木马群
风险:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<VMSnap3><C:\WINDOWS\VMSnap3.EXE> [ZSMCSNAP]
<Domino><C:\WINDOWS\Domino.EXE> [Vimicro]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [File is missing]
威胁
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]<{669029EE-81FB-496F-9AC4-FE838B16F231}><C:\WINDOWS\system32\erdznUfbK0ZF.dll> [File is missing]
<{4E5CFE74-700B-4A8B-B0BF-A6B47D896C18}><C:\WINDOWS\system32\GrTZqH5SnRhAt.dll> [File is missing]
<{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><C:\WINDOWS\system32\56BC86C7.dll> [File is missing]
<{028A997C-4262-4107-BD46-2ABBC6143E8C}><C:\WINDOWS\system32\efc0c52cc1.dll> [File is missing]
<{AA4CD878-B510-4508-83EB-DE968E358D15}><C:\WINDOWS\system32\Nj4gYd3rUbJ57.dll> [File is missing]
<{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><C:\WINDOWS\system32\08223B03.dll> [File is missing]
<{76B9BA7A-81D0-4979-8598-8471F2AB5186}><C:\WINDOWS\system32\76B9BA7A.dll> [File is missing]
<{A5CA6C70-7185-4466-AB45-B1C34E7A37CA}><C:\WINDOWS\system32\ed78ab9.dll> [File is missing]
<{0D267113-499A-4EEF-998D-C45731C1B313}><C:\WINDOWS\system32\VnTU2WAqUcZA6.dll> [File is missing]
<{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><C:\WINDOWS\system32\E4814792.dll> [File is missing]
<{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}><C:\WINDOWS\system32\A1A6BC2E.dll> [File is missing]
<{76CBCF38-0583-44C7-A1AE-D463DFE625EC}><C:\WINDOWS\system32\skcfujQ5EDN.dll> []
<{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><C:\WINDOWS\system32\2EF0D734.dll> []
<{70DF1AE4-AF9E-4457-8A6A-D2D49691FF4B}><C:\Program Files\Internet Explorer\DoboMako.lsp> [File is missing]
风险驱动
[NPF / NPF][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\36.tmp><N/A>
[ULI SCSI MiniPort / MACPIET][Running/Boot Start]
<\SystemRoot\System32\drivers\uytfxrrj.sys><N/A>
[vmfilter303 / vmfilter303][Running/Manual Start]
<system32\drivers\vmfilter303.sys><Vimicro Corporation>
[USB PC Camera (Vimicro301 Neptune) / ZSMC303][Running/Manual Start]
<System32\Drivers\usbVM303.sys><Vimicro Corporation>
异常[C:\WINDOWS\system32\mtlrd.dll] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\2EF0D734.dll] [N/A, ]
[C:\WINDOWS\Downlo~1\5a2b.dll] [Microsoft Corporation, 5, 3, 2600, 2180]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
风险[PID: 1212 / Administrator][E:\DZH5\internet\hypwise.exe] [N/A, ]
计划删除:
计划任务
[已启用] 5a2ac.job
rundll32
[已启用] 5a2b.job
rundll32