中财网郑则仕演军阀的电影:QQ暗中间谍行为??附上监视记录 The Last Fantasy
来源:百度文库 编辑:中财网 时间:2024/04/29 02:05:12
开机几个小时,几乎没聊天,从不玩QQ游戏,也不看QQ新闻,没做其他事。
任务管理器里面QQ的[I/O其他字节]已经高达350MB
我一直盯着它看,每秒钟都有几十KB的增长,也就是说它不停的在进行读写操作。
打开微软收购Sysinternal的Process Monitor 发现 不停的创建bg.png并读取(我后来把它找到,改成bg@@.png),发送到某IP
而且每隔一段时间就要连续三次读取我的
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
IE历史记录,what the f*ck!
发送到这个地址:124.115.0.70. IP地址归属城市:, 陕西省西安市. 网络类型:, 电信IDC机房
这种IP不像是一般黑客
可能是qq跟服务器的正常通讯(腾讯有西安服务器?我的物理地址是其它省),可它在我机子上面干这些做什么?
我今天才格了盘重新安装的XP sp2,通过Opera+flashget下载的新QQ。
不应该是病毒,而是qq的间谍行为。
而且网络披露过qq的前科,自动为敏感内容截图,三个互相保护的文件进程
qq试图对杀软动手脚
下面是我的监控记录。这只是大量数据中的一小部分,QQ一直重复这个动作。
8:04:10.9015854 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9018581 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9020520 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9025853 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9026289 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9026501 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9026722 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9027185 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9027526 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9030096 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9032926 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9038556 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9041883 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9046328 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9049272 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9051163 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9051753 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9052068 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9052261 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9052474 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9053407 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9053608 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9056091 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9058262 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9060151 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9064428 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9069157 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9070987 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9074010 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9074594 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9074884 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9075071 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9075284 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9075647 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9075845 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9078879 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9081609 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9083503 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9087196 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9091227 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9093054 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9094929 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9095459 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9096001 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9096189 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9096404 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9097275 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9097471 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9099954 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9101784 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9103793 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9107349 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9111640 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9116116 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9118015 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9118596 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9118887 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9119069 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9119284 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9119795 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9119999 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9122468 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9124298 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9126843 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9129939 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9134252 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9137085 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9139267 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9139825 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9140105 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9140289 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9140499 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9140848 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9141038 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9143494 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9156456 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9158359 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9162647 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9312917 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat SUCCESS AllocationSize: 655,360, EndOfFile: 655,360, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9315426 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat SUCCESS AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9316725 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat SUCCESS AllocationSize: 655,360, EndOfFile: 655,360, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9317907 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat SUCCESS AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9348908 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat SUCCESS AllocationSize: 655,360, EndOfFile: 655,360, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9350891 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat SUCCESS AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9359105 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9363264 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9365209 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9366117 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9366558 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9366776 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9367005 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9367477 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9367687 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9370715 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9372562 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9374453 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9377744 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9382127 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9383957 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9385999 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9386561 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9386854 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9387041 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9387259 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9387620 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9387821 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9390584 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9401317 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9403267 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9406482 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9411416 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9413265 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9416321 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9416992 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9417319 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9417512 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9417752 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9418772 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9418978 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9421459 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9423294 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9425208 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9428569 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9476153 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9478279 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9480187 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9490764 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9491211 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9491415 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9491644 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9492105 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9492309 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9495088 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9497592 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9501363 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9504665 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9514342 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9516583 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9518485 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9519128 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9519435 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9519625 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9519843 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9520659 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9520863 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9523332 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9525171 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9527629 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9532336 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9541871 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9544463 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9547805 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9548464 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9548791 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9548986 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9549204 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9549601 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9549802 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9552272 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9554104 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9556708 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9560454 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
任务管理器里面QQ的[I/O其他字节]已经高达350MB
我一直盯着它看,每秒钟都有几十KB的增长,也就是说它不停的在进行读写操作。
打开微软收购Sysinternal的Process Monitor 发现 不停的创建bg.png并读取(我后来把它找到,改成bg@@.png),发送到某IP
而且每隔一段时间就要连续三次读取我的
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
IE历史记录,what the f*ck!
发送到这个地址:124.115.0.70. IP地址归属城市:, 陕西省西安市. 网络类型:, 电信IDC机房
这种IP不像是一般黑客
可能是qq跟服务器的正常通讯(腾讯有西安服务器?我的物理地址是其它省),可它在我机子上面干这些做什么?
我今天才格了盘重新安装的XP sp2,通过Opera+flashget下载的新QQ。
不应该是病毒,而是qq的间谍行为。
而且网络披露过qq的前科,自动为敏感内容截图,三个互相保护的文件进程
qq试图对杀软动手脚
Quote:
SYMANTEC 防篡改警报
目标: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
事件信息: 打开 进程
采取的操作: 已禁止
操作过程: E:\Program Files\Tencent\QQ\Bin\auclt.exe (PID 1676)
时间: 2009年9月5日 7:35:19
Quote:
SYMANTEC 防篡改警报
目标: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
事件信息: 打开 进程
采取的操作: 已禁止
操作过程: E:\Program Files\Tencent\QQ\Bin\QQ.exe (PID 2656)
时间: 2009年9月5日 7:40:24
下面是我的监控记录。这只是大量数据中的一小部分,QQ一直重复这个动作。
8:04:10.9015854 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9018581 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9020520 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9025853 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9026289 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9026501 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9026722 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9027185 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9027526 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9030096 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9032926 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9038556 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9041883 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9046328 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9049272 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9051163 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9051753 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9052068 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9052261 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9052474 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9053407 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9053608 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9056091 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9058262 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9060151 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9064428 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9069157 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9070987 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9074010 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9074594 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9074884 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9075071 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9075284 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9075647 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9075845 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9078879 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9081609 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9083503 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9087196 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9091227 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9093054 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9094929 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9095459 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9096001 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9096189 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9096404 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9097275 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9097471 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9099954 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9101784 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9103793 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9107349 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9111640 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9116116 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9118015 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9118596 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9118887 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9119069 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9119284 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9119795 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9119999 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9122468 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9124298 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9126843 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9129939 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9134252 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9137085 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9139267 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9139825 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9140105 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9140289 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9140499 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9140848 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9141038 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9143494 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9156456 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9158359 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9162647 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9312917 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat SUCCESS AllocationSize: 655,360, EndOfFile: 655,360, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9315426 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat SUCCESS AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9316725 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat SUCCESS AllocationSize: 655,360, EndOfFile: 655,360, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9317907 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat SUCCESS AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9348908 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat SUCCESS AllocationSize: 655,360, EndOfFile: 655,360, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9350891 QQ.exe 3464 QueryStandardInformationFile C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat SUCCESS AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: False
8:04:10.9359105 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9363264 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9365209 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9366117 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9366558 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9366776 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9367005 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9367477 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9367687 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9370715 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9372562 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9374453 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9377744 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9382127 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9383957 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9385999 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9386561 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9386854 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9387041 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9387259 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9387620 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9387821 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9390584 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9401317 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9403267 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9406482 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9411416 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9413265 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9416321 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9416992 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9417319 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9417512 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9417752 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9418772 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9418978 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9421459 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9423294 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9425208 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9428569 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9476153 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9478279 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9480187 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9490764 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9491211 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9491415 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9491644 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9492105 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9492309 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9495088 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9497592 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9501363 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9504665 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9514342 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9516583 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9518485 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9519128 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9519435 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9519625 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9519843 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9520659 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9520863 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9523332 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9525171 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9527629 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9532336 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
8:04:10.9541871 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9544463 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9547805 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9548464 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9548791 QQ.exe 3464 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9548986 QQ.exe 3464 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap NAME NOT FOUND Desired Access: Read
8:04:10.9549204 QQ.exe 3464 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS Desired Access: Read
8:04:10.9549601 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9549802 QQ.exe 3464 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SUCCESS
8:04:10.9552272 QQ.exe 3464 CreateFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
8:04:10.9554104 QQ.exe 3464 QueryDirectory C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NO SUCH FILE Filter: bg.png
8:04:10.9556708 QQ.exe 3464 CloseFile C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052 SUCCESS
8:04:10.9560454 QQ.exe 3464 QueryOpen C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Temp\gm\2052\bg.png NAME NOT FOUND
安装记录监视软件
如何监视电脑运行记录,包括QQ等软件的运行情况和时间?
此文件监视键盘输入!是间谍软件吗?
如何QQ监视
QQ能监视吗?
QQ局域网监视软件
如何监视我的电脑上网记录
服务器怎么监视其他机器的操作行为?
我想买个针孔的摄象机监视老婆的行为。
QQ聊天间谍的问题
QQ是否捆绑间谍软件????
QQ聊天间谍演示版
怎么监视他人QQ信息?
监视其它主机qq聊天
怎样的行为有犯罪记录?
baidu涉及监视用户?zonealarm把baidu看为间谍网站!
baidu涉及监视用户?zonealarm把baidu看为间谍网站
哪里有下载QQ间谍3.0
有没有QQ间谍免费版的
跪求QQ聊天间谍4.8 注册码!!!!!!!!!
请问QQ间谍能查到什么?
哪里有下载QQ间谍3.0
跪求qq聊天间谍4.8注册码
求免费的QQ间谍软件!