26个

promised

Graybird

Starting the file scan:

Begin scan in 'E:\样本.rar'
E:\样本.rar
  [0] Archive type: RAR
  --> HookHelp.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> wxptdi.sys
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
  --> 0.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 1.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 2.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jop
  --> 4.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 5.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 6.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jqp
  --> 7.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 8.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 9.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jfh
  --> 11.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jsh
  --> 13.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 16.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddm.1
  --> avwghmn.dll
      [DETECTION] Contains suspicious code HEUR/Malware
  --> avzxkmn.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jfh
  --> csavpw0.dll
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddm.1
  --> gdcqi32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdhnxai32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdmhi32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdmsi32.dll
      [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> gdqqhxi32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdrxjhi32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> kvdxjma.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jop
  --> ratbnpi.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jsh
      [INFO]      The file was deleted!


End of the scan: 2007年12月8日  16:01
Used time: 00:26 min

The scan has been done completely.

      0 Scanning directories
     27 Files were scanned
     24 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

FBAV

MicroVita AntiSpyware 100 C
_____________________________________________
                                          
             风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]                  
                   http://221.10.254.214/
----------------------------------------------
开始扫描……


正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\样本\0.exe]
                    …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:31380  MD5:f03563a400a3e20e933b1dc49105d7f6


[C:\Documents and Settings\Administrator\桌面\Virus\样本\1.exe]
                    …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15544  MD5:acefc9715f1e89f127ad79f7e3131486


[C:\Documents and Settings\Administrator\桌面\Virus\样本\2.exe]
                    …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:15766  MD5:4794bd8bbc675c9fdefba138d3d91f16


[C:\Documents and Settings\Administrator\桌面\Virus\样本\4.exe]
                    …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15652  MD5:b7b5890b063c2227ed0316409ba7a32a


[C:\Documents and Settings\Administrator\桌面\Virus\样本\5.exe]
                    …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:21876  MD5:f8f58370953f1291a12e5f12ca2c2ff4


[C:\Documents and Settings\Administrator\桌面\Virus\样本\6.exe]
                    …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:18844  MD5:a79aa5c693c47b6c83e941d3cff751fd


[C:\Documents and Settings\Administrator\桌面\Virus\样本\7.exe]
                    …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15072  MD5:659919701e9db705974dc14070f9a2d9


[C:\Documents and Settings\Administrator\桌面\Virus\样本\8.exe]
                    …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:16382  MD5:d2805352bf6220794c6f0bbdbf0267de


[C:\Documents and Settings\Administrator\桌面\Virus\样本\9.exe]
                    …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:16547  MD5:8709f1c51cfa66de02da77f2cd718e23


[C:\Documents and Settings\Administrator\桌面\Virus\样本\11.exe]
                    …………发现Spy！报告:[1] Win32.F/S.ByDwing[5] 下载者
文件信息:  大小:15066  MD5:901344d4961322e6d83fa210b5dcb135


[C:\Documents and Settings\Administrator\桌面\Virus\样本\13.exe]
                    …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:20716  MD5:8c6fcac27736b097d6e58f358b5785d4


[C:\Documents and Settings\Administrator\桌面\Virus\样本\16.exe]
                    …………发现Spy！报告:[1] Win32.NkHack.MicroJoiner
文件信息:  大小:12288  MD5:6cbf5bb022032cd5243d62d0293a26f4


[C:\Documents and Settings\Administrator\桌面\Virus\样本\avwghmn.dll]
                    …………发现Spy！报告: [4] [6] 注入者[8] HOOK者
文件信息:  大小:24416  MD5:7005372ebae11657c72a26c93d948f95


[C:\Documents and Settings\Administrator\桌面\Virus\样本\avzxkmn.dll]
                    …………发现Spy！报告: [4] [6] 注入者[8] HOOK者
文件信息:  大小:24926  MD5:aeb4a8ba4b154aedb44d6d36b9a8613b


[C:\Documents and Settings\Administrator\桌面\Virus\样本\csavpw0.dll]
                    …………发现Spy！报告:[6] 注入者[8] HOOK者
文件信息:  大小:19456  MD5:c8457a426dfa885c1081f1a3cac25991


[C:\Documents and Settings\Administrator\桌面\Virus\样本\gdcqi32.dll]
                    …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:11994  MD5:4e393017623e49692e7b32bc2ea243b9


[C:\Documents and Settings\Administrator\桌面\Virus\样本\gdhnxai32.dll]
                    …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:12288  MD5:62b600e6a8a8b9358df9e7db417868d2


[C:\Documents and Settings\Administrator\桌面\Virus\样本\gdmhi32.dll]
                    …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:18765  MD5:b5a5ce456bca53c366178a1fc93e800b


[C:\Documents and Settings\Administrator\桌面\Virus\样本\gdmsi32.dll]
                    …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:15703  MD5:62f04762b2a6ee6f1846d24f9b3f6107


[C:\Documents and Settings\Administrator\桌面\Virus\样本\gdqqhxi32.dll]
                    …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:12470  MD5:51af5cd897232ea77c80d333eb1c4495


[C:\Documents and Settings\Administrator\桌面\Virus\样本\gdrxjhi32.dll]
                    …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:17603  MD5:1b49890047e8d574c38613ba32a47573


[C:\Documents and Settings\Administrator\桌面\Virus\样本\kvdxjma.dll]
                    …………发现Spy！报告: [4] [6] 注入者[8] HOOK者
文件信息:  大小:22376  MD5:8b6ed5f0ab50d5b4dbaddb8b0a7f6ad1


[C:\Documents and Settings\Administrator\桌面\Virus\样本\ratbnpi.dll]
                    …………发现Spy！报告: [4] [6] 注入者[8] HOOK者
文件信息:  大小:21384  MD5:7aa14b8381802888011d98c561dc4c69


文件数:26   病毒数:23  比重:0.8846153846154
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎   
[2] 文件特征码引擎
[1] 文件启发式引擎


[ 本帖最后由 FBAV 于 2007-12-8 16:10 编辑 ]

葬禮

za不错呀

挪威的冬天

信息        2007-12-08  16:06:08        您此次查毒共查出23个病毒以及危险代码                       
信息        2007-12-08  16:06:08        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件39个                       
信息        2007-12-08  16:06:08        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\ratbnpi.dll        Win32.Troj.OnLimeGamesT.zf.21080        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\kvdxjma.dll        Win32.Troj.OnLimeGamesT.zf.21080        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdrxjhi32.dll        Win32.Troj.OnLimeGamesT.gs.73779        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdqqhxi32.dll        Win32.Troj.OnlineGamesT.ty.102400        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdmsi32.dll        Win32.Troj.OnlineGames.yf.73728        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdmhi32.dll        Win32.Troj.OnlineGamesT.ty.102400        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdhnxai32.dll        Win32.Troj.OnlineGamesT.ty.102400        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdcqi32.dll        Win32.Troj.OnlineGames.yk.73728        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\csavpw0.dll        Win32.Troj.OnlineGamesT.nf.14848        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\avzxkmn.dll        Win32.Troj.OnLimeGamesT.zf.21080        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\avwghmn.dll        Win32.Troj.OnLimeGamesT.zf.21080        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\16.exe        Win32.PSWTroj.OnLineGames.40960        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\13.exe        Trash.OnlineGamesT.aq.2615        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\11.exe        Win32.Troj.AgentT.fm.14452        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\9.exe        Win32.Troj.OnLineGamesT.gp.15597        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\8.exe        Win32.Troj.AgentT.fm.14452        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\7.exe        Trash.OnlineGamesT.aq.2615        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\6.exe        Win32.Troj.OnLineGamesT.or.258048        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\5.exe        Win32.Troj.OnLineGamesT.or.258048        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\4.exe        Win32.Troj.OnLineGamesT.or.258048        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\2.exe        Win32.Troj.AgentT.fm.14452        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\1.exe        Win32.Troj.OnLineGamesT.or.258048        跳过，未处理       
病毒        2007-12-08  16:06:08        C:\Documents and Settings\Norways Winter\桌面\样本.rar\0.exe        Win32.Troj.DwonLoaderT.xy.133203        跳过，未处理

ywarmy

AntiVir PersonalEdition Premium
Report file date: 2007年12月8日  16:07

Scanning for 963523 virus strains and unwanted programs.

Licensed to:      Manfred Liesegang
Serial number:    1100233401-PEPWE-0001
Platform:         Windows Vista
Windows version:  (plain)  [6.0.6000]
Username:         ywarmy
Computer name:    YWARMY-PC

Version information:
BUILD.DAT    : 308           17199 Bytes   2007/9/19 13:44:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes   2007/8/23 06:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes   2007/8/16 05:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes   2007/8/14 08:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes   2007/8/21 05:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes   2007/7/18 07:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes   2007/9/13 07:26:55
ANTIVIR2.VDF : 7.0.1.30    1575424 Bytes  2007/11/30 01:36:24
ANTIVIR3.VDF : 7.0.1.60     112128 Bytes   2007/12/7 05:55:11
AVEWIN32.DLL : 7.6.0.40    3064320 Bytes   2007/12/8 05:55:11
AVWINLL.DLL  : 1.0.0.7       14376 Bytes   2007/2/26 03:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes   2007/7/18 00:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes   2007/4/16 06:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes    2007/8/3 01:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes   2007/7/18 00:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes   2007/8/28 05:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes   2007/7/18 00:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes    2007/3/8 04:09:42
RCIMAGE.DLL  : 7.0.1.30    2576424 Bytes    2007/8/7 05:51:06
RCTEXT.DLL   : 7.0.62.0      86056 Bytes   2007/8/21 06:03:18
SQLITE3.DLL  : 3.3.17.1     339968 Bytes   2007/7/23 02:37:21

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\Users\ywarmy\AppData\Local\Temp\2c84d658.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 2007年12月8日  16:07

Starting the file scan:

Begin scan in 'C:\Users\ywarmy\Downloads\样本.rar'
C:\Users\ywarmy\Downloads\样本.rar
  [0] Archive type: RAR
  --> HookHelp.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> wxptdi.sys
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
  --> 0.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 1.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 2.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jop
  --> 4.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 5.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 6.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jqp
  --> 7.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 8.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 9.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jfh
  --> 11.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jsh
  --> 13.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 16.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddm.1
  --> avwghmn.dll
      [DETECTION] Contains suspicious code HEUR/Malware
  --> avzxkmn.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jfh
  --> csavpw0.dll
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddm.1
  --> gdcqi32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdhnxai32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdmhi32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdmsi32.dll
      [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> gdqqhxi32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdrxjhi32.dll
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> kvdxjma.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jop
  --> ratbnpi.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jsh
      [WARNING]   The file was ignored!


End of the scan: 2007年12月8日  16:07
Used time: 00:14 min

The scan has been done completely.

      0 Scanning directories
     27 Files were scanned
     24 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      1 Warnings
      0 Notes

kkgh

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.Win32.Mnless.zyt  
病毒： Trojan.PSW.Win32.XYOnline.vk
病毒： Trojan.PSW.Win32.QQSG.ay
病毒： Trojan.PSW.Win32.NSword.cn
病毒： Trojan.PSW.Win32.GameOnline.zzy
病毒： Trojan.PSW.Win32.GameOnline.avy
病毒： Trojan.PSW.Win32.GameOnline.zzg
病毒： Trojan.PSW.Win32.XYOnline.vi
病毒： Trojan.PSW.Win32.TLOnline.jkh

用户来源：互联网

软件版本：20.21.50

IllusionWing

23个

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 4.5.6
HC0.rlb = 3.9.4
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扫描档案, 扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发,
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\0.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\1.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\11.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\13.exe 检测到 Packed.Generic.Modified
[扫描] [捆绑检测] 在 C:\Users\干孟泽\Desktop\样本\16.exe//UPX 检测到 Generic.Binder
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\2.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\4.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\5.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\6.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\7.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\8.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\9.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\avwghmn.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\avzxkmn.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gdcqi32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gdhnxai32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gdmhi32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gdmsi32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gdqqhxi32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gdrxjhi32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\kvdxjma.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\ratbnpi.dll 检测到 Generic.nFile
[扫描] [捆绑检测] 在 C:\Users\干孟泽\Desktop\样本\wxptdi.sys 检测到 Generic.Binder
检测到了 23 个未知的恶意程序，请上报。
任务 扫描 完成。共耗费的时间：0-00-00 00:00:00:0312，共扫描的文件数量：27，共扫描到的威胁数量：23，威胁率：85.19%，扫描速率： 86.54 文件/秒，扫描速度： 1687.91 千字节/秒，共扫描了 526.63 千字节。

wangjay1980

detected: virus Heur.AntiAV (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/wxptdi.sys
detected: virus











































































































































































        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/2.exe//
detected: virus         File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/4.exe////
detected: virus         File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/6.exe////
detected: virus







































































































































































        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/8.exe//
detected: virus


































































































































































































êÔ’|ÿ

mofunzone

v8 19
Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\attachment'
C:\Users\morgan\Documents\attachment\
  0.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: OVL
        --> Object
            [DETECTION] Is the Trojan horse TR/Drop.Agent.23552
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  1.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  11.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jsh
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  13.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  16.exe
    [0] Archive type: Runtime Packed
    --> Object
        [DETECTION] Is the Trojan horse TR/PSW.Online.ddm.1
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  2.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jop
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  3.exe
  4.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  5.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  6.exe
    [0] Archive type: Runtime Packed
    --> Object
        [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jqp
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  7.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  8.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  9.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jfh
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  avwghmn.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '47d15a3c.qua'!
  avzxkmn.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jfh
      [INFO]      The file was deleted!
  csavpw0.dll
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddm.1
      [INFO]      The file was deleted!
  gdcqi32.dll
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
        --> Object
  gdhnxai32.dll
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
        --> Object
  gdmhi32.dll
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
        --> Object
        --> Object
  gdmsi32.dll
    [0] Archive type: Runtime Packed
    --> Object
        [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  gdqqhxi32.dll
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
        --> Object
  gdrxjhi32.dll
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
        --> Object
        --> Object
  HookHelp.sys
  kvdxjma.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jop
      [INFO]      The file was deleted!
  ratbnpi.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jsh
      [INFO]      The file was deleted!
  wxptdi.sys
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
      [INFO]      The file was deleted!


End of the scan: 2007年12月8日  00:45
Used time: 00:06 min

The scan has been done completely.

      1 Scanning directories
     26 Files were scanned
     12 viruses and/or unwanted programs were found
      7 Files were classified as suspicious:
     18 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     14 Files not concerned
     15 Archives were scanned
      8 Warnings
      0 Notes