收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 帮忙鉴定一下,本人觉得应该是木马
12下一页
返回列表 发新帖
查看: 3495|回复: 18
收起左侧

[病毒样本] 帮忙鉴定一下,本人觉得应该是木马

[复制链接]
540923555
发表于 2011-1-11 12:24:26 | 显示全部楼层 |阅读模式

这个是卡巴的提示,貌似是调用IE读取密码。我觉得应该算是木马了吧,这个样本在手里放好几天了,卡巴一直不报毒,所以拜托各位帮忙鉴定一下

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

dragoonwing
发表于 2011-1-11 12:28:47 | 显示全部楼层
MSE2.0 miss
360杀毒2.0 kill
病毒扫描结果
----------------------
*\sex18girl_328_test123\sex18girl_328_test123.exe        行为和木马比较相似的程序        已删除
回复

举报

星晨
发表于 2011-1-11 12:33:58 | 显示全部楼层
过BitDefender

AhnLab-V32011.01.11.002011.01.10Trojan/Win32.StartPage
AntiVir7.11.1.802011.01.10-
Antiy-AVL2.0.3.72011.01.11-
Avast4.8.1351.02011.01.10-
Avast55.0.677.02011.01.10-
AVG9.0.0.8512011.01.11-
BitDefender7.22011.01.11-
CAT-QuickHeal11.002011.01.10-
ClamAV0.96.4.02011.01.11Trojan.Downloader-84425
Command5.2.11.52011.01.11-
Comodo73562011.01.11-
DrWeb5.0.2.033002011.01.11-
eSafe7.0.17.02011.01.10-
eTrust-Vet36.1.80912011.01.10-
F-Prot4.6.2.1172011.01.10-
F-Secure9.0.16160.02011.01.11-
Fortinet4.2.254.02011.01.10-
GData212011.01.11-
IkarusT3.1.1.90.02011.01.11-
Jiangmin13.0.9002011.01.10-
K7AntiVirus9.75.34972011.01.10Riskware
McAfee5.400.0.11582011.01.11-
McAfee-GW-Edition2010.1C2011.01.10-
Microsoft1.64022011.01.10-
NOD3257762011.01.10-
Norman6.06.122011.01.10W32/StartPage.WTF
nProtect2011-01-10.012011.01.10-
Panda10.0.2.72011.01.10Suspicious file
PCTools7.0.3.52011.01.11-
Prevx3.02011.01.11Medium Risk Malware
Rising22.82.01.002011.01.11Trojan.Win32.Generic.52563DE0
Sophos4.61.02011.01.11-
SUPERAntiSpyware4.40.0.10062011.01.11Trojan.Agent/Gen-StartPage.Process
Symantec20101.3.0.1032011.01.10-
TheHacker6.7.0.1.1132011.01.11-
TrendMicro9.120.0.10042011.01.10-
TrendMicro-HouseCall9.120.0.10042011.01.11-
VBA323.12.14.22011.01.06-
VIPRE80272011.01.11Trojan.Win32.Generic!BT
ViRobot2011.1.11.42472011.01.11-
VirusBuster13.6.138.12011.01.10-

回复

举报

540923555
 楼主| 发表于 2011-1-11 12:35:57 | 显示全部楼层
回复 2楼 dragoonwing 的帖子

终于见识到QVM报毒了
回复

举报

zdlzp
发表于 2011-1-11 12:53:54 | 显示全部楼层
本帖最后由 zdlzp 于 2011-1-11 12:59 编辑

程序:
C:\WINDOWS\SYSTEM32\WSCRIPT.EXE
修改注册表项:
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
是否阻止?

主防没有防御住创建快捷方式
回复

举报

secowl
发表于 2011-1-11 13:39:41 | 显示全部楼层
可疑远程联系

Remote Host              Port Number
122.225.98.105        80
183.99.121.136        80
58.218.206.137        80
61.147.108.27                80
61.158.248.61                80
68.68.101.251         80
68.68.101.252                80
98.126.135.130        80
60.173.12.110                8329
68.68.101.226                777
72.13.82.58                777
回复

举报

fatezero
发表于 2011-1-11 16:55:09 | 显示全部楼层
您好,

106084922_366147181_sex18girl_328_test123.exe_ - Trojan-Downloader.Win32.NSIS.he

以上文件包含恶意代码,下次更新后即可查杀。感谢您的上报。

回复时请引用全部邮件。


--

卡巴斯基中国病毒实验室
中文主页:http://www.kaspersky.com.cn
病毒上报邮箱:viruslab@kaspersky.com.cn
技术支持邮箱:support@kaspersky.com.cn
回复

举报

ppy0606
发表于 2011-1-11 17:02:36 | 显示全部楼层
2011-01-11 16:56:52    创建新进程    允许
进程: c:\windows\explorer.exe
目标: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
命令行: "d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]d:\我的文档\*

2011-01-11 16:56:55    创建文件    允许
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\nsg32.tmp\System.dll
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.dll

2011-01-11 16:56:57    创建文件    允许
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\nsg32.tmp\Math.dll
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.dll

2011-01-11 16:56:59    创建文件    允许
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\nsg32.tmp\InetLoad.dll
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.dll

2011-01-11 16:57:00    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:01    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:02    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:02    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:02    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:03    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:03    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:04    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:04    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:04    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:04    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:05    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:05    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:08    创建文件    允许
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\nsg32.tmp\time.dll
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.dll

2011-01-11 16:57:13    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\wkssvc
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:13    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\wkssvc
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:13    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\wkssvc
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:13    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\wkssvc
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:15    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: d:\我的文档
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:16    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:17    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:18    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:20    创建新进程    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: c:\program files\internet explorer\iexplore.exe
命令行: "C:\Program Files\Internet Explorer\iexplore.exe" http://go.theqi.info/?i=ie&t ... be0d4f2ed20b1f5cccc
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]c:\program files\internet explorer\*

2011-01-11 16:57:21    创建新进程    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: c:\program files\internet explorer\iexplore.exe
命令行: "C:\Program Files\Internet Explorer\iexplore.exe" http://go.theqi.info/?i=qianming ... e0d4f2ed20b1f5dcddd
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]c:\program files\internet explorer\*

2011-01-11 16:57:28    创建文件    允许
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\aa1_16578.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-01-11 16:57:28    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:28    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:29    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:30    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:30    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:32    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:32    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:33    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[1].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[2].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[3].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[4].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[5].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[6].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[7].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[8].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[9].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[10].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\a[11].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWW.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00L.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAY.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIA.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRG.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JY.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFR.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZM.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIH.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UE.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1W.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOX.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\aCAY44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJ.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\Y44DWWCACAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4P.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\CAH00LCAZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLE.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\ZCMOAYCA4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZN.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\4CITIACAYO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GH.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\YO7SRGCAM0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NAN.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\M0E6JYCADWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDN.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\DWY7C9CARJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\RJ4MFRCA4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15N.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\4Q72ZMCASSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUO.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\SSTKJ2CA8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\8KVVIHCA1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9T.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\1IL9UECA3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7F.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\3T89S5CALYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7FCAZDWA8E.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\LYHQ81CAJZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7FCAZDWA8ECANW0VF4.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\JZUO1WCAK5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7FCAZDWA8ECANW0VF4CAWZ327F.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\K5ADG6CAMOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7FCAZDWA8ECANW0VF4CAWZ327FCAWQEX3T.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\MOWCOXCAIA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7FCAZDWA8ECANW0VF4CAWZ327FCAWQEX3TCA2TQ75H.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\IA6EXJCAQC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7FCAZDWA8ECANW0VF4CAWZ327FCAWQEX3TCA2TQ75HCAUYBQ0U.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\QC1O4PCA4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7FCAZDWA8ECANW0VF4CAWZ327FCAWQEX3TCA2TQ75HCAUYBQ0UCA4CIF2W.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\4E6CLECAMLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7FCAZDWA8ECANW0VF4CAWZ327FCAWQEX3TCA2TQ75HCAUYBQ0UCA4CIF2WCAZA235O.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:34    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\MLPVZNCAQHQ0GHCAX69NANCA3QIZDNCAA17AC9CAHGO15NCAROFSUOCAUHYRT1CAFP4O9TCAA5SF7FCAZDWA8ECANW0VF4CAWZ327FCAWQEX3TCA2TQ75HCAUYBQ0UCA4CIF2WCAZA235OCAFFFVLB.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:46    创建文件    允许
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\bb1_16578.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-01-11 16:57:46    修改文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-01-11 16:57:47    修改注册表值    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[1].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[2].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[3].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[4].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[5].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[6].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[7].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[8].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[9].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[10].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\b[11].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\bCASNIRQ0.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\bCASNIRQ0CA2RFZKI.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\bCASNIRQ0CA2RFZKICAG2MDDI.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\bCASNIRQ0CA2RFZKICAG2MDDICALJWT9X.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\bCASNIRQ0CA2RFZKICAG2MDDICALJWT9XCA3MZBS5.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\bCASNIRQ0CA2RFZKICAG2MDDICALJWT9XCA3MZBS5CASNYJFT.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-01-11 16:57:47    创建文件    阻止
进程: d:\我的文档\viurs test\sex18girl_328_test123\sex18girl_328_test123.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9G63VHWP\bCASNIRQ0CA2RFZKICAG2MDDICALJWT9XCA3MZBS5CASNYJFTCAFHT0B8.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe


回复

举报

ppy0606
发表于 2011-1-11 17:03:14 | 显示全部楼层
太多了....
回复

举报

z2009
发表于 2011-1-11 17:25:17 | 显示全部楼层
过mse
金山卫士杀之
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-15 07:22 , Processed in 0.215464 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表