13.10.2009, 21:30
Kod:
DefenseWall HIPS log file
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value ParseAutoexec within the key HKU.DEFAULTSoftwareMicrosoftWindows NTCurrentVersionWinlogon (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to open secured file C:WINDOWSsystem32config (File )
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to open secured file C:WINDOWSsystem32config (File )
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value AppData within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value ParseAutoexec within the key HKU.DEFAULTSoftwareMicrosoftWindows NTCurrentVersionWinlogon (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to open secured file C:WINDOWSsystem32config (File )
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to open secured file C:WINDOWSsystem32config (File )
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value AppData within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value IntranetName within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMap (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value UNCAsIntranet within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMap (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value AutoDetect within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMap (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value ProxyBypass within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMap (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value IntranetName within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMap (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value UNCAsIntranet within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMap (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value AutoDetect within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMap (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value Cache within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value Cookies within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value History within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to delete service (Service)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value ParseAutoexec within the key HKU.DEFAULTSoftwareMicrosoftWindows NTCurrentVersionWinlogon (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to open secured file C:WINDOWSsystem32config (File )
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to open secured file C:WINDOWSsystem32config (File )
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value Common AppData within the key HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerShell Folders (Registry)
10.13.200922:26:00, module C:WINDOWSsystem32mshta.exe, Attempt to set value ProxyBypass within the key HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMap (Registry)
yyy co to takiego ? zezwalać czy nie ? pojawilo sie okienko DW dalem na Terminate, niby to MS ale co o tym myslisz Creer?