VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :82
基本信息
MD5:296b070d443ee32feb3e7dc6381151c0
文件类型:zip
出品公司:
版本:
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
子文件信息:KAV090909HIGHPERF1100_100.exedumpFile / 5513c767a4e24d45c60a899b04657467 / EXE
KAV090909HIGHPERF1100_100.exe / 5513c767a4e24d45c60a899b04657467 / EXE
关键行为
行为描述:常规加载驱动
详情信息:\??\C:\WINDOWS\system32\drivers\kwatch32.sys
行为描述:在桌面创建文件
详情信息:C:\Documents and Settings\All Users\桌面\金山毒霸.lnk
行为描述:创建系统服务
详情信息:[服务创建成功]: kwatch32, C:\WINDOWS\system32\drivers\kwatch32.sys
[服务创建成功]: KxEServ, C:\Program Files\Common Files\Kingsoft\CommonService\kxeserv.exe
行为描述:修改注册表_系统防火墙可信进程列表
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Common Files\Kingsoft\CommonService\kxeserv.exe
行为描述:获取TickCount值
详情信息:TickCount = 286562, SleepMilliseconds = 60000.
TickCount = 286593, SleepMilliseconds = 60000.
TickCount = 286609, SleepMilliseconds = 60000.
TickCount = 286625, SleepMilliseconds = 60000.
TickCount = 286656, SleepMilliseconds = 60000.
TickCount = 286703, SleepMilliseconds = 60000.
TickCount = 286718, SleepMilliseconds = 60000.
TickCount = 286765, SleepMilliseconds = 60000.
TickCount = 286781, SleepMilliseconds = 60000.
TickCount = 286796, SleepMilliseconds = 60000.
TickCount = 286859, SleepMilliseconds = 60000.
TickCount = 287343, SleepMilliseconds = 60000.
TickCount = 287359, SleepMilliseconds = 60000.
TickCount = 287390, SleepMilliseconds = 60000.
TickCount = 287468, SleepMilliseconds = 60000.
进程行为
行为描述:隐藏窗口创建进程
详情信息:ImagePath = , CmdLine = kavlog2.exe -install
ImagePath = , CmdLine = driver32.exe driver\kwatch32.sys
ImagePath = , CmdLine = kxeserv /install
ImagePath = , CmdLine = kxeserv /reinstall_product_by_file "C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\product.ini"
行为描述:创建新文件进程
详情信息:[0x00000b70]ImagePath = C:\WINDOWS\Temp\KAV3.EXE, CmdLine = C:\WINDOWS\Temp\KAV3.EXE
[0x00000550]ImagePath = C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\setupwiz.exe, CmdLine = "C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\setupwiz.exe" install.xml /p /e
[0x0000021c]ImagePath = C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kavlog2.exe, CmdLine = kavlog2.exe -install
[0x00000730]ImagePath = C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\driver32.exe, CmdLine = driver32.exe driver\kwatch32.sys
[0x000002c4]ImagePath = C:\Program Files\Common Files\Kingsoft\CommonService\kxeserv.exe, CmdLine = kxeserv /install
[0x00000724]ImagePath = C:\Program Files\Common Files\Kingsoft\CommonService\kxeserv.exe, CmdLine = kxeserv /reinstall_product_by_file "C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\product.ini"
行为描述:创建本地线程
详情信息:TargetProcess: KAV3.EXE, InheritedFromPID = 2864, ProcessID = 2928, ThreadID = 3076, StartAddress = 77E56C7D, Parameter = 001A2010
TargetProcess: KAV3.EXE, InheritedFromPID = 2864, ProcessID = 2928, ThreadID = 3080, StartAddress = 769AE43B, Parameter = 001E62C8
TargetProcess: KAV3.EXE, InheritedFromPID = 2864, ProcessID = 2928, ThreadID = 3084, StartAddress = 77E56C7D, Parameter = 001E67E0
TargetProcess: KAV3.EXE, InheritedFromPID = 2864, ProcessID = 2928, ThreadID = 3384, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: KAV3.EXE, InheritedFromPID = 2864, ProcessID = 2928, ThreadID = 3388, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: KAV3.EXE, InheritedFromPID = 2864, ProcessID = 2928, ThreadID = 3512, StartAddress = 00404EB3, Parameter = 0004036E
TargetProcess: setupwiz.exe, InheritedFromPID = 2928, ProcessID = 1360, ThreadID = 1384, StartAddress = 781329E1, Parameter = 009A6810
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS\User.DAT
C:\WINDOWS\Temp\KAV3.tmp
C:\WINDOWS\Temp\KAV3.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\microsoft.vc80.crt.manifest
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcr80.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcp80.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\ksiext.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\checkav.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\kasearch.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7.tmp
行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
详情信息:C:\Documents and Settings\All Users\「开始」菜单\程序\金山毒霸极速版\金山毒霸.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\金山毒霸极速版\卸载金山毒霸.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\金山毒霸极速版\在线升级.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\金山毒霸极速版\自述文件.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\金山毒霸极速版\金山毒霸工具\病毒隔离系统.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\金山毒霸极速版\金山毒霸工具\日志查看器.lnk
行为描述:创建可执行文件
详情信息:C:\WINDOWS\Temp\KAV3.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcr80.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcp80.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\ksiext.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\kasearch.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\InstallOptions.dll
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kavmain.exe
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\scomregsvr.exe
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\uplive.exe
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\setupwiz.exe
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kavlog2.exe
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kstart.exe
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\krecycle.exe
行为描述:覆盖已有文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7.tmp
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\krecycle.exe
行为描述:复制文件
详情信息:C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\driver\kwatch32.sys ---> C:\WINDOWS\system32\drivers\kwatch32.sys
行为描述:删除文件
详情信息:C:\WINDOWS\Temp\KAV3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\test
C:\Documents and Settings\Administrator\Local Settings\Temp\kavlog2.xml
行为描述:查找文件
详情信息:FileName = C:\WINDOWS
FileName = C:\WINDOWS\Temp
FileName = C:\WINDOWS\Temp\KAV3.EXE
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E_unzip
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh6.tmp
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = \kav32.exe
FileName = \kppmain.exe
FileName = C:\WINDOWS\system32\drivers\kwatch32.sys
行为描述:修改文件内容
详情信息:C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS\User.DAT ---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS\User.DAT ---> Offset = 38
C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS\User.DAT ---> Offset = 57
C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS\User.DAT ---> Offset = 326
C:\WINDOWS\Temp\KAV3.EXE ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\microsoft.vc80.crt.manifest ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcr80.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcr80.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcr80.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcr80.dll ---> Offset = 49152
行为描述:在桌面创建文件
详情信息:C:\Documents and Settings\All Users\桌面\金山毒霸.lnk
网络行为
行为描述:建立到一个指定的套接字连接
详情信息:IP: **.0.0.**:1037, SOCKET = 0x00000080
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\Kingsoft\AntiVirus\VersionTypes
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\AntiVirus\ProductID
\REGISTRY\USER\S-*_CLASSES\CLSID\{40381D51-F162-41a9-BE67-0851A3B02091}\Path
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\AntiVirus\Union\UnionID
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\AntiVirus\Union\PU
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\AntiVirus\Lang
\REGISTRY\USER\S-*\Software\Kingsoft\Antivirus\Lang
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\AntiVirus\KXEngine\path
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\AntiVirus\KIS2009
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\金山毒霸极速版\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\金山毒霸极速版\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\金山毒霸极速版\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\金山毒霸极速版\UUID
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\金山毒霸极速版\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\AntiVirus\SetupOem\kis
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*_CLASSES\CLSID\{40381D51-F162-41a9-BE67-0851A3B02091}\Path
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Common Files\Kingsoft\CommonService\kxeserv.exe
行为描述:修改注册表_系统防火墙可信进程列表
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Common Files\Kingsoft\CommonService\kxeserv.exe
其他行为
行为描述:创建互斥体
详情信息:a8d245eb-9191-4b86-b5b3-4d79e720e3a3
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
KSI_5401BE3C-9DD9-4d73-9EB6-31E46D556FBD
KSIUN_5401BE3C-9DD9-4d73-9EB6-31E46D556FBD
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EHL
{780616F8-E25B-45d9-BE25-444EE9E09D5E}
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EHL.IC
EventName = MSCTF.SendReceiveConection.Event.EHL.IC
EventName = Global\userenv: User Profile setup event
行为描述:常规加载驱动
详情信息:\??\C:\WINDOWS\system32\drivers\kwatch32.sys
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
MSFT.VSA.COM.DISABLE.2928
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
Global\SvcctrlStartEvent_A3752DX
行为描述:获取TickCount值
详情信息:TickCount = 286562, SleepMilliseconds = 60000.
TickCount = 286593, SleepMilliseconds = 60000.
TickCount = 286609, SleepMilliseconds = 60000.
TickCount = 286625, SleepMilliseconds = 60000.
TickCount = 286656, SleepMilliseconds = 60000.
TickCount = 286703, SleepMilliseconds = 60000.
TickCount = 286718, SleepMilliseconds = 60000.
TickCount = 286765, SleepMilliseconds = 60000.
TickCount = 286781, SleepMilliseconds = 60000.
TickCount = 286796, SleepMilliseconds = 60000.
TickCount = 286859, SleepMilliseconds = 60000.
TickCount = 287343, SleepMilliseconds = 60000.
TickCount = 287359, SleepMilliseconds = 60000.
TickCount = 287390, SleepMilliseconds = 60000.
TickCount = 287468, SleepMilliseconds = 60000.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:窗口信息
详情信息:Pid = 2928, Hwnd=0x1034a, Text = 下一步(&N) >, ClassName = Button.
Pid = 2928, Hwnd=0x1034c, Text = 取消(&C), ClassName = Button.
Pid = 2928, Hwnd=0x10358, Text = 金山毒霸安装程序 , ClassName = Static.
Pid = 2928, Hwnd=0x1035a, Text = 金山毒霸安装程序, ClassName = Static.
Pid = 2928, Hwnd=0x1036a, Text = 欢迎使用金山毒霸极速版, ClassName = Static.
Pid = 2928, Hwnd=0x1036c, Text = 金山毒霸极速版为您提供卓越的安全防护 金山毒霸已获认证:, ClassName = Static.
Pid = 2928, Hwnd=0x20344, Text = 金山毒霸极速版安装程序, ClassName = #32770.
Pid = 2928, Hwnd=0x10348, Text = < 上一步(&B), ClassName = Button.
Pid = 2928, Hwnd=0x1034a, Text = 我接受(&I), ClassName = Button.
Pid = 2928, Hwnd=0x1035e, Text = 许可协议, ClassName = Static.
Pid = 2928, Hwnd=0x10360, Text = 请仔细阅读下面的许可协议。, ClassName = Static.
Pid = 2928, Hwnd=0x2036e, Text = 按 <Page Down> 键以查看协议的剩余部分。, ClassName = Static.
Pid = 2928, Hwnd=0x20374, Text = 您是否接受上述“许可协议”的所有条款?如果选择“我接受(I)”,将继续为您安装本软件,如果选择“取消(C)”,将退出安装程序。, ClassName = Static.
Pid = 2928, Hwnd=0x1035e, Text = 选择安装位置, ClassName = Static.
Pid = 2928, Hwnd=0x10360, Text = 选择金山毒霸极速版的安装文件夹。, ClassName = Static.
行为描述:可执行文件签名信息
详情信息:C:\WINDOWS\Temp\KAV3.EXE(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcr80.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcp80.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\ksiext.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\UserInfo.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\kasearch.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\InstallOptions.dll(签名验证: 未通过)
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kavmain.exe(签名验证: 通过)
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\scomregsvr.exe(签名验证: 通过)
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\uplive.exe(签名验证: 通过)
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\setupwiz.exe(签名验证: 通过)
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kavlog2.exe(签名验证: 通过)
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kstart.exe(签名验证: 通过)
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\krecycle.exe(签名验证: 通过)
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 60000.
[7]: MilliSeconds = 60000.
[8]: MilliSeconds = 60000.
[9]: MilliSeconds = 60000.
[10]: MilliSeconds = 60000.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [金山毒霸安装程序,Static]
[Window,Class] = [金山毒霸安装程序 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [金山毒霸极速版安装程序 ,#32770]
行为描述:可执行文件MD5
详情信息:C:\WINDOWS\Temp\KAV3.EXE ---> 文件过大!
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcr80.dll ---> e4fece18310e23b1d8fee993e35e7a6f
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\msvcp80.dll ---> 4c8a880eabc0b4d462cc4b2472116ea1
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\ksiext.dll ---> aed417fde084b12abe5f6a8dd62bad74
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\System.dll ---> 4125926391466fdbe8a4730f2374b033
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\UserInfo.dll ---> e24e45e1bc891bb8825e6b0b0ec6d301
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\kasearch.dll ---> 0c4de4a05866c083b3ba78013584797b
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh6.tmp\InstallOptions.dll ---> 9b2ad0546fd834c01a3bdcbfbc95da7d
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kavmain.exe ---> f2bb7d9babcfd43a88c7e5d23d0c7aa5
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\scomregsvr.exe ---> ef9bd95cc010b57911153f44d7ce1b2a
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\uplive.exe ---> ac3804e141ce0fa8e5096e747a1d3e80
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\setupwiz.exe ---> dc50b3b5b4ea36a14441cd11c9c8e69a
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kavlog2.exe ---> ba383dd1e52564ae738f7d3d669bd31e
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\kstart.exe ---> 383c660d79d6540dce3e4e2d1c44253a
C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\krecycle.exe ---> f51d6ff9aa44df99b96c3a9dd74a41ad
行为描述:打开互斥体
详情信息:ShimCacheMutex
行为描述:创建系统服务
详情信息:[服务创建成功]: kwatch32, C:\WINDOWS\system32\drivers\kwatch32.sys
[服务创建成功]: KxEServ, C:\Program Files\Common Files\Kingsoft\CommonService\kxeserv.exe
行为描述:加载新释放的文件
详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh6.tmp\ksiext.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh6.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh6.tmp\UserInfo.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh6.tmp\kasearch.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh6.tmp\InstallOptions.dll.
Image: C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\msvcp80.dll.
Image: C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\msvcr80.dll.
Image: C:\Program Files\Kingsoft\Kingsoft AntiVirus NetBook Edition\scom.dll.
Image: C:\Program Files\Common Files\Kingsoft\CommonService\kxecore\kxehttp.dll.
Image: C:\Program Files\Common Files\Kingsoft\CommonService\kxebase.dll.
Image: C:\Program Files\Common Files\Kingsoft\CommonService\kxecore\kxeevent.dll.
Image: C:\Program Files\Common Files\Kingsoft\CommonService\kxecore\kxecfg.dll.
Image: C:\Program Files\Common Files\Kingsoft\CommonService\kxecore\kxethr.dll.
Image: C:\Program Files\Common Files\Kingsoft\CommonService\kxecore\kxelog.dll.
Image: C:\Program Files\Common Files\Kingsoft\CommonService\serviceprovider\kxeupdsp.dll.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号