开机几个小时,几乎没聊天,从不玩QQ游戏,也不看QQ新闻,没做其他事。
任务管理器里面QQ的[I/O其他字节]已经高达350MB 我一直盯着它看,每秒钟都有几十KB的增长,也就是说它不停的在进行读写操作。 打开微软收购Sysinternal的Process Monitor 发现 不停的创建bg.png并读取(我后来把它找到,改成bg@@.png),发送到某IP 而且每隔一段时间就要连续三次读取我的 C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat IE历史记录,what the f*ck! 发送到这个地址:124.115.0.70. IP地址归属城市:, 陕西省西安市. 网络类型:, 电信IDC机房 这种IP不像是一般黑客 可能是qq跟服务器的正常通讯(腾讯有西安服务器?我的物理地址是其它省),可它在我机子上面干这些做什么? 我今天才格了盘重新安装的XP sp2,通过Opera+flashget下载的新QQ。 不应该是病毒,而是qq的间谍行为。 而且网络披露过qq的前科,自动为敏感内容截图,三个互相保护的文件进程 qq试图对杀软动手脚 Quote:SYMANTEC 防篡改警报 Quote:SYMANTEC 防篡改警报 下面是我的监控记录。这只是大量数据中的一小部分,QQ一直重复这个动作。 8:04:10.9015854 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9018581 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9020520 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9025853 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9026289 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9026501 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9026722 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9027185 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9027526 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9030096 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9032926 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9038556 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9041883 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9046328 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9049272 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9051163 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9051753 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9052068 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9052261 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9052474 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9053407 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9053608 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9056091 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9058262 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9060151 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9064428 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9069157 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9070987 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9074010 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9074594 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9074884 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9075071 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9075284 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9075647 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9075845 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9078879 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9081609 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9083503 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9087196 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9091227 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9093054 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9094929 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9095459 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9096001 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9096189 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9096404 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9097275 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9097471 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9099954 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9101784 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9103793 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9107349 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9111640 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9116116 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9118015 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9118596 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9118887 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9119069 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9119284 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9119795 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9119999 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9122468 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9124298 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9126843 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9129939 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9134252 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9137085 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9139267 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9139825 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9140105 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9140289 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9140499 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9140848 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9141038 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9143494 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9156456 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9158359 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9162647 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9312917 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat SUCCESS AllocationSize: 655,360, EndOfFile: 655,360, NumberOfLinks: 1, DeletePending: False, Directory: False 8:04:10.9315426 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat SUCCESS AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: False 8:04:10.9316725 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat SUCCESS AllocationSize: 655,360, EndOfFile: 655,360, NumberOfLinks: 1, DeletePending: False, Directory: False 8:04:10.9317907 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat SUCCESS AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: False 8:04:10.9348908 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat SUCCESS AllocationSize: 655,360, EndOfFile: 655,360, NumberOfLinks: 1, DeletePending: False, Directory: False 8:04:10.9350891 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat SUCCESS AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: False 8:04:10.9359105 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9363264 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9365209 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9366117 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9366558 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9366776 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9367005 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9367477 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9367687 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9370715 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9372562 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9374453 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9377744 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9382127 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9383957 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9385999 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9386561 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9386854 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9387041 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9387259 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9387620 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9387821 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9390584 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9401317 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9403267 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9406482 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9411416 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9413265 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9416321 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9416992 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9417319 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9417512 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9417752 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9418772 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9418978 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9421459 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9423294 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9425208 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9428569 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9476153 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9478279 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9480187 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9490764 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9491211 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9491415 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9491644 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9492105 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9492309 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9495088 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9497592 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9501363 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9504665 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9514342 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9516583 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9518485 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9519128 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9519435 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9519625 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9519843 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9520659 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9520863 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9523332 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9525171 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9527629 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9532336 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND 8:04:10.9541871 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9544463 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9547805 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9548464 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9548791 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9548986 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read 8:04:10.9549204 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read 8:04:10.9549601 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9549802 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS 8:04:10.9552272 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 8:04:10.9554104 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png 8:04:10.9556708 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS 8:04:10.9560454 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND |
|