yunvyun - 2011-10-25 16:17:00
附件: 7.log (2011-10-25 16:16:36, 62.09 K)
该附件被下载次数 345
:kaka16:
用户系统信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.1; QQDownload 695; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 360SE)
天月来了 - 2011-10-25 16:29:00
2008-11-03,08:41:40
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<NeroHomeFirstStart><uusea.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SoundMan.exe> [1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{22B1E816-2CEF-4345-8142-7699C7C9935F}><C:\WINDOWS\system32\Up360.vxd> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Loader.exe]
<IFEO[360Loader.exe]><svchost.exe> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
<IFEO[360Safe.exe]><svchost.exe> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<IFEO[360tray.exe]><svchost.exe> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe]
<IFEO[ctfmon.exe]><SoundMan.exe> [1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword]
<IFEO[IceSword]><svchost.exe> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
<IFEO[Iparmor.exe]><svchost.exe> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe]
<IFEO[kmailmon.exe]><svchost.exe> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras]
<IFEO[ras]><svchost.exe> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep]
<IFEO[runiep]><svchost.exe> [(Infected) Microsoft Corporation]
==================================
正在运行的进程
[C:\WINDOWS\system32\Up360.vxd] [N/A, ]
[PID: 2748 / Administrator][C:\WINDOWS\system32\uusea.exe] [N/A, ]
[PID: 3884 / SYSTEM][C:\WINDOWS\TEMP\winlogon.exe] [N/A, ]
==================================
HOSTS 文件
[file]
open=y
url1=http://down.cvz2.cn/hb/0.exe
url2=http://down.cvz2.cn/hb/1.exe
url3=http://down.cvz2.cn/hb/2.exe
url4=http://down.cvz2.cn/hb/3.exe
url5=http://down.cvz2.cn/hb/4.exe
url6=http://down.cvz2.cn/hb/5.exe
url7=http://down.cvz2.cn/hb/6.exe
url8=http://down.cvz2.cn/hb/7.exe
url9=http://down.cvz2.cn/hb/8.exe
url10=http://down.cvz2.cn/hb/9.exe
url11=http://down.cvz2.cn/hb/10.exe
url12=http://down.cvz2.cn/hb/11.exe
url13=http://down.cvz2.cn/hb/12.exe
url14=http://down.cvz2.cn/hb/13.exe
url15=http://down.cvz2.cn/hb/14.exe
url16=http://down.cvz2.cn/hb/15.exe
url17=http://down.cvz2.cn/hb/16.exe
url18=http://down.cvz2.cn/hb/17.exe
url19=http://down.cvz2.cn/hb/18.exe
url20=http://down.cvz2.cn/hb/19.exe
url21=http://down.cvz2.cn/hb/20.exe
url22=http://down.cvz2.cn/hb/21.exe
url23=http://down.cvz2.cn/hb/22.exe
url24=http://down.cvz2.cn/hb/23.exe
url25=http://down.cvz2.cn/hb/24.exe
url26=http://down.cvz2.cn/hb/25.exe
url27=http://down.cvz2.cn/hb/27.exe
url28=http://down.cvz2.cn/hb/28.exe
url29=http://down.cvz2.cn/hb/29.exe
url30=http://down.cvz2.cn/hb/30.exe
url31=http://down.cvz2.cn/hb/31.exe
url32=http://down.cvz2.cn/hb/32.exe
url33=http://down.cvz2.cn/hb/33.exe
url34=http://down.cvz2.cn/hb/26.exe
url35=http://down.cvz2.cn/hb/34.exe
count=35
天月来了 - 2011-10-25 16:55:00
结果出来,操作就没什么可建议的了,删除即可
至于如何删除,百度即可
byxxdrls - 2011-10-25 19:24:00
svchost.exe> [(Infected)
svchost.exe这个系统文件被感染了。建议用金山急救箱解决吧。
天月来了 - 2011-10-25 19:53:00
还真是的,筛选的时候忘记了这个了:kaka8:
© 2000 - 2024 Rising Corp. Ltd.