没有监控到是为什么呢/-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] 没有监控到是为什么呢/ 0.00雪花

发表于: 2010-2-21 15:39 3990

[旧帖] 没有监控到是为什么呢/ 0.00雪花

avast陈新

2010-2-21 15:39

3990

2.05123901 explorer.exe:2008 OpenKey HKCU\Software\Classes\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.05126071 explorer.exe:2008 OpenKey HKCR\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.05135536 explorer.exe:2008 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\桌面\unRecoveryToolboxForSQLServer.exe SUCCESS "unRecoveryToolboxForSQLServer"
2.07557082 explorer.exe:2008 QueryValue HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Documents and Settings\Administrator\桌面\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.07703400 explorer.exe:2008 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.08004379 unRecoveryToolb:3760 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.11079288 unRecoveryToolb:3760 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unRecoveryToolboxForSQLServer.exe\RpcThreadPoolThrottle NOT FOUND
2.14060807 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14071155 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14081144 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14091730 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14101791 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14111853 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14121914 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14132237 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14140630 unRecoveryToolb:3760 QueryValue HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14148808 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14158773 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14168763 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14178634 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14194989 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14204907 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14214969 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14223504 unRecoveryToolb:3760 QueryValue HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14231777 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14241719 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14251757 unRecoveryToolb:3760 QueryValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.14404202 unRecoveryToolb:3760 OpenKey HKLM\SOFTWARE\Microsoft\CTF\Compatibility\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.21586990 unRecoveryToolb:3760 OpenKey HKCU\Software\Classes\AppID\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.21589279 unRecoveryToolb:3760 OpenKey HKCR\AppID\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.24106979 explorer.exe:2008 OpenKey HKCU\Software\Classes\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.24109554 explorer.exe:2008 OpenKey HKCR\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.24125123 explorer.exe:2008 OpenKey HKCU\Software\Classes\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.24127316 explorer.exe:2008 OpenKey HKCR\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.24137855 explorer.exe:2008 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\桌面\unRecoveryToolboxForSQLServer.exe SUCCESS "unRecoveryToolboxForSQLServer"
2.27519464 explorer.exe:2008 OpenKey HKCU\Software\Classes\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.27522111 explorer.exe:2008 OpenKey HKCR\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.27536798 explorer.exe:2008 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\桌面\unRecoveryToolboxForSQLServer.exe SUCCESS "unRecoveryToolboxForSQLServer"
2.27796054 explorer.exe:2008 OpenKey HKCU\Software\Classes\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND
2.27798486 explorer.exe:2008 OpenKey HKCR\Applications\unRecoveryToolboxForSQLServer.exe NOT FOUND

我在注册表里看到假码是保存在 [HKEY_CURRENT_USER\Software\Recovery Toolbox for SQL Server]
"Key"=
这里请问为什么没有检测到，还有这个重启验证的难道大牛们都没办法，吗？我已发过悬赏贴

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・0

免费・0

支持

最新回复 (2)
xlfxlfxlf 雪币： 156 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 60 粉丝 0 关注私信	xlfxlfxlf 2 楼好大一片,眼睛都花了.而且不懂你问的是什么问题. 2010-2-28 21:24 0
cnywco 雪币： 30 活跃值： (16) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 75 粉丝 0 关注私信	cnywco 3 楼有人搞定了不？？ 2010-12-24 19:34 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

avast陈新

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
xlfxlfxlf 雪币： 156 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 60 粉丝 0 关注私信	xlfxlfxlf 2 楼好大一片,眼睛都花了.而且不懂你问的是什么问题. 2010-2-28 21:24 0
cnywco 雪币： 30 活跃值： (16) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 75 粉丝 0 关注私信	cnywco 3 楼有人搞定了不？？ 2010-12-24 19:34 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复