混杂样本第85次更新100306-72X （437楼）

Sherry.ai

最近处理的样本都比较多..每天都开帖比较麻烦，所以就开一个综合的帖~希望大家支持[:27:]
杀不出来的请上报 PS:因整理比较繁琐故可能有一些Clean样本位置：
090220-155X 1L
090220-89X   7L
090221-141X 13L
090221-122X 19L
090222-133X 24L
090222-119X 27L
090222-84X   40L
090223-155X 52L
090224-109X 56L
090225-118X 61L
090226-111X 66L
090227-123X 73L
090227-93X   84L
090228-106X 92L
090228-176X 101L
090301-89X   111L
090302-108X 119L
090304-107X 124L
090305-121X 133L
090306-83X   137L
090306-90X   139L
090307-123X 146L
090308-120X 154L
090309-132X 157L
090310-85X   163L
090311-77X   169L
090312-136X 172L
090313-76X   177L
090314-90X   184L
090316-107X 187L
090317-113X 193L
090319-55X   195L
090321-122X 202L
090323-71X   207L
090325-91X   211L
090325-91X   212L
090326-131X 215L
090326-95X 216L
090327-73X 217L
090329-109X 222L
090331-64X   226L
090331-75X   228L
090404-171X 234L
090407-123X 241L
090416-52X  255L
090418-46X  262L
090422-186X 264L
090428-196X 267L
090429-193X 274L
090501-71X   284L
090507-68X   287L
090512-65X   292L
090513-61X   294L
090514-105X 296L
090515-126X 298L
090516-106X 304L
090517-53X   310L
090518-334X 312L
090519-106X 317L
090524-63X   322L
090528-141X 330L
090608-105X 336L
090623-75X   347L
090712-80X   353L
090714-60X   364L
090715-43X   371L
090717-51X   378L
090724-47X   384L
090726-84X   393L
090822-100X 398L
090824-146X 399L
090825-146X 402L
090828-146X 404L
090831-146X 407L
090903-146X 408L
090908-146X 410L
090810-146X 412L
090914-146X 413L
090916-146X 416L
090921-154X 419L
090928-182X 420L
091005-147X 421L
091011-146X 424L
091015-123X 432L
091119-56X   435L
100306-72X   437L

[ 本帖最后由 Sherry.ai 于 2009-11-19 18:15 编辑 ]

Sherry.ai

To KL 26X

晚上再发一批

[ 本帖最后由 935623508 于 2009-2-20 18:32 编辑 ]

luxiao200888

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Owner\桌面\89X'
C:\Documents and Settings\Owner\桌面\89X\1782DqA0um.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE]      The file was moved to '49d6aed1.qua'!
C:\Documents and Settings\Owner\桌面\89X\198FF3D8.dll
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was moved to '49d6aed3.qua'!
C:\Documents and Settings\Owner\桌面\89X\2726458
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was moved to '49d0aed1.qua'!
C:\Documents and Settings\Owner\桌面\89X\498FF28D.EXE
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was moved to '49d6aed4.qua'!
C:\Documents and Settings\Owner\桌面\89X\4P7KKYMvJv.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE]      The file was moved to '49d5aeeb.qua'!
C:\Documents and Settings\Owner\桌面\89X\6FBC8584.DLL
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was moved to '49e0aee1.qua'!
C:\Documents and Settings\Owner\桌面\89X\8r4TV7LfSj.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE]      The file was moved to '49d2af0d.qua'!
C:\Documents and Settings\Owner\桌面\89X\9129837.exe
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE]      The file was moved to '49d0aecd.qua'!
C:\Documents and Settings\Owner\桌面\89X\alimoto32.dll
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was moved to '4a07af08.qua'!
C:\Documents and Settings\Owner\桌面\89X\alimoto32.exe
    [DETECTION] Is the TR/Systemhijack.2329 Trojan
    [NOTE]      The file was moved to '4a07af06.qua'!
C:\Documents and Settings\Owner\桌面\89X\api.exe
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      The file was moved to '4a07af0c.qua'!
C:\Documents and Settings\Owner\桌面\89X\awsed.com.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
    [NOTE]      The file was moved to '4a11af11.qua'!
C:\Documents and Settings\Owner\桌面\89X\beep.sys
    [DETECTION] Is the TR/Yangxiay.A!sys.1 Trojan
    [NOTE]      The file was moved to '4a03af01.qua'!
C:\Documents and Settings\Owner\桌面\89X\bitsprx.dll
    [DETECTION] Is the TR/BHO.Gen Trojan
    [NOTE]      The file was moved to '4a12af06.qua'!
C:\Documents and Settings\Owner\桌面\89X\cisvc.exe
  [0] Archive type: RSRC
    [NOTE]      The file was moved to '4a11af04.qua'!
    --> Object
      [1] Archive type: RSRC
      --> Object
        [DETECTION] Is the TR/Agent.66173 Trojan
C:\Documents and Settings\Owner\桌面\89X\cuu.exe
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      The file was moved to '4a13af10.qua'!
C:\Documents and Settings\Owner\桌面\89X\DA63E650.dll
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was moved to '49d4aede.qua'!
C:\Documents and Settings\Owner\桌面\89X\daemon.exe
    [DETECTION] Is the TR/Dldr.Agent.anvv Trojan
    [NOTE]      The file was moved to '4a03aefe.qua'!
C:\Documents and Settings\Owner\桌面\89X\Daswkc3.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
    [NOTE]      The file was moved to '4a11aefc.qua'!
C:\Documents and Settings\Owner\桌面\89X\dipynxx2.dll
    [DETECTION] Is the TR/BHO.Gen Trojan
    [NOTE]      The file was moved to '4a0eaf04.qua'!
C:\Documents and Settings\Owner\桌面\89X\ECgN7BbZkY.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE]      The file was moved to '4a05aee0.qua'!
C:\Documents and Settings\Owner\桌面\89X\explore.exe
    [NOTE]      The file was moved to '4a0eaf14.qua'!
    --> Object
      [DETECTION] Contains a recognition pattern of the (harmful) BDS/Delf.Hro.1 back-door program
C:\Documents and Settings\Owner\桌面\89X\F3C74E3FA248.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49e1aed1.qua'!
C:\Documents and Settings\Owner\桌面\89X\FADKIKXMZTHWLKY.DLL
    [DETECTION] Contains recognition pattern of the ADSPY/Admoke.bxy adware or spyware
    [NOTE]      The file was moved to '49e2aedd.qua'!
C:\Documents and Settings\Owner\桌面\89X\fontsys.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4a0caf0d.qua'!
C:\Documents and Settings\Owner\桌面\89X\fxstaller.exe
    [DETECTION] Contains recognition pattern of the WORM/IrcBot.48690 worm
    [NOTE]      The file was moved to '4a11af14.qua'!
C:\Documents and Settings\Owner\桌面\89X\F_Server.DLL
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
    [NOTE]      The file was moved to '49f1aefd.qua'!
C:\Documents and Settings\Owner\桌面\89X\F_Server.EXE
  [0] Archive type: RSRC
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
    [NOTE]      The file was moved to '49f1aefb.qua'!
C:\Documents and Settings\Owner\桌面\89X\hL2rQ3hLei.pif
    [DETECTION] Is the TR/Drop.Agent.xqa Trojan
    [NOTE]      The file was moved to '49d0aee9.qua'!
C:\Documents and Settings\Owner\桌面\89X\HMMAPIL.DLL
    [DETECTION] Is the TR/IEHook Trojan
    [NOTE]      The file was moved to '49ebaeeb.qua'!
C:\Documents and Settings\Owner\桌面\89X\ieexplorer32.exe
    [DETECTION] Is the TR/Agent.qob Trojan
    [NOTE]      The file was moved to '4a03af02.qua'!
C:\Documents and Settings\Owner\桌面\89X\iexplore.exe
    [DETECTION] Contains recognition pattern of the WORM/IrcBot.28672.19 worm
    [NOTE]      The file was moved to '4a16af02.qua'!
C:\Documents and Settings\Owner\桌面\89X\jah31993.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4a06af00.qua'!
C:\Documents and Settings\Owner\桌面\89X\Jiaodian.exe
    [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
    [NOTE]      The file was moved to '49ffaf08.qua'!
C:\Documents and Settings\Owner\桌面\89X\jiocs.dll
    [DETECTION] Is the TR/Inject.SJ.1 Trojan
    [NOTE]      The file was moved to '4a0daf06.qua'!
C:\Documents and Settings\Owner\桌面\89X\kernal.exe
  [0] Archive type: RSRC
    [NOTE]      The file was moved to '4a10af03.qua'!
    --> Object
      [DETECTION] Is the TR/Agent.66173 Trojan
C:\Documents and Settings\Owner\桌面\89X\KzaZZBUUyVkoQU.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
    [NOTE]      The file was moved to '49ffaf19.qua'!
C:\Documents and Settings\Owner\桌面\89X\lnzOlrzo7b.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE]      The file was moved to '4a18af0c.qua'!
C:\Documents and Settings\Owner\桌面\89X\mstsc.exe
    [DETECTION] Is the TR/Agent.77824 Trojan
    [NOTE]      The file was moved to '4a12af11.qua'!
C:\Documents and Settings\Owner\桌面\89X\msxml71.dll
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      The file was moved to '4a16af11.qua'!
C:\Documents and Settings\Owner\桌面\89X\new_drv.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE]      The file was moved to '4a15af05.qua'!
C:\Documents and Settings\Owner\桌面\89X\Oas53YdV32.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE]      The file was moved to '4a11af00.qua'!
C:\Documents and Settings\Owner\桌面\89X\office.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Rippy.1 back-door program
    [NOTE]      The file was moved to '4a04af05.qua'!
C:\Documents and Settings\Owner\桌面\89X\OjlfMC41xM.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE]      The file was moved to '4a0aaf0a.qua'!
C:\Documents and Settings\Owner\桌面\89X\qrqwerwqer.dll
    [DETECTION] Is the TR/PSW.OnlineGames.KBNQ Trojan
    [NOTE]      The file was moved to '4a0faf11.qua'!
C:\Documents and Settings\Owner\桌面\89X\rising.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '4a11af08.qua'!
C:\Documents and Settings\Owner\桌面\89X\ROWMPUICQAZZY.EXE
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      The file was moved to '49f5aeef.qua'!
C:\Documents and Settings\Owner\桌面\89X\sdphost.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '4188f545.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (10).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4a17af0b.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (11).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4cb3676c.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (12).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4a17af0c.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (13).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4cb3676d.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (14).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4199c6ed.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (15).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4a17af0e.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (2).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4a17af0d.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (3).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4cb3676e.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (4).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4199c6ee.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (5).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4a17af0f.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (6).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4199c6ef.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (7).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4cb3676f.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (8).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4a17af10.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype (9).exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4cb36771.qua'!
C:\Documents and Settings\Owner\桌面\89X\skype.exe
    [DETECTION] Is the TR/Dldr.Adload.aav Trojan
    [NOTE]      The file was moved to '4199c6f0.qua'!
C:\Documents and Settings\Owner\桌面\89X\SVCH0ST.exe
    [DETECTION] Is the TR/Agent.66173 Trojan
    [NOTE]      The file was moved to '49e1aefa.qua'!
C:\Documents and Settings\Owner\桌面\89X\Svchost.exe
    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
    [NOTE]      The file was moved to '4a01af1a.qua'!
C:\Documents and Settings\Owner\桌面\89X\TumvtwD.dll
    [DETECTION] Contains recognition pattern of the DDOS/Agent.DS distributed denial of service program
    [NOTE]      The file was moved to '4a0baf19.qua'!
C:\Documents and Settings\Owner\桌面\89X\twext.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '4a03af1b.qua'!
C:\Documents and Settings\Owner\桌面\89X\vubke17fhj4fj17.bak
  [0] Archive type: RSRC
    [NOTE]      The file was moved to '4a00af19.qua'!
    --> Object
      [DETECTION] Is the TR/Agent.66173 Trojan
C:\Documents and Settings\Owner\桌面\89X\winsawids.sys
    [DETECTION] Contains recognition pattern of the RKIT/Agent.AIWN root kit
    [NOTE]      The file was moved to '418af54e.qua'!
C:\Documents and Settings\Owner\桌面\89X\wndutl32.dll
    [DETECTION] Is the TR/Renos.13321 Trojan
    [NOTE]      The file was moved to '4a02af13.qua'!
C:\Documents and Settings\Owner\桌面\89X\wwqj.exe
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was moved to '4a0faf1c.qua'!
C:\Documents and Settings\Owner\桌面\89X\yi3JigRxl3.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE]      The file was moved to '49d1af0e.qua'!
C:\Documents and Settings\Owner\桌面\89X\YpSBZKfjaf.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE]      The file was moved to '49f1af15.qua'!
C:\Documents and Settings\Owner\桌面\89X\__default.pif
    [DETECTION] Is the TR/Drop.Agent.xqa Trojan
    [NOTE]      The file was moved to '4a02af05.qua'!
C:\Documents and Settings\Owner\桌面\89X\安装.bat
    [DETECTION] Is the TR/Agent.24659.1 Trojan
    [NOTE]      The file was moved to '49cd376b.qua'!


End of the scan: 2009年2月20日  21:22
Used time: 00:19 Minute(s)

The scan has been done completely.

      1 Scanning directories
     89 Files were scanned
     75 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
     75 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     14 Files not concerned
      0 Archives were scanned
      0 Warnings
     75 Notes

[ 本帖最后由 luxiao200888 于 2009-2-20 21:24 编辑 ]

fatezero

2KB/s

Sherry.ai

。。。没办法...今天周五

XMatence

网速慢。。

加密传到网盘上吧。。。。不要临时的。。

Sherry.ai

第2次  样本数量89
http://62.dc.ftn.qq.com/ftn_handler/d023665e10c27aa96501cde34e23bbdc665c5d1bda9beacd99984844f3ab2972c3ba4ac0010431e954f1da6cc25d2edf8011d82d39b28ca7535e68408a45f922/89X.rar?k=0937646193b5f69a664ca0564734504a510f0250540c56511f0e005756195607570149590755504807565759020103560a0501586133625d0b6f4a13004662
(提取码 27daa4be)

[ 本帖最后由 935623508 于 2009-2-20 21:18 编辑 ]

Sebastian

The scan has been done completely.

      1 Scanning directories
    170 Files were scanned
    153 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
    143 files were deleted
      0 files were repaired
    143 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     17 Files not concerned
      6 Archives were scanned
      7 Warnings
    143 Notes

axishero

AVG miss 13 ！！上报！！

"Scan ""Shell extension scan"" was finished."
"Infections";"73";"73";"0"
"Spyware";"2";"2";"0"
"Information";"1"
"Folders selected for scanning:";"C:\Users\Administrator\Desktop\test\89X\89X;"
"Scan started:";"2009年2月21日, 8:00:05"
"Scan finished:";"2009年2月21日, 8:00:12 (6 second(s))"
"Total object scanned:";"90"
"User who launched the scan:";"Administrator"

"Infections"
"File";"Infection";"Result"
"C:\Users\Administrator\Desktop\test\89X\89X\安装.bat";"Virus found Win32/PEMask";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\YpSBZKfjaf.pif";"Trojan horse PSW.OnlineGames.BPPQ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\yi3JigRxl3.pif";"Trojan horse PSW.OnlineGames.BPSW";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\wwqj.exe";"Trojan horse SpamBot.U";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\wndutl32.dll";"Trojan horse Downloader.Generic8.UJ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\winsawids.sys";"Trojan horse BackDoor.Generic10.UTR";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\vubke17fhj4fj17.bak";"Trojan horse Small.BDL";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\twext.exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\TumvtwD.dll";"Trojan horse BackDoor.Hupigon4.BFUT";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\Svchost.exe";"Trojan horse PSW.Agent.WLD";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\SVCH0ST.exe";"Trojan horse Generic12.BPLX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype.exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (9).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (8).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (7).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (6).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (5).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (4).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (3).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (2).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (15).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (14).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (13).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (12).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (11).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\skype (10).exe";"Trojan horse Downloader.Generic8.BGX";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\sdphost.exe";"Trojan horse BackDoor.RBot.AS";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\rising.exe";"Virus identified Packed.NakedPack";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\qrqwerwqer.dll";"Trojan horse PSW.Generic6.BDEO";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\OjlfMC41xM.pif";"Trojan horse PSW.Generic6.BDPW";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\office.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\Oas53YdV32.pif";"Trojan horse PSW.OnlineGames.BPPQ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\ntias.dll";"Trojan horse Agent.AZDE";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\new_drv.sys";"Trojan horse BackDoor.Generic6.EEU";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\msxml71.dll";"Trojan horse Downloader.Generic8.UHB";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\mstsc.exe";"Trojan horse BackDoor.Generic_r.EK";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\lnzOlrzo7b.pif";"Trojan horse PSW.OnlineGames.BPPQ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\KzaZZBUUyVkoQU.dll";"Virus identified Worm/Agent.N";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\kernal.exe";"Trojan horse Small.BDL";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\jkjj.exe";"Trojan horse Agent_r.BJ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\jiocs.dll";"Trojan horse Agent.AISG";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\Jiaodian.exe";"Trojan horse BackDoor.Hupigon4.AQPA";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\jah31993.exe";"Virus identified Worm/Generic.NPN";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\iexplore.exe";"Trojan horse BackDoor.Ircbot.GBC";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\ieexplorer32.exe";"Trojan horse Agent.AKUD";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\HMMAPIL.DLL";"Trojan horse Agent.ANPU";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\hL2rQ3hLei.pif";"Trojan horse Agent_r.HC";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\hkdukkpo1pk[1].exe";"Trojan horse Agent_r.BJ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\fxstaller.exe";"Trojan horse SHeur2.OE";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\F3C74E3FA248.dll";"Virus identified Win32/Patched.AI";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\F_Server.EXE";"Trojan horse BackDoor.Prosti.Y";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\F_Server.DLL";"Trojan horse BackDoor.Generic10.ABLU";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\explore.exe";"Trojan horse Generic12.GYU";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\dipynxx2.dll";"Trojan horse Generic12.JSR";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\Daswkc3.exe";"Trojan horse BackDoor.Hupigon4.ANWG";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\daemon.exe";"Trojan horse Agent.AJAR";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\DA63E650.dll";"Trojan horse Downloader.Generic_r.CI";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\cuu.exe";"Trojan horse BackDoor.Agent.RJT";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\cisvc.exe";"Trojan horse Generic12.BPLW";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\bitsprx.dll";"Trojan horse BHO.X";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\beep.sys";"Virus identified Worm/Agent.N";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\awsed.com.exe";"Trojan horse SHeur2.BZ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\alimoto32.exe";"Trojan horse PSW.Ldpinch.11.BQ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\alimoto32.dll";"Trojan horse PSW.Generic6.BDJN";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\9129837.exe";"Trojan horse SHeur.CRWZ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\8r4TV7LfSj.pif";"Trojan horse PSW.Generic6.BDPW";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\6FBC8584.DLL";"Trojan horse Downloader.Generic8.VXA";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\4P7KKYMvJv.pif";"Trojan horse PSW.OnlineGames.BPZO";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\498FF28D.EXE";"Trojan horse Downloader.Generic8.VWR";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\2726458";"Trojan horse PSW.OnlineGames.BPSW";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\198FF3D8.dll";"Trojan horse Downloader.Generic_r.CI";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\1782DqA0um.pif";"Trojan horse PSW.Generic6.BDPW";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\__default.pif";"Trojan horse Agent_r.HC";"Moved to Virus Vault"

"Spyware"
"File";"Infection";"Result"
"C:\Users\Administrator\Desktop\test\89X\89X\ROWMPUICQAZZY.EXE";"Adware Generic3.AHBP";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\89X\89X\FADKIKXMZTHWLKY.DLL";"Adware Generic3.AJOC";"Moved to Virus Vault"

"Information"
"File";"Infection";"Result"
"C:\Users\Administrator\Desktop\test\89X\89X\api.exe";"Runtime packed nspack";""

QQ中转站超出连接数了，帮lz做个分流，方便大家

http://www.brsbox.com/filebox/do ... 69a5543ce8fe0602203

ledled

MISS 86 to VB