收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 fake(更新851楼)
1 ...313233343536373839... 87下一页
返回列表 发新帖
楼主: kurakimai
 收起左侧

[病毒样本] fake(更新851楼)

  [复制链接]
hddu
发表于 2011-5-17 14:42:55 | 显示全部楼层
回复 334楼 kurakimai 的帖子

回复

举报

hddu
发表于 2011-5-17 15:18:00 | 显示全部楼层
回复 322楼 kurakimai 的帖子

2011-05-17 14:47:11    创建注册表值      操作:使用任务隔离区操作
进程路径:F:\virus\pusk\pusk.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
注册表名称:DisableTaskMgr
触发规则:所有程序规则->其他重要项->*\SOFTWARE\Microsoft\Windows\CurrentVersion\policies*

2011-05-17 14:47:11    创建注册表值      操作:使用任务隔离区操作
进程路径:F:\virus\pusk\pusk.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
注册表名称:DisableTaskMgr
触发规则:所有程序规则->其他重要项->*\SOFTWARE\Microsoft\Windows\CurrentVersion\policies*

2011-05-17 14:47:11    创建文件      操作:允许
进程路径:F:\virus\pusk\pusk.exe
文件路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\Application Data\*

2011-05-17 14:47:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software
注册表名称:75fa38b7-8b94-4995-ad32-52e938867954
触发规则:所有程序规则->其他设置项->HKEY_CURRENT_USER\Software

2011-05-17 14:47:14    创建注册表值      操作:阻止
进程路径:F:\virus\pusk\pusk.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
注册表名称:hARalSyaYNWv
触发规则:所有程序规则->自动运行->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*

2011-05-17 14:47:54    创建注册表值      操作:使用任务隔离区操作
进程路径:F:\virus\pusk\pusk.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
注册表名称:[Key]
触发规则:所有程序规则->其他重要项->*\SOFTWARE\Microsoft\Windows\CurrentVersion\policies*

2011-05-17 14:47:54    创建注册表值      操作:使用任务隔离区操作
进程路径:F:\virus\pusk\pusk.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
注册表名称:[Key]
触发规则:所有程序规则->其他重要项->*\SOFTWARE\Microsoft\Windows\CurrentVersion\policies*

2011-05-17 14:48:07    运行应用程序      操作:允许
进程路径:F:\virus\pusk\pusk.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_Flash_Player.exe
触发规则:所有程序规则->其它程序设置->*\Temp\*

2011-05-17 14:48:08    修改文件      操作:阻止
进程路径:C:\WINDOWS\System32\SPOOLSV.EXE
文件路径:C:\WINDOWS\System32\spool
触发规则:所有程序规则->WINDOWS全局设置->%windir%\*

2011-05-17 14:48:08    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_Flash_Player.exe
文件路径:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\250B.tmp
触发规则:所有程序规则->WINDOWS临时文件设置->%windir%\*.tmp

2011-05-17 14:48:08    修改注册表内容      操作:阻止
进程路径:C:\WINDOWS\System32\SPOOLSV.EXE
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers
注册表名称:Order
更改后:LanMan Print Services
触发规则:应用程序规则->系统程序->%windir%\system32\spoolsv.exe->HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Control\Print\Providers

2011-05-17 14:48:18    创建文件      操作:阻止
进程路径:C:\WINDOWS\System32\SPOOLSV.EXE
文件路径:C:\WINDOWS\system32\drivers\117C.tmp
触发规则:所有程序规则->驱动文件保护设置->%WinDir%\system32\drivers\*

2011-05-17 14:48:19    创建文件      操作:允许
进程路径:C:\WINDOWS\System32\SPOOLSV.EXE
文件路径:C:\WINDOWS\system32\drivers\117C.sys
触发规则:所有程序规则->驱动文件保护设置->%WinDir%\system32\drivers\*.sys

2011-05-17 14:48:19    创建注册表值      操作:允许
进程路径:C:\WINDOWS\System32\SPOOLSV.EXE
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\117C
注册表名称:[Key]
触发规则:所有程序规则->服务_普通模式->HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services*

2011-05-17 14:48:19    安装服务或者驱动      操作:阻止
进程路径:C:\WINDOWS\System32\SPOOLSV.EXE
文件路径:C:\WINDOWS\\??\globalroot\systemroot\system32\drivers\117C.sys
触发规则:应用程序规则->系统程序->%windir%\system32\spoolsv.exe->?:\*

2011-05-17 14:48:19    加载驱动程序      操作:阻止
进程路径:C:\WINDOWS\System32\SPOOLSV.EXE
驱动路径:C:\WINDOWS\system32\drivers\117C.sys
触发规则:应用程序规则->系统程序->%windir%\system32\spoolsv.exe->?:\*

2011-05-17 14:49:09    修改文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_Flash_Player.exe
文件路径:C:\WINDOWS\system32\drivers\beep.sys
触发规则:所有程序规则->驱动文件保护设置->%WinDir%\system32\drivers\beep.sys

2011-05-17 14:49:09    创建注册表值      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_Flash_Player.exe
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\-213E8
注册表名称:[Key]
触发规则:所有程序规则->服务_普通模式->HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services*

2011-05-17 14:49:09    安装服务或者驱动      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_Flash_Player.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\-213E8.tmp
触发规则:所有程序规则->*

2011-05-17 14:50:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:Hidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*

2011-05-17 14:50:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:ShowSuperHidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*

2011-05-17 14:50:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
注册表名称:[Key]
触发规则:所有程序规则->其他重要项->*\SOFTWARE\Microsoft\Windows\CurrentVersion\policies*

2011-05-17 14:50:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*

2011-05-17 14:50:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*

2011-05-17 14:50:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
注册表名称:NoDesktop
触发规则:所有程序规则->资源管理器->*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\新建连接向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\远程桌面连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\超级终端.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\无线网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\写字板.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\计算器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\字符映射表.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘碎片整理程序.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统信息.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统还原.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘清理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\任务计划.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\备份.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\文件和设置转移向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\Security Center.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\画图.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\录音机.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\音量控制.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\辅助工具\辅助功能向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:50:14    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\组件服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:50:14    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\计算机管理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:50:14    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\事件查看器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:50:14    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\性能.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:50:14    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\数据源 (ODBC).lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:50:14    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\本地安全策略.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:50:14    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:51:14    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\桌上弹球.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk

2011-05-17 14:52:15    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\空当接龙.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk

2011-05-17 14:53:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:Hidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*

2011-05-17 14:53:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:ShowSuperHidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*

2011-05-17 14:53:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
注册表名称:[Key]
触发规则:所有程序规则->其他重要项->*\SOFTWARE\Microsoft\Windows\CurrentVersion\policies*

2011-05-17 14:53:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*

2011-05-17 14:53:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*

2011-05-17 14:53:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
注册表名称:NoDesktop
触发规则:所有程序规则->资源管理器->*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\新建连接向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\远程桌面连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\超级终端.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\无线网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\写字板.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\计算器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\字符映射表.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘碎片整理程序.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统信息.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统还原.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘清理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\任务计划.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\备份.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\文件和设置转移向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\Security Center.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\画图.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\录音机.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\音量控制.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\辅助工具\辅助功能向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\组件服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\计算机管理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\事件查看器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\性能.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\数据源 (ODBC).lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\本地安全策略.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:53:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*

2011-05-17 14:53:15    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\红心大战.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk

2011-05-17 14:53:15    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\桌上弹球.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk

2011-05-17 14:54:15    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\空当接龙.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk

2011-05-17 14:55:16    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\扫雷.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk

2011-05-17 14:56:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:Hidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*

2011-05-17 14:56:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:ShowSuperHidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*

2011-05-17 14:56:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
注册表名称:[Key]
触发规则:所有程序规则->其他重要项->*\SOFTWARE\Microsoft\Windows\CurrentVersion\policies*

2011-05-17 14:56:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*

2011-05-17 14:56:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*

2011-05-17 14:56:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
注册表名称:NoDesktop
触发规则:所有程序规则->资源管理器->*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\新建连接向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*

回复

举报

hddu
发表于 2011-5-17 15:19:02 | 显示全部楼层
2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\远程桌面连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\超级终端.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\无线网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\写字板.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\计算器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\字符映射表.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘碎片整理程序.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统信息.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统还原.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘清理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\任务计划.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\备份.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\文件和设置转移向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\Security Center.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\画图.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\录音机.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\音量控制.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\辅助工具\辅助功能向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\组件服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\计算机管理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\事件查看器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\性能.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\数据源 (ODBC).lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\本地安全策略.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:56:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:56:16    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\红心大战.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 14:56:16    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\纸牌.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 14:56:16    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\桌上弹球.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 14:57:16    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\空当接龙.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 14:58:16    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\扫雷.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 14:59:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:Hidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*


2011-05-17 14:59:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:ShowSuperHidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*


2011-05-17 14:59:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
注册表名称:[Key]
触发规则:所有程序规则->其他重要项->*\SOFTWARE\Microsoft\Windows\CurrentVersion\policies*


2011-05-17 14:59:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*


2011-05-17 14:59:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*


2011-05-17 14:59:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
注册表名称:NoDesktop
触发规则:所有程序规则->资源管理器->*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\新建连接向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\远程桌面连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\超级终端.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\无线网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\写字板.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\计算器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\字符映射表.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘碎片整理程序.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统信息.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统还原.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘清理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\任务计划.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\备份.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\文件和设置转移向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\Security Center.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\画图.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\录音机.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\音量控制.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\辅助工具\辅助功能向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\组件服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\计算机管理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\事件查看器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\性能.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\数据源 (ODBC).lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\本地安全策略.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:59:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 14:59:17    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\蜘蛛纸牌.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 14:59:17    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\红心大战.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:00:17    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\纸牌.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:01:17    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\桌上弹球.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:02:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:Hidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*


2011-05-17 15:02:13    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
注册表名称:ShowSuperHidden
触发规则:所有程序规则->资源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*


2011-05-17 15:02:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
注册表名称:[Key]
触发规则:所有程序规则->其他重要项->*\SOFTWARE\Microsoft\Windows\CurrentVersion\policies*


2011-05-17 15:02:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*


2011-05-17 15:02:13    创建文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\Administrator\Recent
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\Administrator\*


2011-05-17 15:02:13    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
注册表名称:NoDesktop
触发规则:所有程序规则->资源管理器->*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\新建连接向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\远程桌面连接.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\超级终端.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\无线网络安装向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\写字板.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\计算器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\字符映射表.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘碎片整理程序.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统信息.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\系统还原.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\磁盘清理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\任务计划.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\备份.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\文件和设置转移向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\Security Center.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\画图.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\录音机.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\音量控制.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\辅助工具\辅助功能向导.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\附件\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\组件服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\计算机管理.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\事件查看器.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\性能.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\数据源 (ODBC).lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\本地安全策略.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 15:02:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\服务.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\管理工具\*


2011-05-17 15:02:17    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\Windows Movie Maker.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:02:17    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\扫雷.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:02:17    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\蜘蛛纸牌.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:02:17    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\空当接龙.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:02:17    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\桌上弹球.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:03:18    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\红心大战.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:04:10    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\Application Data\16703268.exe
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\Application Data\*


2011-05-17 15:04:10    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
注册表路径:HKEY_CURRENT_USER\Software
注册表名称:BD
触发规则:所有程序规则->其他设置项->HKEY_CURRENT_USER\Software


2011-05-17 15:04:13    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\纸牌.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:04:15    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\WinRAR\WinRAR.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:04:19    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\Windows Movie Maker.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:04:21    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\扫雷.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-05-17 15:04:23    删除文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\hARalSyaYNWv.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\空当接龙.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


回复

举报

瓜皮猫
发表于 2011-5-17 19:14:24 | 显示全部楼层
jayavira 发表于 2011-5-17 09:42
334L
to eset

入库~
C:\Users\微亿毫\Desktop\pusk.rar » RAR » pusk.exe - a variant of Win32/Kryptik.NVC trojan
回复

举报

armchan
发表于 2011-5-17 20:52:14 | 显示全部楼层
灵异的互补,第N次了。估计是金山沙箱漏沙,小A补漏。
回复

举报

hx1997
发表于 2011-5-17 21:27:49 | 显示全部楼层
回复 338楼 hj5abc 的帖子

那是ESET的HIPS日志,在沙盘里跑下玩玩
回复

举报

kurakimai
 楼主| 发表于 2011-5-18 08:41:45 | 显示全部楼层
UPDATE
回复

举报

adadadd
发表于 2011-5-18 09:10:21 | 显示全部楼层
本帖最后由 adadadd 于 2011-5-18 09:12 编辑
kurakimai 发表于 2011-5-18 08:41
UPDATE

金山卫士KILL
ESS miss
to eset

http://samples.nod32.com.hk/index.php?a=query&lang=2&md5=7a59f65fffba348d41e3f5750dee9d88

评分

参与人数 1人气 +1 收起 理由
jayavira + 1 多谢上报

查看全部评分

回复

举报

KOI9009
发表于 2011-5-18 09:11:04 | 显示全部楼层
347L
360 SD Kill
回复

举报

留侯
发表于 2011-5-18 10:39:51 | 显示全部楼层
347L,大蜘蛛:
pusk.exe 已感染:  Trojan.Fakealert.21163
回复

举报

下一页 »
1 ...313233343536373839... 87下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-1-15 17:46 , Processed in 0.131185 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表