更新:csdnsd.exe--(4/42)[MD5: 4BB649 ]

显示全部楼层 · 发表于 2010-8-8 11:31:44

2010-8-8 11:29:28 创建新进程允许
进程: c:\windows\explorer.exe
目标: c:\documents and settings\owner\my documents\csdnsd.exe
命令行: "C:\Documents and Settings\Owner\My Documents\csdnsd.exe"
规则: [应用程序]c:\windows\explorer.exe

2010-8-8 11:29:36 创建注册表项阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Frist
规则: [注册表组]IE浏览器设置 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\*

2010-8-8 11:29:38 修改注册表值阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msm4file\shell\open\command
值: "C:\WINDOWS\Downloaded Program Files\csdnsd.exe" "%1"
规则: [注册表组]系统设置 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\command

2010-8-8 11:29:41 修改注册表值阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msm4file\shellex\ContextMenuHandlers
值:
规则: [注册表组]自动运行程序所在位置 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\*

2010-8-8 11:29:43 创建文件夹允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Program Files\Internet Explorer\MUI
规则: [文件]*

2010-8-8 11:29:45 创建文件允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Program Files\Internet Explorer\MUI\iexplore.exe
规则: [文件组]所有执行文件 -> [文件]*; *.exe

2010-8-8 11:29:47 创建文件夹允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Program Files\Thunder
规则: [文件]*

2010-8-8 11:29:49 创建文件夹允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Program Files\Thunder\ComDlls
规则: [文件]*

2010-8-8 11:29:51 创建文件夹允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Program Files\Thunder\ComDlls\1143
规则: [文件]*

2010-8-8 11:29:53 创建文件允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\WINDOWS\Downloaded Program Files\csdnsd.exe
规则: [文件组]系统执行文件 -> [文件]c:\windows\*; *.exe

2010-8-8 11:29:55 创建文件允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\a.txt
规则: [文件组]全局FD -> [文件]?:\; *.txt

2010-8-8 11:29:57 修改文件允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\a.txt
规则: [文件组]全局FD -> [文件]?:\; *.txt

2010-8-8 11:30:01 创建文件阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\桌面\在线小游戏.url
规则: [文件组]临时目录 -> [文件]*; *.url

2010-8-8 11:30:07 修改文件允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\a.txt
规则: [文件组]全局FD -> [文件]?:\; *.txt

2010-8-8 11:30:10 创建文件阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\桌面\淘宝网.url
规则: [文件组]临时目录 -> [文件]*; *.url

2010-8-8 11:30:13 创建文件允许
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\b.txt
规则: [文件组]全局FD -> [文件]?:\; *.txt

2010-8-8 11:30:16 创建文件阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\桌面\Internet Explorer.msm4
规则: [文件]*

2010-8-8 11:30:19 创建文件阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.msm4
规则: [文件]*

2010-8-8 11:30:22 设置文件隐藏属性阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk
规则: [文件组]临时目录 -> [文件]*; *.lnk

2010-8-8 11:30:27 创建文件阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\「开始」菜单\Internet Explorer.msm4
规则: [文件]*

2010-8-8 11:30:29 创建文件阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\「开始」菜单\程序\Internet Explorer.msm4
规则: [文件]*

2010-8-8 11:30:33 设置文件隐藏属性阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\「开始」菜单\程序\Internet Explorer.lnk
规则: [文件组]临时目录 -> [文件]*; *.lnk

2010-8-8 11:30:37 修改注册表值阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\isi7file\shell\open\command
值: "C:\WINDOWS\Downloaded Program Files\csdnsd.exe" "%1"
规则: [注册表组]系统设置 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\command

2010-8-8 11:30:40 修改注册表值阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\isi7file\shellex\ContextMenuHandlers
值:
规则: [注册表组]自动运行程序所在位置 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\*

2010-8-8 11:30:43 设置文件隐藏属性阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
规则: [文件组]临时目录 -> [文件]*; *.lnk

2010-8-8 11:30:46 创建文件阻止
进程: c:\documents and settings\owner\my documents\csdnsd.exe
目标: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.isi7
规则: [文件]*

显示全部楼层 · 发表于 2010-8-8 11:41:18

to fs.

显示全部楼层 · 发表于 2010-8-8 12:04:51

流氓

to mp

显示全部楼层 · 发表于 2010-8-8 12:59:02

时间操作说明次数
12:55:29 已清除发现木马：Malware.QVM07.Gen 1
详细描述：
木马名称：Malware.QVM07.Gen
所在路径：C:\Users\dxm\Desktop\sdsf55whg.scr

显示全部楼层 · 发表于 2010-8-8 19:08:44

回复 13楼 62590423 的帖子

微点报了

[病毒样本] 更新:csdnsd.exe--(4/42)[MD5: 4BB649 ]