ksandbox.exe C:\Program Files\Common Files\Kingsoft\kiscommon\ksandbox.exe
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp发送消息C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp发送消息C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\EXPLORER.EXE
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp发送消息C:\Documents and Settings\Administrator\桌面\1.exe C:\Documents and Settings\Administrator\桌面\1.exe
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup\_RegDLL.tmp C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup\_RegDLL.tmp
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup\_RegDLL.tmp C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup\_RegDLL.tmp
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup\_shfoldr.dll C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup\_shfoldr.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup\_shfoldr.dll C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-TKT88.tmp\_isetup\_shfoldr.dll
2011-01-06 20:11:32 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\shfolder.dll C:\WINDOWS\system32\shfolder.dll
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194 HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500 HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写注册表HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SETUPAPI.dll
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp打开设备\Device\MountPointManager \Device\MountPointManager
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写注册表HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写注册表HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写注册表HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E
回复

举报

小茂
发表于 2011-1-6 20:17:17 | 显示全部楼层
回复 1楼 缘木求鱼me 的帖子

2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写注册表HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写注册表HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G
2011-01-06 20:11:33 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-01-06 20:11:45 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp发送消息C:\Program Files\Common Files\Kingsoft\kiscommon\ksandbox.exe C:\Program Files\Common Files\Kingsoft\kiscommon\ksandbox.exe
2011-01-06 20:12:07 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\CLBCATQ.DLL
2011-01-06 20:12:07 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\COMRes.dll
2011-01-06 20:12:07 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\Ku6Kss.dll C:\WINDOWS\Ku6Kss.dll
2011-01-06 20:12:07 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\WINSPOOL.DRV
2011-01-06 20:12:07 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\oledlg.dll C:\WINDOWS\system32\oledlg.dll
2011-01-06 20:12:07 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\System32\cscui.dll C:\WINDOWS\System32\cscui.dll
2011-01-06 20:12:07 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\System32\CSCDLL.dll C:\WINDOWS\System32\CSCDLL.dll
2011-01-06 20:12:07 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-01-06 20:12:07 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写注册表HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写注册表HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\shdocvw.dll C:\WINDOWS\system32\shdocvw.dll
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\RichEd20.dll C:\WINDOWS\system32\RichEd20.dll
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建注册表键值HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Kingsoft\KSBReg\20C03194\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写注册表HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件F:\KSafeBox\20C03194\Program F:\KSafeBox\20C03194\Program
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115 C:\KSafeBox\20C03194\Program Files\115
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser C:\KSafeBox\20C03194\Program Files\115\browser
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\ThumbnailCache C:\KSafeBox\20C03194\Program Files\115\browser\ThumbnailCache
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件F:\KSafeBox\20C03194\Program\unins000.dat F:\KSafeBox\20C03194\Program\unins000.dat
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\sfc.dll C:\WINDOWS\system32\sfc.dll
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp加载库文件C:\WINDOWS\system32\sfc_os.dll C:\WINDOWS\system32\sfc_os.dll
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件F:\KSafeBox\20C03194\Program\is-OO500.tmp F:\KSafeBox\20C03194\Program\is-OO500.tmp
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件F:\KSafeBox\20C03194\Program\is-OO500.tmp F:\KSafeBox\20C03194\Program\is-OO500.tmp
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件F:\KSafeBox\20C03194\Program\unins000.exe F:\KSafeBox\20C03194\Program\unins000.exe
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名F:\KSafeBox\20C03194\Program\is-OO500.tmp F:\KSafeBox\20C03194\Program\is-OO500.tmp
2011-01-06 20:12:12 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\is-8LIQ0.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-8LIQ0.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\is-8LIQ0.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-8LIQ0.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\115br.exe C:\KSafeBox\20C03194\Program Files\115\browser\115br.exe
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\is-8LIQ0.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-8LIQ0.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\is-0M3C4.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-0M3C4.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\is-0M3C4.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-0M3C4.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp删除文件C:\KSafeBox\20C03194\Program Files\115\browser\115br.exe C:\KSafeBox\20C03194\Program Files\115\browser\115br.exe
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\115br.exe C:\KSafeBox\20C03194\Program Files\115\browser\115br.exe
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\is-0M3C4.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-0M3C4.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\is-2JNO1.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-2JNO1.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\is-2JNO1.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-2JNO1.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\115聚合搜索.lnk C:\KSafeBox\20C03194\Program Files\115\browser\115聚合搜索.lnk
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\is-2JNO1.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-2JNO1.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\is-48D9T.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-48D9T.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\is-48D9T.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-48D9T.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\cfg.ini C:\KSafeBox\20C03194\Program Files\115\browser\cfg.ini
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\is-48D9T.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-48D9T.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\is-EGFID.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-EGFID.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\is-EGFID.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-EGFID.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\DownLoad.xml C:\KSafeBox\20C03194\Program Files\115\browser\DownLoad.xml
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\is-EGFID.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-EGFID.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\is-5JJ95.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-5JJ95.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\is-5JJ95.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-5JJ95.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\History.cache C:\KSafeBox\20C03194\Program Files\115\browser\History.cache
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\is-5JJ95.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-5JJ95.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\is-KT7O9.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-KT7O9.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\is-KT7O9.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-KT7O9.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\Recent.ini C:\KSafeBox\20C03194\Program Files\115\browser\Recent.ini
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\is-KT7O9.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-KT7O9.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\is-VKVM1.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-VKVM1.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\is-VKVM1.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-VKVM1.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\setting.ini C:\KSafeBox\20C03194\Program Files\115\browser\setting.ini
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\is-VKVM1.tmp C:\KSafeBox\20C03194\Program Files\115\browser\is-VKVM1.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\html C:\KSafeBox\20C03194\Program Files\115\browser\html
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\html\is-KBN64.tmp C:\KSafeBox\20C03194\Program Files\115\browser\html\is-KBN64.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\html\is-KBN64.tmp C:\KSafeBox\20C03194\Program Files\115\browser\html\is-KBN64.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\html\404error.html C:\KSafeBox\20C03194\Program Files\115\browser\html\404error.html
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\html\is-KBN64.tmp C:\KSafeBox\20C03194\Program Files\115\browser\html\is-KBN64.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\html\is-60JUR.tmp C:\KSafeBox\20C03194\Program Files\115\browser\html\is-60JUR.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\html\is-60JUR.tmp C:\KSafeBox\20C03194\Program Files\115\browser\html\is-60JUR.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\html\config.html C:\KSafeBox\20C03194\Program Files\115\browser\html\config.html
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp重命名C:\KSafeBox\20C03194\Program Files\115\browser\html\is-60JUR.tmp C:\KSafeBox\20C03194\Program Files\115\browser\html\is-60JUR.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp创建文件C:\KSafeBox\20C03194\Program Files\115\browser\html\is-49G3M.tmp C:\KSafeBox\20C03194\Program Files\115\browser\html\is-49G3M.tmp
2011-01-06 20:12:13 C:\KSafeBox\20C03194\Documents and Settings\Administrator\Local Settings\Temp\is-39NHG.tmp\1.tmp写文件C:\KSafeBox\20C03194\Program Files\115\browser\html\is-49G3M.tmp C:\KSafeBox\20C03194\Program Files\115\browser\html\is-49G3M.tmp
回复

举报

lxgllxgl
头像被屏蔽
发表于 2011-1-6 22:26:48 | 显示全部楼层
outpost和AVG都没有反应,通过啊
回复

举报

如梦初醒
发表于 2011-1-6 22:41:54 | 显示全部楼层








多引擎:http://virscan.org/report/23ee13d3a003640ef389092c1c7a5317.html

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

kjpb
发表于 2011-1-7 17:49:35 | 显示全部楼层
回复 10楼 星晨 的帖子

这是在沙盘运行的日志吗?这个日志在哪儿看哦?新手弱弱的问一下....
回复

举报

zuo
发表于 2011-1-7 19:51:39 | 显示全部楼层
2011-1-7 19:49:33    创建新进程    允许
进程: c:\documents and settings\administrator\桌面\11\1.exe
目标: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-3VE26.tmp\1.tmp" /SL5="$3F0322,1458959,51712,C:\Documents and Settings\Administrator\桌面\11\1.exe"
规则: [应用程序组]所有程序规则-外部程序执行规则 -> [应用程序]* -> [子应用程序]*temp\*.tmp

2011-1-7 19:49:38    删除文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: C:\Program Files\115\browser\115br.exe
规则: [应用程序组]4D规则-安装进程例外规则 -> [应用程序]*temp\*.tmp -> [文件]*\program files\*; *.exe

2011-1-7 19:49:40    删除文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: C:\Program Files\115\browser\115br.exe
规则: [应用程序组]4D规则-安装进程例外规则 -> [应用程序]*temp\*.tmp -> [文件]*\program files\*; *.exe

2011-1-7 19:49:43    删除文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: C:\Program Files\115\browser\115br.exe
规则: [应用程序组]4D规则-安装进程例外规则 -> [应用程序]*temp\*.tmp -> [文件]*\program files\*; *.exe

2011-1-7 19:49:45    删除文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: C:\Program Files\115\browser\115br.exe
规则: [应用程序组]4D规则-安装进程例外规则 -> [应用程序]*temp\*.tmp -> [文件]*\program files\*; *.exe

2011-1-7 19:49:47    删除文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: C:\Program Files\115\browser\115br.exe
规则: [应用程序组]4D规则-安装进程例外规则 -> [应用程序]*temp\*.tmp -> [文件]*\program files\*; *.exe

2011-1-7 19:49:53    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: C:\Documents and Settings\Administrator\桌面\115浏览器.lnk
规则: [文件组]系统文件夹写保护(询问修改) -> [文件]*桌面; *.lnk

2011-1-7 19:49:55    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: C:\Documents and Settings\Administrator\桌面\淘宝特卖.lnk
规则: [文件组]系统文件夹写保护(询问修改) -> [文件]*桌面; *.lnk

2011-1-7 19:49:57    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: C:\Documents and Settings\Administrator\桌面\网址之家.lnk
规则: [文件组]系统文件夹写保护(询问修改) -> [文件]*桌面; *.lnk

2011-1-7 19:50:03    修改注册表值    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cache

2011-1-7 19:50:04    修改注册表值    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies

2011-1-7 19:50:04    修改注册表值    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; History

2011-1-7 19:50:06    创建新进程    阻止
进程: c:\documents and settings\administrator\local settings\temp\is-3ve26.tmp\1.tmp
目标: c:\program files\internet explorer\iexplore.exe
命令行: "C:\Program Files\Internet Explorer\iexplore.exe"  -nohome
规则: [应用程序组]RD应用程序规则-危险进程执行规则 -> [应用程序]*temp\*.* -> [子应用程序]4D应用程序规则-浏览进程执行规则 -> [应用程序]c:\program files\internet explorer\iexplore.exe

流氓一个[:26:]
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-15 06:57 , Processed in 0.099418 second(s), 21 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表