病毒36otray.exe(中间是字母o,不是360安全卫士的数字0)和ntldr.exe

ntldr.exe附加autorun.inf,每个磁盘根目录下都有,这种方式大家熟悉吧,36otray.exe(中间是字母o,不是数字0的360tray.exe) 是映像劫持类的,该木马病毒群感染很多exe文件,包括windows捆绑的Media Player和 Netmeeting,够狠。

年关也是病毒高发期啊,谁不想高高兴兴过个节,包括病毒。

建议使用杀毒软件(推荐Avast,免费)执行一次开机扫描杀毒。


HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
+ TBMonEx c:/windows/system/36otray.exe

HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options
+ 360rpt.exe c:/windows/system/36otray.exe
+ 360Safe.exe c:/windows/system/36otray.exe
+ 360tray.exe c:/windows/system/36otray.exe
+ _AVP32.EXE c:/windows/system/36otray.exe
+ _AVPCC.EXE c:/windows/system/36otray.exe
+ _AVPM.EXE c:/windows/system/36otray.exe
+ ACKWIN32.EXE c:/windows/system/36otray.exe
+ ANTI-TROJAN.EXE c:/windows/system/36otray.exe
+ APVXDWIN.EXE c:/windows/system/36otray.exe
+ AUTODOWN.EXE c:/windows/system/36otray.exe
+ AVCONSOL.EXE c:/windows/system/36otray.exe
+ AVE32.EXE c:/windows/system/36otray.exe
+ AVGCTRL.EXE c:/windows/system/36otray.exe
+ AVKSERV.EXE c:/windows/system/36otray.exe
+ AVNT.EXE c:/windows/system/36otray.exe
+ AVP.EXE c:/windows/system/36otray.exe
+ AVP32.EXE c:/windows/system/36otray.exe
+ AVPCC.EXE c:/windows/system/36otray.exe
+ AVPDOS32.EXE c:/windows/system/36otray.exe
+ AVPM.EXE c:/windows/system/36otray.exe
+ AVPTC32.EXE c:/windows/system/36otray.exe
+ AVPUPD.EXE c:/windows/system/36otray.exe
+ AVSCHED32.EXE c:/windows/system/36otray.exe
+ AVWIN95.EXE c:/windows/system/36otray.exe
+ AVWUPD32.EXE c:/windows/system/36otray.exe
+ BLACKD.EXE c:/windows/system/36otray.exe
+ BLACKICE.EXE c:/windows/system/36otray.exe
+ CFIADMIN.EXE c:/windows/system/36otray.exe
+ CFIAUDIT.EXE c:/windows/system/36otray.exe
+ CFINET.EXE c:/windows/system/36otray.exe
+ CFINET32.EXE c:/windows/system/36otray.exe
+ CLAW95.EXE c:/windows/system/36otray.exe
+ CLAW95CF.EXE c:/windows/system/36otray.exe
+ CLEANER.EXE c:/windows/system/36otray.exe
+ CLEANER3.EXE c:/windows/system/36otray.exe
+ DVP95.EXE c:/windows/system/36otray.exe
+ DVP95_0.EXE c:/windows/system/36otray.exe
+ ECENGINE.EXE c:/windows/system/36otray.exe
+ EGHOST.EXE c:/windows/system/36otray.exe
+ ESAFE.EXE c:/windows/system/36otray.exe
+ EXPWATCH.EXE c:/windows/system/36otray.exe
+ F-AGNT95.EXE c:/windows/system/36otray.exe
+ F-PROT.EXE c:/windows/system/36otray.exe
+ F-PROT95.EXE c:/windows/system/36otray.exe
+ F-STOPW.EXE c:/windows/system/36otray.exe
+ FESCUE.EXE c:/windows/system/36otray.exe
+ FINDVIRU.EXE c:/windows/system/36otray.exe
+ FP-WIN.EXE c:/windows/system/36otray.exe
+ FPROT.EXE c:/windows/system/36otray.exe
+ FRW.EXE c:/windows/system/36otray.exe
+ IAMAPP.EXE c:/windows/system/36otray.exe
+ IAMSERV.EXE c:/windows/system/36otray.exe
+ IBMASN.EXE c:/windows/system/36otray.exe
+ IBMAVSP.EXE c:/windows/system/36otray.exe
+ ICLOAD95.EXE c:/windows/system/36otray.exe
+ ICLOADNT.EXE c:/windows/system/36otray.exe
+ ICMON.EXE c:/windows/system/36otray.exe
+ ICSUPP95.EXE c:/windows/system/36otray.exe
+ ICSUPPNT.EXE c:/windows/system/36otray.exe
+ IFACE.EXE c:/windows/system/36otray.exe
+ IOMON98.EXE c:/windows/system/36otray.exe
+ Iparmor.exe c:/windows/system/36otray.exe
+ JEDI.EXE c:/windows/system/36otray.exe
+ KAV32.exe c:/windows/system/36otray.exe
+ KAVPFW.EXE c:/windows/system/36otray.exe
+ KAVsvc.exe c:/windows/system/36otray.exe
+ KAVSvcUI.exe c:/windows/system/36otray.exe
+ KVFW.EXE c:/windows/system/36otray.exe
+ KVMonXP.exe c:/windows/system/36otray.exe
+ KVMonXP.kxp c:/windows/system/36otray.exe
+ KVSrvXP.exe c:/windows/system/36otray.exe
+ KVwsc.exe c:/windows/system/36otray.exe
+ KvXP.kxp c:/windows/system/36otray.exe
+ KWatchUI.EXE c:/windows/system/36otray.exe
+ LOCKDOWN2000.EXE c:/windows/system/36otray.exe
+ Logo1_.exe c:/windows/system/36otray.exe
+ Logo_1.exe c:/windows/system/36otray.exe
+ LOOKOUT.EXE c:/windows/system/36otray.exe
+ LUALL.EXE c:/windows/system/36otray.exe
+ MAILMON.EXE c:/windows/system/36otray.exe
+ MOOLIVE.EXE c:/windows/system/36otray.exe
+ MPFTRAY.EXE c:/windows/system/36otray.exe
+ N32SCANW.EXE c:/windows/system/36otray.exe
+ Navapsvc.exe c:/windows/system/36otray.exe
+ Navapw32.exe c:/windows/system/36otray.exe
+ NAVLU32.EXE c:/windows/system/36otray.exe
+ NAVNT.EXE c:/windows/system/36otray.exe
+ navw32.EXE c:/windows/system/36otray.exe
+ NAVWNT.EXE c:/windows/system/36otray.exe
+ NISUM.EXE c:/windows/system/36otray.exe
+ NMain.exe c:/windows/system/36otray.exe
+ NORMIST.EXE c:/windows/system/36otray.exe
+ NUPGRADE.EXE c:/windows/system/36otray.exe
+ NVC95.EXE c:/windows/system/36otray.exe
+ PAVCL.EXE c:/windows/system/36otray.exe
+ PAVSCHED.EXE c:/windows/system/36otray.exe
+ PAVW.EXE c:/windows/system/36otray.exe
+ PCCWIN98.EXE c:/windows/system/36otray.exe
+ PCFWALLICON.EXE c:/windows/system/36otray.exe
+ PERSFW.EXE c:/windows/system/36otray.exe
+ PFW.EXE c:/windows/system/36otray.exe
+ Rav.exe c:/windows/system/36otray.exe
+ RAV7.EXE c:/windows/system/36otray.exe
+ RAV7WIN.EXE c:/windows/system/36otray.exe
+ RAVmon.exe c:/windows/system/36otray.exe
+ RAVmonD.exe c:/windows/system/36otray.exe
+ RAVtimer.exe c:/windows/system/36otray.exe
+ Rising.exe c:/windows/system/36otray.exe
+ SAFEWEB.EXE c:/windows/system/36otray.exe
+ SCAN32.EXE c:/windows/system/36otray.exe
+ SCAN95.EXE c:/windows/system/36otray.exe
+ SCANPM.EXE c:/windows/system/36otray.exe
+ SCRSCAN.EXE c:/windows/system/36otray.exe
+ SERV95.EXE c:/windows/system/36otray.exe
+ SMC.EXE c:/windows/system/36otray.exe
+ SPHINX.EXE c:/windows/system/36otray.exe
+ SWEEP95.EXE c:/windows/system/36otray.exe
+ TBSCAN.EXE c:/windows/system/36otray.exe
+ TCA.EXE c:/windows/system/36otray.exe
+ TDS2-98.EXE c:/windows/system/36otray.exe
+ TDS2-NT.EXE c:/windows/system/36otray.exe
+ THGUARD.EXE c:/windows/system/36otray.exe
+ TrojanHunter.exe c:/windows/system/36otray.exe
+ VET95.EXE c:/windows/system/36otray.exe
+ VETTRAY.EXE c:/windows/system/36otray.exe
+ VSCAN40.EXE c:/windows/system/36otray.exe
+ VSECOMR.EXE c:/windows/system/36otray.exe
+ VSHWIN32.EXE c:/windows/system/36otray.exe
+ VSSTAT.EXE c:/windows/system/36otray.exe
+ WEBSCANX.EXE c:/windows/system/36otray.exe
+ WFINDV32.EXE c:/windows/system/36otray.exe
+ ZONEALARM.EXE c:/windows/system/36otray.exe
+ 修复工具.exe c:/windows/system/36otray.exe


建议使用Avast执行一次 开机扫描杀毒
Avast的一份日志:
2007-12-17 20:12:08 hp 1428 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
2007-12-17 21:19:02 SYSTEM 1752 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
2007-12-17 21:19:02 SYSTEM 1752 An error has occured while attempting to update. Please check the logs.
2007-12-17 21:22:07 hp 3428 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
2007-12-17 21:45:29 hp 3428 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
2007-12-17 21:52:39 SYSTEM 1752 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:/Program Files/DAEMON Tools SearchBar/SET4F.tmp" file.
2007-12-17 21:57:18 SYSTEM 1752 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:/趋势学习/xd070205.exe" file.
2007-12-17 21:57:55 SYSTEM 1752 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:/趋势学习/hhzq070205.exe" file.
2007-12-17 21:59:29 hp 3968 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
2007-12-18 1:25:48 SYSTEM 1752 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
2007-12-18 1:25:49 SYSTEM 1752 An error has occured while attempting to update. Please check the logs.
2007-12-18 8:59:13 SYSTEM 1764 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
2007-12-18 8:59:14 SYSTEM 1764 An error has occured while attempting to update. Please check the logs.
2007-12-18 9:06:38 SYSTEM 1764 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "C:/WINDOWS/SYSTEM32/SIDJHZY.DLL" file.
2007-12-18 9:07:03 SYSTEM 1764 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/matlab.exe" file.
2007-12-18 9:11:02 SYSTEM 1764 Sign of "Win32:OnLineGames-BBH [Trj]" has been found in "C:/WINDOWS/SYSTEM32/GDWMI32.DLL/[Upack]" file.
2007-12-18 9:11:21 SYSTEM 1764 Sign of "Win32:OnLineGames-BKU [Trj]" has been found in "C:/WINDOWS/SYSTEM32/ADDRMSHELP.DLL/[Upack]" file.
2007-12-18 9:11:28 SYSTEM 1764 Sign of "Win32:OnLineGames-BBH [Trj]" has been found in "C:/WINDOWS/SYSTEM32/GDDJI32.DLL/[Upack]" file.
2007-12-18 9:11:29 SYSTEM 1764 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "C:/WINDOWS/SYSTEM32/KVDXSKMA.DLL" file.
2007-12-18 9:11:30 SYSTEM 1764 Sign of "Win32:OnLineGames-BKU [Trj]" has been found in "C:/WINDOWS/SYSTEM32/GDQQHXI32.DLL/[Upack]" file.
2007-12-18 9:11:31 SYSTEM 1764 Sign of "Win32:OnLineGames-BOA [Trj]" has been found in "C:/WINDOWS/system32/rsztmpm.dll" file.
2007-12-18 9:11:36 SYSTEM 1764 Sign of "Win32:OnLineGames-AUQ [Trj]" has been found in "C:/WINDOWS/SYSTEM32/KAWDCAZ.DAT/[Upack]" file.
2007-12-18 9:11:50 SYSTEM 1764 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "C:/WINDOWS/system32/rsmyipm.dll" file.
2007-12-18 9:12:25 SYSTEM 1764 Sign of "Win32:OnLineGames-BKU [Trj]" has been found in "C:/WINDOWS/SYSTEM32/TLATL.DLL/[Upack]" file.
2007-12-18 9:12:48 SYSTEM 1764 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "C:/WINDOWS/system32/kvdxjma.dll" file.
2007-12-18 9:13:22 SYSTEM 1764 Sign of "Win32:Delf-FZG [Trj]" has been found in "C:/PROGRAM FILES/INTERNET EXPLORER/PLUGINS/WN_SYS8X.SYS" file.
2007-12-18 9:14:04 SYSTEM 1764 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "C:/WINDOWS/system32/kvdxjma.dll" file.
2007-12-18 9:15:25 SYSTEM 1764 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "C:/WINDOWS/SYSTEM32/KAPJEZY.DLL" file.
2007-12-21 9:19:04 SYSTEM 988 Function setifaceUpdateFiles() has failed. Return code is 0xC0000142, dwRes is C0000142.
2007-12-21 9:19:04 SYSTEM 988 An error has occured while attempting to update. Please check the logs.
2007-12-21 14:04:39 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "D:/bhzq_tdx/WinWT.exe" file.
2007-12-21 14:04:53 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "D:/bhzq_tdx/AutoupEx.exe" file.
2007-12-21 14:05:01 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "D:/bhzq_tdx/TMessenger.exe" file.
2007-12-21 14:05:07 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "D:/bhzq_tdx/TdxW.exe" file.
2007-12-21 14:05:09 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "D:/bhzq_tdx/NodeTool.exe" file.
2007-12-21 14:05:59 Administrator 680 Sign of "Win32:Delf-GAM" has been found in "D:/jcb_gfzq/Autoupex.exe/[Embedded#320f1]/[Upack]" file.
2007-12-21 14:06:06 Administrator 680 Sign of "Win32:Delf-GAM" has been found in "D:/jcb_gfzq/NODETOOL.EXE/[Embedded#170f1]/[Upack]" file.
2007-12-21 14:06:08 Administrator 680 Sign of "Win32:Delf-GAM" has been found in "D:/jcb_gfzq/TdxW.exe/[Embedded#2e00f1]/[Upack]" file.
2007-12-21 14:06:10 Administrator 680 Sign of "Win32:Delf-GAM" has been found in "D:/jcb_gfzq/winwt.exe/[Embedded#1ac0f1]/[Upack]" file.
2007-12-21 14:06:12 Administrator 680 Sign of "Win32:Delf-GAM" has been found in "D:/jcb_gfzq/xiadan.exe/[Embedded#dd0f1]/[Upack]" file.
2007-12-21 14:06:45 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/7-ZipPortable/App/7-Zip/7z.exe/[Embedded#0ccf1]/[Upack]" file.
2007-12-21 14:06:52 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/7-ZipPortable/App/7-Zip/7zFM.exe/[Embedded#1f8f1]/[Upack]" file.
2007-12-21 14:06:55 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/7-ZipPortable/App/7-Zip/7zG.exe/[Embedded#12cf1]/[Upack]" file.
2007-12-21 14:08:05 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Adobe/Acrobat 8.0/PDFMaker/AutoCAD/PDFMAec.exe/[Embedded#170f1]/[Upack]" file.
2007-12-21 14:09:05 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Windows Media Player/wmplayer.exe" file.
2007-12-21 14:09:10 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Windows Media Player/setup_wm.exe" file.
2007-12-21 14:09:14 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Windows Media Player/migrate.exe" file.
2007-12-21 14:09:39 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Adobe/Acrobat 8.0/Setup Files/{AC76BA86-2052-0000-7760-000000000003}/Keygen.exe/[Embedded#0d2f1]/[Upack]" file.
2007-12-21 14:09:52 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/DAEMON Tools/chkupd.exe/[Embedded#192f1]/[Upack]" file.
2007-12-21 14:09:57 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/eREAD6.0/eREAD6.0/eREAD.exe/[Embedded#cc0f1]/[Upack]" file.
2007-12-21 14:10:00 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/eREAD6.0/eREAD6.0/eREAD_Cookcase.exe/[Embedded#12a0f1]/[Upack]" file.
2007-12-21 14:10:05 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/eREAD6.0/eREAD6.0/PluginSetup.exe/[Embedded#1b0f1]/[Upack]" file.
2007-12-21 14:10:08 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/eREAD6.0/eREAD6.0/Uninstall.exe/[Embedded#210f1]/[Upack]" file.
2007-12-21 14:10:28 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Kingsoft/Powerword 2007/KSSetting.exe/[Embedded#350f1]/[Upack]" file.
2007-12-21 14:10:29 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Kingsoft/Powerword 2007/NewWord.exe/[Embedded#b20f1]/[Upack]" file.
2007-12-21 14:10:30 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Kingsoft/Powerword 2007/ScrollWord.exe/[Embedded#880f1]/[Upack]" file.
2007-12-21 14:10:32 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Kingsoft/Powerword 2007/xdict.exe/[Embedded#9fef1]/[Upack]" file.
2007-12-21 14:10:33 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/matlab.exe/[Embedded#380f1]/[Upack]" file.
2007-12-21 14:10:36 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/gmake.exe/[Embedded#330f1]/[Upack]" file.
2007-12-21 14:10:42 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/lmutil.exe/[Embedded#1400f1]/[Upack]" file.
2007-12-21 14:10:42 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/MATLAB.exe/[Embedded#eb0f1]/[Upack]" file.
2007-12-21 14:10:42 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/mcc.exe/[Embedded#1480f1]/[Upack]" file.
2007-12-21 14:10:44 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/mpiexec.exe/[Embedded#1174f1]/[Upack]" file.
2007-12-21 14:10:44 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/mwdot.exe/[Embedded#400f1]/[Upack]" file.
2007-12-21 14:10:44 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/mwneato.exe/[Embedded#380f1]/[Upack]" file.
2007-12-21 14:10:44 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/mwregsvr.exe/[Embedded#0d0f1]/[Upack]" file.
2007-12-21 14:10:44 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/mwtwopi.exe/[Embedded#360f1]/[Upack]" file.
2007-12-21 14:10:47 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/PrintImage.exe/[Embedded#1a0f1]/[Upack]" file.
2007-12-21 14:10:48 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/smpd.exe/[Embedded#111ef1]/[Upack]" file.
2007-12-21 14:10:48 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/unzipsfx.exe/[Embedded#170f1]/[Upack]" file.
2007-12-21 14:10:48 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/vcredist_x86.exe/[Embedded#28f0f1]/[Upack]" file.
2007-12-21 14:10:50 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/bin/win32/zip.exe/[Embedded#1f0f1]/[Upack]" file.
2007-12-21 14:10:51 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/extern/lib/win32/mwunzipsfx.exe/[Embedded#206f1]/[Upack]" file.
2007-12-21 14:12:57 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/rtw/bin/win32/envcheck.exe/[Embedded#0e0f1]/[Upack]" file.
2007-12-21 14:13:55 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/toolbox/compiler/deploy/win32/MCRRegCOMComponent.exe/[Embedded#0f0f1]/[Upack]" file.
2007-12-21 14:13:55 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/toolbox/compiler/deploy/win32/unzip.exe/[Embedded#2caf1]/[Upack]" file.
2007-12-21 14:14:25 Administrator 696 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/MATLAB/R2007b/toolbox/distcomp/bin/win32/mdced.exe/[Embedded#140f1]/[Upack]" file.
2007-12-21 14:37:39 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/NetMeeting/conf.exe" file.
2007-12-21 14:38:05 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/CrGreenBrowser/Plugin/SnapShot/SnapShot.exe/[Embedded#0e0f1]/[Upack]" file.
2007-12-21 14:38:16 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Messenger/msmsgs.exe/[Embedded#19daf1]/[Upack]" file.
2007-12-21 14:38:18 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Movie Maker/moviemk.exe/[Embedded#3640f1]/[Upack]" file.
2007-12-21 14:38:22 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Outlook Express/msimn.exe/[Embedded#0e6f1]/[Upack]" file.
2007-12-21 14:38:25 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Outlook Express/oemig50.exe/[Embedded#0e6f1]/[Upack]" file.
2007-12-21 14:38:27 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Outlook Express/setup50.exe/[Embedded#118f1]/[Upack]" file.
2007-12-21 14:38:29 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Outlook Express/wab.exe/[Embedded#0b4f1]/[Upack]" file.
2007-12-21 14:38:30 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Realtek/InstallShield/ChCfg.exe/[Embedded#0c0f1]/[Upack]" file.
2007-12-21 14:38:34 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Realtek/InstallShield/RtlUpd.exe/[Embedded#1230f1]/[Upack]" file.
2007-12-21 14:39:08 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Wopti/WoptiEncrypt.exe/[Embedded#0ffef1]/[Upack]" file.
2007-12-21 14:39:09 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Wopti/WoptiMem.exe/[Embedded#9c2f1]/[Upack]" file.
2007-12-21 14:39:09 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Wopti/WoptiProcess.exe/[Embedded#12dcf1]/[Upack]" file.
2007-12-21 14:39:09 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Wopti/WoptiUpdate.exe/[Embedded#b60f1]/[Upack]" file.
2007-12-21 14:39:09 Administrator 996 Sign of "Win32:Delf-GAM" has been found in "C:/Program Files/Wopti/WoptiWipe.exe/[Embedded#8f8f1]/[Upack]" file.
2007-12-21 14:40:57 Administrator 2992 Sign of "Win32:Delf-GAM" has been found in "C:/Documents and Settings/Administrator/Local Settings/Temp/pft13.tmp/CPQSM.exe/[Embedded#170f1]/[Upack]" file.
2007-12-21 14:41:31 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "F:/RECYCLER/S-1-5-21-1292428093-1450960922-725345543-500/Df2.exe/[Upack]" file.
2007-12-21 14:41:41 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "E:/RECYCLER/S-1-5-21-1292428093-1450960922-725345543-500/De2.exe/[Upack]" file.
2007-12-21 14:41:43 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "D:/RECYCLER/S-1-5-21-1292428093-1450960922-725345543-500/Dd2.exe/[Upack]" file.
2007-12-21 14:41:46 Administrator 464 Sign of "Win32:Delf-GAM" has been found in "C:/RECYCLER/S-1-5-21-1292428093-1450960922-725345543-500/Dc2.exe/[Upack]" file.
2007-12-21 14:42:46 Administrator 3400 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Wopti/WomUpdate.exe/[Embedded#b56f1]/[Upack]" file.
2007-12-21 14:42:50 Administrator 3400 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Wopti/WoptiClean.exe/[Embedded#171cf1]/[Upack]" file.
2007-12-21 14:42:52 Administrator 3400 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Wopti/WoptiEncrypt.exe/[Embedded#0ff0f1]/[Upack]" file.
2007-12-21 14:42:54 Administrator 3400 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Wopti/WoptiMem.exe/[Embedded#9b0f1]/[Upack]" file.
2007-12-21 14:42:56 Administrator 3400 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Wopti/WoptiProcess.exe/[Embedded#129af1]/[Upack]" file.
2007-12-21 14:42:58 Administrator 3400 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Wopti/WoptiWipe.exe/[Embedded#8ecf1]/[Upack]" file.
2007-12-21 14:43:09 Administrator 3544 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/TTPlayer/TTPlayer.exe/[Embedded#dd2f1]/[Upack]" file.
2007-12-21 14:44:07 Administrator 3264 Sign of "Win32:Agent-MYN [Adw]" has been found in "C:/WINDOWS/system32/hotunist.exe/[NsPack]/[Embedded#08f464]/[NsPack]" file.
2007-12-21 14:44:50 Administrator 3712 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Thunder Network/Thunder/Components/VPShell/ThunderVP.exe/[Embedded#0d0f1]/[Upack]" file.
2007-12-21 14:44:53 Administrator 3712 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Thunder Network/Thunder/Plugins/BhoAdv/FLVPlayer.exe/[Embedded#470f1]/[Upack]" file.
2007-12-21 14:44:56 Administrator 3712 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Thunder Network/Thunder/Program/FtpExplorer.exe/[Embedded#360f1]/[Upack]" file.
2007-12-21 14:44:58 Administrator 3712 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Thunder Network/Thunder/Program/LanguageSetter.exe/[Embedded#150f1]/[Upack]" file.
2007-12-21 14:45:00 Administrator 3712 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Thunder Network/Thunder/Program/SetupHelper.exe/[Embedded#110f1]/[Upack]" file.
2007-12-21 14:45:02 Administrator 3712 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Thunder Network/Thunder/Program/Thunder5.exe/[Embedded#19c0f1]/[Upack]" file.
2007-12-21 14:45:05 Administrator 3712 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Thunder Network/Thunder/Thunder.exe/[Embedded#0a0f1]/[Upack]" file.
2007-12-21 14:45:21 Administrator 2564 Sign of "Win32:Delf-GAM" has been found in "D:/Program Files/Tencent/QQ/CQQCfg.exe/[Embedded#422f1]/[Upack]" file.
2007-12-21 14:53:12 Administrator 888 Sign of "Win32:Delf-GAM" has been found in "F:/dc 7408/vga/win2K_XP/nvudisp.exe" file.
2007-12-21 14:54:06 Administrator 888 Sign of "Win32:Delf-GAM" has been found in "F:/sun/游戏/仓鼠球/Hamsterball.exe" file.
2007-12-21 14:54:14 Administrator 888 Sign of "Win32:Delf-GAM" has been found in "F:/sun/游戏/吞食鱼/ffd.exe" file.
2007-12-21 14:55:43 Administrator 888 Sign of "Win32:Delf-GAM" has been found in "F:/System Volume Information/_restore{1900B940-712A-4590-A9B8-18830008DB63}/RP7/A0000971.exe/[Upack]" file.
2007-12-21 14:55:48 Administrator 888 Sign of "Win32:Delf-GAM" has been found in "F:/System Volume Information/_restore{1900B940-712A-4590-A9B8-18830008DB63}/RP7/A0001307.exe/[Upack]" file.
2007-12-21 15:06:26 Administrator 2712 Sign of "Win32:Adware-gen [Adw]" has been found in "F:/ed/IPQQ0750b.rar/IPQQ0750b.exe/$TEMP/Coral_Toolbar_Silent.exe/$INSTDIR/image/$R0" file.
2007-12-21 15:06:32 Administrator 2712 Sign of "Win32:Adware-gen [Adw]" has been found in "F:/ed/IPQQ0750b.rar/IPQQ0750b.exe/$TEMP/Coral_Toolbar_Silent.exe/$INSTDIR/image/$R0" file.
2007-12-21 15:06:33 Administrator 2712 Sign of "Win32:Adware-gen [Adw]" has been found in "F:/ed/IPQQ0750b.rar/IPQQ0750b.exe/$TEMP/Coral_Toolbar_Silent.exe/$INSTDIR/image/$R0" file.
2007-12-21 15:24:58 Administrator 3448 Sign of "Win32:Delf-GAM" has been found in "F:/dc 7408/vga/win2K_XP/nvudisp.exe/[Embedded#570f1]/[Upack]" file.

logogo感染文件手工修复方法
36Otray.exe、sysave.exe、LotusHlp.exe、338448M.exe、GDQQHXI32.dll变种病毒及IFEO映像挟持查杀方法

你可能感兴趣的:(360)