来一包

东方妖妖梦

http://pan.baidu.com/s/1c0D7CVu

欧阳宣

诺顿检测3个，有一个重复了
[mw_shl_code=css,true]Resolved Threats:
W32.Ramnit.B!inf
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
Categories: Virus
Status: Fully Resolved
-----------
27 Registry Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->UpdatesDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->UpdatesDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->DoNotAllowExceptions:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->DoNotAllowExceptions:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->DisableNotifications:0 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->DisableNotifications:0 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->EnableFirewall:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->EnableFirewall:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv->Start:2 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv->Start:2 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\->Start:3 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\->Start:3 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system->EnableLUA:1 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system->EnableLUA:1 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center->AntiVirusOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center->AntiVirusOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center->FirewallOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center->FirewallOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center->UacDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center->UacDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\->Start:2 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\->Start:2 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\->Userinit:C:\WINDOWS\system32\userinit.exe, - Repaired
1 File
e:\virus\huge\malware\malware\f12366b5b78e62b5ae2f487d21109da125e0dd29500e5a314813d7dc7040c248.bin - Deleted
1 Browser Cache



Trojan.Gen.SMH
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
Categories: Virus
Status: Fully Resolved
-----------
1 File
e:\virus\huge\malware\malware\1a38e7347f94959e278ae551bcc8495db18b56c8892c895c8a3c883864855888.bin - Deleted
1 Browser Cache



Backdoor.Graybird
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
Categories: Virus
Status: Restart Required
-----------
14 Registry Entries
HKEY_USERS\S-1-5-21-199303550-3880348569-3445812084-1001\Software\Microsoft\Internet Explorer\New Windows\->PopupMgr:yes - Repaired
HKEY_USERS\S-1-5-21-199303550-3880348569-3445812084-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System->DisableRegistryTools:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->UpdatesDisableNotify:0 - Repaired
HKEY_USERS\S-1-5-21-199303550-3880348569-3445812084-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System\->DisableTaskMgr:0 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\->Start:2 - Repaired
HKEY_USERS\S-1-5-21-199303550-3880348569-3445812084-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\->NofolderOptions:0 - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Repaired
HKEY_USERS\S-1-5-21-199303550-3880348569-3445812084-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Repaired
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\New Windows\->PopupMgr:yes - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\New Windows\->PopupMgr:yes - Repaired
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows\->PopupMgr:yes - Repaired
5 Files
C:\Users\winter0614\AppData\Local\virtualstore\windows\syswow64\installed.dat - Restart Required
C:\WINDOWS\SysWOW64\Installed.dat - Restart Required
C:\Users\winter0614\AppData\Local\virtualstore\windows\syswow64\installed.dat - Restart Required
C:\WINDOWS\SysWOW64\Installed.dat - Restart Required
e:\virus\huge\malware\malware\d95e105f66f4ea6d95577e54d212ccd950368918cd51e5a3aff17d01c54e5e66.bin - Deleted
1 Browser Cache

1 System Action[/mw_shl_code]

驭龙

MA杀两个，其中一个样本报两个名字，修复一次后再杀，实际上还是杀两个

开开心心卖手机

蛋挞杀四个

东方妖妖梦

欧阳宣 发表于 2015-4-6 10:19
诺顿检测3个，有一个重复了
[mw_shl_code=css,true]Resolved Threats:
W32.Ramnit.B!inf

我的失误没注意，看到重复的自己排除一下吧

xcvbaby

金山毒霸 and百度卫士都是4个

学雷锋做人

360安全卫士(关伞)：9个，看来还是360云强大啊

FD，MS+VT+LFQ：7个

skyboybone

金山云5伞2

驭龙

东方妖妖梦 发表于 2015-4-6 10:21
我的失误没注意，看到重复的自己排除一下吧

十四个文件，我没发现相同大小的文件，应该没有重复

cxy密斯

kes占个检测7个，剩余7个