【問題】請問這檔有帶毒嗎??

[per1]

我朋友說開到這個以後有些程式變的怪怪的...
個人用avast丟進去scan都scan不出甚麼virus出來..
有沒有人可以幫忙一下..??
先謝謝了..
原始檔已壓縮..

[kk_pczone]

AhnLab-V3 2007.7.25.0 2007.07.24 no virus found
AntiVir 7.4.0.44 2007.07.24 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.07.23 no virus found
Avast 4.7.997.0 2007.07.24 no virus found
AVG 7.5.0.476 2007.07.24 BackDoor.Agent.JHB
BitDefender 7.2 2007.07.24 Backdoor.IRCBot.ABEI
CAT-QuickHeal 9.00 2007.07.24 (Suspicious) - DNAScan
ClamAV devel-20070416 2007.07.24 no virus found
DrWeb 4.33 2007.07.24 Win32.HLLW.Loook
eSafe 7.0.15.0 2007.07.23 Suspicious Trojan/Worm
eTrust-Vet 31.1.5003 2007.07.24 no virus found
Ewido 4.0 2007.07.24 no virus found
FileAdvisor 1 2007.07.24 no virus found
Fortinet 2.91.0.0 2007.07.24 no virus found
F-Prot 4.3.2.48 2007.07.23 no virus found
F-Secure 6.70.13030.0 2007.07.24 no virus found
Ikarus T3.1.1.8 2007.07.24 Backdoor.Win32.Rbot
Kaspersky 4.0.2.24 2007.07.24 IM-Worm.Win32.Agent.g
McAfee 5080 2007.07.23 no virus found
Microsoft 1.2704 2007.07.24 no virus found
NOD32v2 2417 2007.07.24 probably unknown NewHeur_PE virus
Panda 9.0.0.4 2007.07.24 Suspicious file
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.24 no virus found
Symantec 10 2007.07.24 W32.Mytob@mm
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.24 no virus found
Webwasher-Gateway 6.0.1 2007.07.24 Trojan.Crypt.XPACK.Gen

[ㄚ一]

沒有運行,只用以下兩款掃瞄

AntiVir:
Begin scan in 'C:\Documents and Settings\Administrator\桌面\summer2008.zip'
C:\Documents and Settings\Administrator\桌面\summer2008.zip
[0] Archive type: ZIP
--> 2007-07-21-213.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] The file was ignored!

KAV:
detected: virus IM-Worm.Win32.Agent.g File: C:\Documents and Settings\Administrator\®à­±\summer2008.zip/2007-07-21-213.scr//PE_Patch//NTKrnl

[Roger]

運行2007-07-21-213.scr，發現下列行為，被EQ-Secure RC4攔截！

2007-07-25 16:00:16 创建文件 操作:允许
进程路径:D:\desktop\virus\summer2008\2007-07-21-213.scr
文件路径:C:\Documents and Settings\HungAndy\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\~DF25BA.tmp
触发规则:黑名单->白名單->C:\Documents and Settings\HungAndy\Application Data\Sandbox\*

2007-07-25 16:00:18 创建注册表值 操作:阻止
进程路径:D:\desktop\virus\summer2008\2007-07-21-213.scr
注册表路径:HKEY_CURRENT_USER\machine\software\microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
注册表名称:antivirus
注册表数据:{522A9D9F-31D1-41C4-BF43-A6705A4B3C7A}
触发规则:所有程序规则->自動運行->*\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad*

2007-07-25 16:00:18 创建文件 操作:允许
进程路径:D:\desktop\virus\summer2008\2007-07-21-213.scr
文件路径:C:\Documents and Settings\HungAndy\Application Data\Sandbox\DefaultBox\drive\C\windows\system32\printers.exe
触发规则:黑名单->白名單->C:\Documents and Settings\HungAndy\Application Data\Sandbox\*


2007-07-25 16:00:18 创建文件 操作:允许
进程路径:D:\desktop\virus\summer2008\2007-07-21-213.scr
文件路径:C:\Documents and Settings\HungAndy\Application Data\Sandbox\DefaultBox\drive\C\windows\system32\firewallav.dll
触发规则:黑名单->白名單->C:\Documents and Settings\HungAndy\Application Data\Sandbox\*

1.它會在C:\Documents and Settings\HungAndy\Local Settings\Temp\生成
~DF25BA.tmp
2.它會创建注册表值
KEY_CURRENT_USER\machine\software\microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
antivirus
{522A9D9F-31D1-41C4-BF43-A6705A4B3C7A}
3.它會在C\windows\system32\生成
printers.exe
firewallav.dll

[shotpeng]

这个是msn virus来的。

[shotpeng]

deleted: virus IM-Worm.Win32.Agent.g
File: C:\Documents and Settings\Derek\Desktop\summer2008.zip\2007-07-21-213.scr/PE_Patch/NTKrnl