附件: 7.log (2011-10-25 16:16:36, 62.09 K)
该附件被下载次数 345

用户系统信息：Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.1; QQDownload 695; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 360SE)

2008-11-03,08:41:40

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <NeroHomeFirstStart><uusea.exe>  []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SoundMan.exe>  [1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{22B1E816-2CEF-4345-8142-7699C7C9935F}><C:\WINDOWS\system32\Up360.vxd>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Loader.exe]
    <IFEO[360Loader.exe]><svchost.exe>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><svchost.exe>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><svchost.exe>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe]
    <IFEO[ctfmon.exe]><SoundMan.exe>  [1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword]
    <IFEO[IceSword]><svchost.exe>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><svchost.exe>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe]
    <IFEO[kmailmon.exe]><svchost.exe>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras]
    <IFEO[ras]><svchost.exe>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep]
    <IFEO[runiep]><svchost.exe>  [(Infected) Microsoft Corporation]

==================================
正在运行的进程
    [C:\WINDOWS\system32\Up360.vxd]  [N/A, ]
[PID: 2748 / Administrator][C:\WINDOWS\system32\uusea.exe]  [N/A, ]
[PID: 3884 / SYSTEM][C:\WINDOWS\TEMP\winlogon.exe]  [N/A, ]

==================================
HOSTS 文件
[file]
open=y
url1=http://down.cvz2.cn/hb/0.exe
url2=http://down.cvz2.cn/hb/1.exe
url3=http://down.cvz2.cn/hb/2.exe
url4=http://down.cvz2.cn/hb/3.exe
url5=http://down.cvz2.cn/hb/4.exe
url6=http://down.cvz2.cn/hb/5.exe
url7=http://down.cvz2.cn/hb/6.exe
url8=http://down.cvz2.cn/hb/7.exe
url9=http://down.cvz2.cn/hb/8.exe
url10=http://down.cvz2.cn/hb/9.exe
url11=http://down.cvz2.cn/hb/10.exe
url12=http://down.cvz2.cn/hb/11.exe
url13=http://down.cvz2.cn/hb/12.exe
url14=http://down.cvz2.cn/hb/13.exe
url15=http://down.cvz2.cn/hb/14.exe
url16=http://down.cvz2.cn/hb/15.exe
url17=http://down.cvz2.cn/hb/16.exe
url18=http://down.cvz2.cn/hb/17.exe
url19=http://down.cvz2.cn/hb/18.exe
url20=http://down.cvz2.cn/hb/19.exe
url21=http://down.cvz2.cn/hb/20.exe
url22=http://down.cvz2.cn/hb/21.exe
url23=http://down.cvz2.cn/hb/22.exe
url24=http://down.cvz2.cn/hb/23.exe
url25=http://down.cvz2.cn/hb/24.exe
url26=http://down.cvz2.cn/hb/25.exe
url27=http://down.cvz2.cn/hb/27.exe
url28=http://down.cvz2.cn/hb/28.exe
url29=http://down.cvz2.cn/hb/29.exe
url30=http://down.cvz2.cn/hb/30.exe
url31=http://down.cvz2.cn/hb/31.exe
url32=http://down.cvz2.cn/hb/32.exe
url33=http://down.cvz2.cn/hb/33.exe
url34=http://down.cvz2.cn/hb/26.exe
url35=http://down.cvz2.cn/hb/34.exe
count=35

结果出来，操作就没什么可建议的了，删除即可

至于如何删除，百度即可

svchost.exe>  [(Infected)

svchost.exe这个系统文件被感染了。建议用金山急救箱解决吧。

还真是的，筛选的时候忘记了这个了