本帖最后由 小飞侠.net 于 2018-1-5 23:20 编辑
X-Sec Antivirus ---(Windows 10 Creators Update(Redstone 2)....):
Start Time: Fri Jan 5 23:16:15 2018
Scan Type: Custom Scan
Scan Target: C:\Users\Admin\Desktop\AVtest100\309cccde01042018
Heuristic Engine: Enabled
Cloud Engine: Enabled
Resolve Threats: Scan only
Database Version: 2018.01.04.01
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-11.Miner.Luoxkexp.exe.infected -> Trojan.Win32.CoinMiner.Aa
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-13.VBA.Downloader.docx.infected -> Cloud:Macro.MSWord.Downloader
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-15.Cheat.Aimjunkies.exe.infected -> Cloud:Trojan.Win32.Generic
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-2.PUP.Cr173.exe.infected -> PUA.Win32.Downloader!BS
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-3.PUP.MailRU.exe.infected -> PUA.Win32.MailRu!BS
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-4.Miner.Pronetads.exe.infected -> Cloud:Trojan.Win32.CoinMiner
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-6.Miner.Reconyc.exe.infected -> Cloud:Trojan.Win32.Generic
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-7.Exploit.CVE-2017-11882.doc.infected -> Cloud:Exploit.MSOffice.CVE-2017-11882
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-8.Miner.Crypto-pool.exe.infected -> Cloud:Trojan.Win32.CoinMiner
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-9.Backdoor.Poison.exe.infected -> Cloud:Backdoor.Win32.Generic
Elapsed Time: 00:01:39
Total File: 15
Skipped File: 1
Infected File: 10
瑞星---(Windows 10 Creators Update(Redstone 2)....):云引擎(开)RDM+引擎(开)
瑞星反恶软引擎命令行扫描器(社区交流版)
编译于:Sep 22 2017 15:07:50
提示:
- 本工具供社区交流使用,请勿用于其他用途
- 本工具没有恶意软件删除、清除、隔离功能
- 本工具包含开发中的新特性,结果仅供参考
* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180105230644.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\309cccde01042018
* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 3473
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Fri Jan 05 23:07:02 2018
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-10.Backdoor.Thom3k.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTphOz00ds/3+bfuTgVCNJaa5ZapVQ","threat":"Malware.Undefined!8.C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-2.PUP.Cr173.exe.infected","infect":{"engine":"rdmk","signature":"cmRtazoyBxK6NNzCw75l4QylmLrH","threat":"Malware.Undefined!8.C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-13.VBA.Downloader.docx.infected","infect":{"engine":"topis","signature":"4ZRqiDnp7DN","threat":"Malware.Undefined!8.C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-11.Miner.Luoxkexp.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTqAkGJRhSQ9fcfo2nSs7xVgmy+2eg","threat":"Trojan.Win32/64.XMR-Miner!1.ADCC"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-6.Miner.Reconyc.exe.infected","infect":{"engine":"sha1","signature":"c2hhMToYFF/dlwiTzQfgK4fUVtWYZG9pQg","threat":"Trojan.CoinMiner!8.30A"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-4.Miner.Pronetads.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTodYQLJ/oDgX6WTlM/WYSBRpqCbfQ","threat":"Malware.Obscure/Heur!1.A89F"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-5(Linux).Miner.Supportxmr.sh.infected","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-12.Phish.htm.infected","infect":{"engine":"sha1","signature":"c2hhMTpFgL6zDrnysciJF096iCy/E1CMBg","threat":"Malware.PWS!8.144"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-15.Cheat.Aimjunkies.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTq8VUiP2aFWmsR67V/gso1fBXWa1A","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-14(Android).PUP.Z28j.apk.infected","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-7.Exploit.CVE-2017-11882.doc.infected","infect":{"engine":"classic","threat":"Exploit.CVE-2017-11882!1.AECE"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-9.Backdoor.Poison.exe.infected","infect":{"engine":"rdmk","signature":"cmRtazrPEsCBRXA+u69O2vTBscqZ","threat":"Malware.Heuristic!ET#98%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-8.Miner.Crypto-pool.exe.infected","infect":{"engine":"sha1","signature":"c2hhMToYP/TpAy/sHC7Xz4tnNDM3+xW1sQ","threat":"Downloader.Script.XMRMiner!1.AEB6"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-3.PUP.MailRU.exe.infected","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\309cccde01042018\\18.1.4\\180104-1.PUP.Avast.exe.infected","infect":{"engine":"sha1","signature":"c2hhMToH9KR+XFGipfT43zojU4spim4A0w","threat":"Malware.Undefined!8.C"},"type":"scan"}
扫描结束: Fri Jan 05 23:07:13 2018
总扫描耗时: 0:10:522(m:s:ms)
总扫描对象: 53
总扫描文件: 15
总恶意文件: 12
有效检出率: 80.00%
Emsisoft Emergency Kit - 版本 2017.12
上次更新: 2018/1/4 22:21:45
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10x64
扫描设置:
扫描方式: 自定义扫描
对象: Rootkits, 内存, C:\Users\Admin\Desktop\AVtest100\309cccde01042018\
检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: On
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off
扫描开始于: 2018/1/5 22:59:18
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-8.Miner.Crypto-pool.exe.infected -> (RAR Sfx o) -> Silence.exe 发现风险: Generic.Application.CoinMiner.1.C1108216 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-8.Miner.Crypto-pool.exe.infected -> (RAR Sfx o) -> run.bat 发现风险: Application.BitCoinMiner.RD (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-1.PUP.Avast.exe.infected 发现风险: Application.InstallDrive (A) [285098]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-13.VBA.Downloader.docx.infected 发现风险: VB:Trojan.Valyria.1157 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-11.Miner.Luoxkexp.exe.infected 发现风险: Generic.Application.CoinMiner.1.73F17FC1 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-3.PUP.MailRU.exe.infected 发现风险: Application.InstallAd (A) [284796]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-4.Miner.Pronetads.exe.infected 发现风险: Trojan.Agent (A) [292280]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-10.Backdoor.Thom3k.exe.infected 发现风险: Gen:Trojan.Heur.RP.dmKfa8NmO8mi (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-9.Backdoor.Poison.exe.infected 发现风险: Trojan.Agent (A) [292282]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-2.PUP.Cr173.exe.infected 发现风险: Gen:Variant.Adware.Symmi.60792 (B) [krnl.xmd]
已扫描 1819
发现 10
扫描完成后: 2018/1/5 22:59:51
扫描时间: 0:00:33
ESET Smart Security Premium 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 2)....):Found nothing
日志
正在扫描日志
检测引擎的版本: 16687 (20180105)
日期: 2018/1/5 时间: 22:32:16
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\309cccde01042018
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-10.Backdoor.Thom3k.exe.infected - Win32/Spy.Agent.PEX 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-13.VBA.Downloader.docx.infected - Generik.BVVDPAT 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-15.Cheat.Aimjunkies.exe.infected - Win32/Injector.DJLU 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-4.Miner.Pronetads.exe.infected - Generik.KUAPYQW 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-6.Miner.Reconyc.exe.infected > UPX > BAT2EXE > 1.bat - BAT/CoinMiner.YL 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-6.Miner.Reconyc.exe.infected > BAT2EXE - 正常
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-7.Exploit.CVE-2017-11882.doc.infected - Win32/Exploit.CVE-2017-11882.V 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-8.Miner.Crypto-pool.exe.infected - BAT/CoinMiner.YN 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\309cccde01042018\18.1.4\180104-9.Backdoor.Poison.exe.infected - Win32/Kryptik.GBFF 特洛伊木马 的变种 - 通过删除清除 [1]
已扫描的对象数: 12586
发现的威胁数: 8
已清除对象数: 9
完成时间: 22:32:34 总扫描时间: 18 秒 (00:00:18)
备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。
火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):部分未知文件已发送到seclab@huorong.cn,等处理中。。。
病毒库:2018/01/05 15:45
开始时间:2018/01/05 22:18
总计用时:00:00:39
扫描对象:3729个
扫描文件:15个
发现风险:12个
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个
病毒详情
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-13.VBA.Downloader.docx.infected, 病毒名:Trojan/Generic!60810A6133CA47A0, 病毒ID:[60810a6133ca47a0], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-10.Backdoor.Thom3k.exe.infected, 病毒名:HVM:Trojan/MalBehav.gen!A, 病毒ID:[3153c1dd735de9e6], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-12.Phish.htm.infected, 病毒名:Trojan/Generic!E662576460AB5533, 病毒ID:[e662576460ab5533], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-11.Miner.Luoxkexp.exe.infected, 病毒名:HackTool/CoinMiner.a, 病毒ID:[94b329a11759cb2], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-15.Cheat.Aimjunkies.exe.infected, 病毒名:Trojan/Generic!DCFC9D66E6157AF6, 病毒ID:[dcfc9d66e6157af6], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-4.Miner.Pronetads.exe.infected, 病毒名:Trojan/Generic!4B1A5B91A3C18976, 病毒ID:[4b1a5b91a3c18976], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-5(Linux).Miner.Supportxmr.sh.infected, 病毒名:Trojan/Generic!E6B77914E3C5398D, 病毒ID:[e6b77914e3c5398d], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-6.Miner.Reconyc.exe.infected, 病毒名:Trojan/Generic!98B38DF75772476A, 病毒ID:[98b38df75772476a], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-7.Exploit.CVE-2017-11882.doc.infected, 病毒名:Trojan/Generic!2D5AE4E5E7EF1C61, 病毒ID:[2d5ae4e5e7ef1c61], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-3.PUP.MailRU.exe.infected, 病毒名:Adware/Mailru.c, 病毒ID:[2187e7c95c5707e7], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-9.Backdoor.Poison.exe.infected, 病毒名:Trojan/Generic!F15E001E7455772A, 病毒ID:[f15e001e7455772a], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4\180104-8.Miner.Crypto-pool.exe.infected >> Silence.exe, 病毒名:HackTool/CoinMiner.a, 病毒ID:[94b329a11759cb2], 处理结果:已忽略
文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\18.1.4.zip
文件大小: 19.8 MB (20,862,973 字节)
修改时间: 2018年01月05日,22:15:06
MD5: de6cf0ae30bafeb0c5ee7124623fa436
SHA1: 0b7fe7855c5928eb31770d7ebf4868f265acb4e4
SHA256: fbcabceb504903365207ad78f2adf075c8ff798d4b2e55dcb4827409de3fe46b
SHA512: a327b5cb1b6771a60164e2a54efd56a4d758b7e62677d08b03397753fd6d3aa4d22304823969f4619c6939c9008b40292e38722ad46b3b2c4b64050301036d63
CRC32: 309cccde
计算时间: 0.92s
|