小马二只（流氓桌面图标软件Up:2011-3-27）

显示全部楼层 · 发表于 2011-3-26 21:24:23

本帖最后由小飞侠.net 于 2011-3-27 16:17 编辑

下载：ht tp://www.qq911.com/u/fz1315.rar
ht tp://www.qq911.com/u/waigua1315.rar

来源：ht tp://www.suopao.org/read-htm-tid-553193.html

毒霸下载保护：已入库！

PS：和外-挂有关滴网站提供流氓桌面图标软件修复难度可能有点大。

显示全部楼层 · 发表于 2011-3-26 21:27:18

nuodun kill

显示全部楼层 · 发表于 2011-3-26 21:27:51

eset 清空
C:\Users\微亿毫\Desktop\bdbd\fz1315.rar > RAR > 关闭杀毒使用,外-挂三分毒,用完请杀毒.txt - 正常
C:\Users\微亿毫\Desktop\bdbd\fz1315.rar > RAR > 变态辅助最新版.exe - Win32/TrojanDropper.Agent.OJT 特洛伊木马
C:\Users\微亿毫\Desktop\bdbd\waigua1315.rar > RAR > 关闭杀毒使用,外-挂三分毒,用完请杀毒.txt - 正常
C:\Users\微亿毫\Desktop\bdbd\waigua1315.rar > RAR > 超强外-挂最新版.exe - Win32/TrojanDropper.Agent.OJT 特洛伊木马

显示全部楼层 · 发表于 2011-3-26 21:30:44

nod连接一般就给kill掉了

显示全部楼层 · 发表于 2011-3-26 21:33:23

nis2011：

显示全部楼层 · 发表于 2011-3-26 21:34:49

rising kill

显示全部楼层 · 发表于 2011-3-26 22:38:19

趋势 kill 2 virus (BKDR)~

显示全部楼层 · 发表于 2011-3-26 23:01:21

2011-3-26 22:52:37 创建新进程允许
进程: c:\windows\explorer.exe
目标: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
命令行: "d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]d:\我的文档\*

2011-3-26 22:52:39 修改文件允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\p20.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:52:40 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: d:\我的文档
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:52:41 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:52:42 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:52:42 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:52:43 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:52:44 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:52:46 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\p20.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\p20.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:52:47 修改文件允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\0.15.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:52:48 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\p20.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RunmeAtStartup
值: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\p20.exe
规则: [注册表组]自动运行 -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*

2011-3-26 22:52:51 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\0.15.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.15.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:52:52 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\p20.exe
目标: C:\WINDOWS\system32\xvhost.sb
规则: [文件组]全局写入询问 -> [文件]c:\windows\*

2011-3-26 22:52:53 修改文件允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\07.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:52:56 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\07.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\07.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:52:57 修改文件允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\1301.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:52:58 创建新进程允许
进程: c:\documents and settings\administrator\local settings\temp\07.exe
目标: c:\documents and settings\administrator\local settings\temp\07.exe
命令行: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\07.exe
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:53:01 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\20859640.dll
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.dll

2011-3-26 22:53:02 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\1301.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1301.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:53:02 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\07.exe
目标: C:\277.txt
规则: [文件组]文件阻止及保护 -> [文件]?:\

2011-3-26 22:53:04 创建新进程阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: c:\windows\system32\rundll32.exe
命令行: rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20859640.dll testall
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]c:\windows\*

2011-3-26 22:53:07 修改文件允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Loader_forqiqi_9179.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:53:08 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\q2h5I28V5JuHiq8.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:53:10 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\WINDOWS\system32\20867718.exe
规则: [文件组]系统核心目录Ⅰ -> [文件]c:\windows\*; *.exe

2011-3-26 22:53:12 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\fz1315\变态辅助最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Loader_forqiqi_9179.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:53:14 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\q2h5I28V5JuHiq8.exe.bat
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.bat

2011-3-26 22:53:15 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\WINDOWS\system32\drivers\pcidump.sys
规则: [文件组]系统核心目录Ⅰ -> [文件]c:\windows\system32\drivers\*

2011-3-26 22:53:16 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:16 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:16 创建注册表项阻止
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcidump
规则: [注册表组]系统服务 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services

2011-3-26 22:53:16 创建注册表项阻止
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcidump
规则: [注册表组]系统服务 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services

2011-3-26 22:53:17 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:17 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:18 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:20 创建新进程阻止
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\q2h5I28V5JuHiq8.exe.bat" "
规则: [应用程序组]系统程序 -> [应用程序]* -> [子应用程序]c:\windows\system32\cmd.exe

2011-3-26 22:53:21 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:21 修改文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: \Device\NamedPipe\ROUTER
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [文件]\device\namedpipe\*

2011-3-26 22:53:23 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\1301.exe.bat
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.bat

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[1].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[2].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[3].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[4].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[5].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[6].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[7].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[8].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[9].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[10].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[11].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDP.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZV.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYD.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IH.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESX.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXI.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQ.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQO.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DEL.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\V(pplive)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\)_forqiqi_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OM.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\i_9179CA0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\0YHQ98CA6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\6NKPDPCABU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0E.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\BU40G0CA2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\2HMV39CA4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\4KA9ZVCAC2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVY.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\C2COYDCAVPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZ.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\VPE3IHCA2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJ.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\2K5ESXCA9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDR.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\9U1PXICAGJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXA.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\GJJXKQCAQ5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTN.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\Q5LW85CAT15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJ.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\T15KQOCA8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MO.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\8UH9V6CA9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MOCAIF7SE6.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\9N3DELCA91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MOCAIF7SE6CAOO95CB.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\91SEO0CA2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MOCAIF7SE6CAOO95CBCALPIIUU.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\2HZO40CAUY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MOCAIF7SE6CAOO95CBCALPIIUUCAMTGPQU.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\UY92OMCAXZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MOCAIF7SE6CAOO95CBCALPIIUUCAMTGPQUCAK8S7OH.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\XZ22D8CAXT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MOCAIF7SE6CAOO95CBCALPIIUUCAMTGPQUCAK8S7OHCA4JZOUH.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\XT2OI5CAKN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MOCAIF7SE6CAOO95CBCALPIIUUCAMTGPQUCAK8S7OHCA4JZOUHCAMFRYGB.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\KN6X0ECAS7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MOCAIF7SE6CAOO95CBCALPIIUUCAMTGPQUCAK8S7OHCA4JZOUHCAMFRYGBCAJQPNPS.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:23 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\S7LJD3CAABI388CAH05IVYCA3VA0ZZCAB2KSRJCAVHZVDRCAG5HGXACAYLKMTNCAMNNAIJCA4J70MOCAIF7SE6CAOO95CBCALPIIUUCAMTGPQUCAK8S7OHCA4JZOUHCAMFRYGBCAJQPNPSCAS0QDNP.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:53:24 修改文件允许
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\0.15.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:53:25 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: d:\我的文档
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:26 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\WINDOWS\system32\scvhost.exe
规则: [文件组]系统核心目录Ⅰ -> [文件]c:\windows\*; *.exe

2011-3-26 22:53:27 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:31 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: D:\我的文档\viurs test\bdbd\fz1315\kl78a.bat
规则: [文件组]Documents and Settings_阻止 -> [文件]d:\我的文档\*; *.bat

2011-3-26 22:53:32 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:32 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:33 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:34 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:53:35 创建新进程阻止
进程: c:\documents and settings\administrator\local settings\temp\1301.exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1301.exe.bat" "
规则: [应用程序组]系统程序 -> [应用程序]* -> [子应用程序]c:\windows\system32\cmd.exe

2011-3-26 22:53:36 创建新进程阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c ""d:\我的文档\viurs test\bdbd\fz1315\kl78a.bat" "
规则: [应用程序组]系统程序 -> [应用程序]* -> [子应用程序]c:\windows\system32\cmd.exe

--------------------------------------------------------------

显示全部楼层 · 发表于 2011-3-26 23:01:39

2011-3-26 22:54:52 创建新进程允许
进程: c:\windows\explorer.exe
目标: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
命令行: "d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]d:\我的文档\*

2011-3-26 22:54:54 创建文件允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\p19.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:54:55 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: d:\我的文档
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:54:56 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:54:57 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:54:58 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:54:58 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:54:59 修改注册表值阻止
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:01 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\p19.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\p19.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:55:02 修改文件允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\0.15.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:55:03 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\p19.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RunmeAtStartup
值: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\p19.exe
规则: [注册表组]自动运行 -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*

2011-3-26 22:55:04 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\0.15.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.15.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:55:05 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\p19.exe
目标: C:\WINDOWS\system32\xvhost.sb
规则: [文件组]全局写入询问 -> [文件]c:\windows\*

2011-3-26 22:55:07 修改文件允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\07.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:55:08 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\07.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\07.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:55:10 创建文件允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\1300.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:55:11 创建新进程允许
进程: c:\documents and settings\administrator\local settings\temp\07.exe
目标: c:\documents and settings\administrator\local settings\temp\07.exe
命令行: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\07.exe
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:55:14 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\1300.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1300.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:55:15 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\20993187.dll
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.dll

2011-3-26 22:55:15 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\07.exe
目标: C:\277.txt
规则: [文件组]文件阻止及保护 -> [文件]?:\

2011-3-26 22:55:17 修改文件允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Loader_forqiqi_9179.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:55:18 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\8iK2eUiV25N58wa.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:55:19 创建新进程阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: c:\windows\system32\rundll32.exe
命令行: rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20993187.dll testall
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]c:\windows\*

2011-3-26 22:55:21 创建新进程允许
进程: d:\我的文档\viurs test\bdbd\waigua1315\超强外-挂最新版.exe
目标: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Loader_forqiqi_9179.exe"
规则: [应用程序组]威胁提示Ⅰ -> [应用程序]* -> [子应用程序]?:\documents and settings\*\local settings\temp\*

2011-3-26 22:55:23 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\8iK2eUiV25N58wa.exe.bat
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.bat

2011-3-26 22:55:24 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\WINDOWS\system32\21003593.exe
规则: [文件组]系统核心目录Ⅰ -> [文件]c:\windows\*; *.exe

2011-3-26 22:55:25 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:25 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:26 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:27 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\WINDOWS\system32\drivers\pcidump.sys
规则: [文件组]系统核心目录Ⅰ -> [文件]c:\windows\system32\drivers\*

2011-3-26 22:55:28 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:28 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:28 创建注册表项阻止
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcidump
规则: [注册表组]系统服务 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services

2011-3-26 22:55:28 创建注册表项阻止
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcidump
规则: [注册表组]系统服务 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services

2011-3-26 22:55:30 创建新进程阻止
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\8iK2eUiV25N58wa.exe.bat" "
规则: [应用程序组]系统程序 -> [应用程序]* -> [子应用程序]c:\windows\system32\cmd.exe

2011-3-26 22:55:32 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:33 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\1300.exe.bat
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.bat

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[1].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[2].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[3].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[4].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[5].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[6].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[7].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[8].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[9].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[10].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179[11].exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUB.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GG.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZOR.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FW.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PS.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BU.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRB.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46U.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HS.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\PPTV(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBF.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\V(pplive)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LX.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\)_forqiqi_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQ.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\i_9179CATYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZ.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\TYWC71CAK8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33Y.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\K8TMUBCAUEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\UEY3GGCACD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4L.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\CD2U13CARBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWK.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\RBUZORCA7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHX.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\7X38FWCAJBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJS.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\JBF8PSCA8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKY.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\8DUFN8CAUNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\UNO4BUCAGUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\GUYWX3CA0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCX.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\0C7JRBCARTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\RTX46UCA26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\26U6HSCAZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49CAQMIJNG.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\ZCN389CA0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49CAQMIJNGCAN8GE8D.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\0K0NBFCA53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49CAQMIJNGCAN8GE8DCAW409EV.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\53X8LXCAU8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49CAQMIJNGCAN8GE8DCAW409EVCAI49X49.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\U8N1GQCA71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49CAQMIJNGCAN8GE8DCAW409EVCAI49X49CA58B9CW.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\71OMYZCAQRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49CAQMIJNGCAN8GE8DCAW409EVCAI49X49CA58B9CWCAQ6AGEJ.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\QRX33YCABEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49CAQMIJNGCAN8GE8DCAW409EVCAI49X49CA58B9CWCAQ6AGEJCA1065IG.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\BEWMA5CA5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49CAQMIJNGCAN8GE8DCAW409EVCAI49X49CA58B9CWCAQ6AGEJCA1065IGCA9H3L4S.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:33 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\loader_forqiqi_9179.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LMNUC5D0\5WYM4LCANNRLWKCAAZQLHXCA24UIJSCASY3VKYCA57ZHN7CAVP0585CADZJSCXCA12CIM3CAF1RJ49CAQMIJNGCAN8GE8DCAW409EVCAI49X49CA58B9CWCAQ6AGEJCA1065IGCA9H3L4SCAW8FUZ6.exe
规则: [文件组]IE Cache -> [文件]*\temporary internet files\*; *.exe

2011-3-26 22:55:34 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: d:\我的文档
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:36 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:37 修改文件允许
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\0.15.exe
规则: [文件组]Documents and Settings_阻止 -> [文件]?:\documents and settings\*; *.exe

2011-3-26 22:55:38 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:39 创建文件阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: C:\WINDOWS\system32\scvhost.exe
规则: [文件组]系统核心目录Ⅰ -> [文件]c:\windows\*; *.exe

2011-3-26 22:55:40 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:42 创建文件允许
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: D:\我的文档\viurs test\bdbd\waigua1315\kl78a.bat
规则: [文件组]Documents and Settings_阻止 -> [文件]d:\我的文档\*; *.bat

2011-3-26 22:55:43 创建新进程阻止
进程: c:\documents and settings\administrator\local settings\temp\1300.exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1300.exe.bat" "
规则: [应用程序组]系统程序 -> [应用程序]* -> [子应用程序]c:\windows\system32\cmd.exe

2011-3-26 22:55:44 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:45 修改注册表值阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]资源管理器相关设置 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders*

2011-3-26 22:55:46 创建新进程阻止
进程: c:\documents and settings\administrator\local settings\temp\0.15.exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c ""d:\我的文档\viurs test\bdbd\waigua1315\kl78a.bat" "
规则: [应用程序组]系统程序 -> [应用程序]* -> [子应用程序]c:\windows\system32\cmd.exe

动作都差不多[:26:]

显示全部楼层 · 发表于 2011-3-27 06:33:09

是否前几天发的两个小马类似。。。？！

[病毒样本] 小马二只（流氓桌面图标软件Up:2011-3-27）

本帖子中包含更多资源

评分

本帖子中包含更多资源

浏览过的版块