來自eMule的惡意程式

發表時間: 2008-8-24 08:55 作者: xyz 來源: AVPClub Security Home

ps.自己跑到下載目錄的, 尚未檢舉給各大防毒公司~

VirusTotal掃描結果: 一筆...

http://www.virustotal.com/zh-tw/ ... fb2d7cd473380f71f50
檔案 svchost.exe 接收於 2008.08.21 08:37:50 (CET)
當前狀態: 完成

結果: 1/36 (2.78%)
格式化文字列印結果
反病毒引擎版本最後更新掃瞄結果
AhnLab-V3 2008.8.21.0 2008.08.21 -
AntiVir 7.8.1.23 2008.08.21 -
Authentium 5.1.0.4 2008.08.21 -
Avast 4.8.1195.0 2008.08.20 -
AVG 8.0.0.161 2008.08.20 -
BitDefender 7.2 2008.08.21 -
CAT-QuickHeal 9.50 2008.08.20 -
ClamAV 0.93.1 2008.08.21 Trojan.Agent-40713
DrWeb 4.44.0.09170 2008.08.21 -
eSafe 7.0.17.0 2008.08.20 -
eTrust-Vet 31.6.6038 2008.08.20 -
Ewido 4.0 2008.08.20 -
F-Prot 4.4.4.56 2008.08.20 -
F-Secure 7.60.13501.0 2008.08.21 -
Fortinet 3.14.0.0 2008.08.21 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.21 -
K7AntiVirus 7.10.422 2008.08.20 -
Kaspersky 7.0.0.125 2008.08.21 -
McAfee 5365 2008.08.20 -
Microsoft 1.3807 2008.08.21 -
NOD32v2 3373 2008.08.21 -
Norman 5.80.02 2008.08.20 -
Panda 9.0.0.4 2008.08.21 -
PCTools 4.4.2.0 2008.08.20 -
Prevx1 V2 2008.08.21 -
Rising 20.58.30.00 2008.08.21 -
Sophos 4.32.0 2008.08.21 -
Sunbelt 3.1.1564.1 2008.08.20 -
Symantec 10 2008.08.21 -
TheHacker 6.3.0.6.056 2008.08.21 -
TrendMicro 8.700.0.1004 2008.08.21 -
VBA32 3.12.8.3 2008.08.20 -
ViRobot 2008.8.20.1342 2008.08.20 -
VirusBuster 4.5.11.0 2008.08.20 -
Webwasher-Gateway 6.6.2 2008.08.21 -
附加訊息
File size: 14336 bytes
MD5...: 723ba2efe4a16774e98f53d7ac6c71fd
SHA1..: 5a4e7f0fa5290ef730f8ec69d106358bee5f447a
SHA256: 8b4d7112d89196e3c940e59834056e95fd59b92650158d6faba076c236a64065
SHA512: 7e548d60dc23ff4e1cd8197280e2b3166d685d65bbd49e804c3a88f384592c6d
8a9b8a4511e7a614441b8fb284e47ac44f262cdd2248b90fc6fa24f641c3806b

Setup.zip
(2008-08-24 08:55:06, Size: 7.38 kB, Downloads: 9)

我也來說兩句 查看全部評論相關評論

chou (2008-8-24 09:15:12)

ESS 3.0 未發現可疑檔案
sun88990 (2008-8-24 09:48:58)

哇...
這麼多家廠商病毒庫被過.
sun88990 (2008-8-24 09:51:46)

McAfee分析結果..
AVERT Labs - Beaverton
Current Scan Engine Version:5200.2160
Current DAT Version:5368.0000
Thank you for your submission.

Analysis ID: 4800652
Name Findings Detection Type Extra
setup.exe no malware no

no malware [ setup.exe ]
Avert Labs has found no indications of malicious code. Upon examining the file we observed no malicious behavior.

Regards,

McAfee AVERT tm
A division of McAfee, Inc
wopti (2008-8-24 10:24:15)

驱逐舰没有发现病毒存在
said411f (2008-8-24 13:40:00)

Online Armor Personal Firewall +AV
a-squared Anti-Malware 4.0 beta

未發現可疑威脅~~囧
megakotaro (2008-8-24 14:43:02)

p2p軟體都有問題的......別太常用，買正版吧
回報avira
回報後為：KNOWN CLEAN
The file 'Setup.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Windows XP (SP2)'.
他們認為是XP sp2的東東
ss30102 (2008-8-24 16:24:15)

用SVS測出的修改
正常:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\8\HU\USER_TEMPLATE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs"="[_B_]PROGRAMS[_E_]"
"My Music"="[_B_]MYMUSIC[_E_]"
"Favorites"="[_B_]FAVORITES[_E_]"
"Personal"="[_B_]PERSONAL[_E_]"

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\8\HU\USER_TEMPLATE\Software\Microsoft\Windows\Shell\Bags\1\Desktop]
"Mode"=dword:00000001
"ScrollPos1024x768(1).x"=dword:00000000
"ScrollPos1024x768(1).y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:ffffffff
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,\
  00,04,00,20,00,10,00,28,00,3c,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,\
  00,00,b4,00,60,00,78,00,78,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\
  00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ItemPos1024x768(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,17,00,\
  00,00,02,00,00,00,14,00,1f,60,40,f0,5f,64,81,50,1b,10,9f,08,00,aa,00,2f,95,\
  4e,17,00,00,00,54,00,00,00,58,00,3a,00,c1,06,00,00,17,39,e2,74,20,00,41,44,\
  4f,42,45,52,7e,31,2e,4c,4e,4b,00,00,3c,00,03,00,04,00,ef,be,17,39,e2,74,17,\
  39,e2,74,14,00,00,00,41,00,64,00,6f,00,62,00,65,00,20,00,52,00,65,00,61,00,\
  64,00,65,00,72,00,20,00,38,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,\
  00,a6,00,00,00,5a,00,3a,00,42,06,00,00,17,39,ef,73,20,00,4d,4f,5a,49,4c,4c,\
  7e,31,2e,4c,4e,4b,00,00,3e,00,03,00,04,00,ef,be,17,39,ef,73,17,39,ef,73,14,\
  00,00,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,20,00,46,00,69,00,72,00,\
  65,00,66,00,6f,00,78,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,92,\
  02,00,00,54,00,3a,00,43,06,00,00,17,39,89,75,20,00,4e,45,52,4f,45,58,7e,31,\
  2e,4c,4e,4b,00,00,38,00,03,00,04,00,ef,be,17,39,89,75,17,39,89,75,14,00,00,\
  00,4e,00,65,00,72,00,6f,00,20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,\
  2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,f8,00,00,00,88,00,3a,00,53,\
  07,00,00,17,39,83,74,20,00,53,59,4d,41,4e,54,7e,31,2e,4c,4e,4b,00,00,6c,00,\
  03,00,04,00,ef,be,17,39,83,74,17,39,83,74,14,00,00,00,53,00,79,00,6d,00,61,\
  00,6e,00,74,00,65,00,63,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,\
  65,00,20,00,56,00,69,00,72,00,74,00,75,00,61,00,6c,00,69,00,7a,00,61,00,74,\
  00,69,00,6f,00,6e,00,20,00,41,00,64,00,6d,00,69,00,6e,00,2e,00,6c,00,6e,00,\
  6b,00,00,00,1c,00,65,00,00,00,4a,01,00,00,5e,00,3a,00,e1,06,00,00,17,39,2e,\
  7c,20,00,57,49,4e,44,4f,57,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,ef,be,\
  17,39,2e,7c,17,39,2e,7c,14,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,4c,00,69,00,76,00,65,00,20,00,4d,00,61,00,69,00,6c,00,2e,00,6c,00,\
  6e,00,6b,00,00,00,1c,00,65,00,00,00,a6,00,00,00,5e,00,3a,00,2c,03,00,00,17,\
  39,50,7a,20,00,59,41,48,4f,4f,21,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,\
  ef,be,17,39,50,7a,17,39,50,7a,14,00,00,00,59,00,61,00,68,00,6f,00,6f,00,21,\
  00,47,59,69,64,4d,00,65,00,73,00,73,00,65,00,6e,00,67,00,65,00,72,00,2e,00,\
  6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,4a,01,00,00,52,00,3a,00,e6,02,00,\
  00,17,39,d1,74,20,00,5a,55,4d,41,44,45,7e,31,2e,4c,4e,4b,00,00,36,00,03,00,\
  04,00,ef,be,17,39,d1,74,17,39,d1,74,14,00,00,00,5a,00,75,00,6d,00,61,00,20,\
  00,44,00,65,00,6c,00,75,00,78,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
  65,00,00,00,f8,00,00,00,48,00,3e,00,f4,02,00,00,17,39,96,7e,20,00,70,96,71,\
  5f,fb,7c,71,7d,2e,00,6c,00,6e,00,6b,00,00,00,28,00,03,00,04,00,ef,be,17,39,\
  f9,7a,17,39,f9,7a,14,00,00,00,70,96,71,5f,fb,7c,71,7d,2e,00,6c,00,6e,00,6b,\
  00,00,00,20,00,17,00,00,00,9c,01,00,00,4c,00,32,00,0c,06,00,00,17,39,95,74,\
  20,00,43,43,6c,65,61,6e,65,72,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,17,\
  39,95,74,17,39,95,74,14,00,00,00,43,00,43,00,6c,00,65,00,61,00,6e,00,65,00,\
  72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,ee,01,00,00,42,00,32,\
  00,d4,05,00,00,17,39,db,74,20,00,4b,4b,42,4f,58,2e,6c,6e,6b,00,2a,00,03,00,\
  04,00,ef,be,17,39,db,74,17,39,db,74,14,00,00,00,4b,00,4b,00,42,00,4f,00,58,\
  00,2e,00,6c,00,6e,00,6b,00,00,00,18,00,17,00,00,00,40,02,00,00,4c,00,32,00,\
  76,02,00,00,17,39,f1,74,20,00,4b,4d,50,6c,61,79,65,72,2e,6c,6e,6b,00,00,30,\
  00,03,00,04,00,ef,be,17,39,f1,74,17,39,f1,74,14,00,00,00,4b,00,4d,00,50,00,\
  6c,00,61,00,79,00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,65,00,00,\
  00,02,00,00,00,46,00,32,00,e8,05,00,00,17,39,a2,74,20,00,52,65,63,75,76,61,\
  2e,6c,6e,6b,00,00,2c,00,03,00,04,00,ef,be,17,39,a2,74,17,39,a2,74,14,00,00,\
  00,52,00,65,00,63,00,75,00,76,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,\
  65,00,00,00,9c,01,00,00,42,00,32,00,00,38,00,00,04,31,00,60,20,00,53,65,74,\
  75,70,2e,65,78,65,00,2a,00,03,00,04,00,ef,be,18,39,53,40,18,39,53,40,14,00,\
  00,00,53,00,65,00,74,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00,18,00,65,\
  00,00,00,ee,01,00,00,42,00,32,00,81,1d,00,00,18,39,4a,40,20,00,53,65,74,75,\
  70,2e,7a,69,70,00,2a,00,03,00,04,00,ef,be,18,39,4a,40,18,39,4a,40,14,00,00,\
  00,53,00,65,00,74,00,75,00,70,00,2e,00,7a,00,69,00,70,00,00,00,18,00,65,00,\
  00,00,54,00,00,00,4e,00,32,00,00,30,14,00,fb,32,61,49,20,00,54,57,4d,4a,5f,\
  31,7e,31,2e,45,58,45,00,00,32,00,03,00,04,00,ef,be,17,39,d3,74,17,39,d3,74,\
  14,00,00,00,74,00,77,00,6d,00,6a,00,5f,00,31,00,30,00,33,00,32,00,2e,00,65,\
  00,78,00,65,00,00,00,1c,00,65,00,00,00,54,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\9\HU\S-1-5-21-484763869-1844823847-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs"="C:\\Documents and Settings\\Administrator\\「開始」功能表\\程式集"
"My Music"="C:\\Documents and Settings\\Administrator\\My Documents\\My Music"
"Favorites"="C:\\Documents and Settings\\Administrator\\Favorites"
"Personal"="C:\\Documents and Settings\\Administrator\\My Documents"

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\9\HU\S-1-5-21-484763869-1844823847-682003330-500\Software\Microsoft\Windows\Shell\Bags\1\Desktop]
"Mode"=dword:00000001
"ScrollPos1024x768(1).x"=dword:00000000
"ScrollPos1024x768(1).y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:ffffffff
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,\
  00,04,00,20,00,10,00,28,00,3c,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,\
  00,00,b4,00,60,00,78,00,78,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\
  00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ItemPos1024x768(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,17,00,\
  00,00,02,00,00,00,14,00,1f,60,40,f0,5f,64,81,50,1b,10,9f,08,00,aa,00,2f,95,\
  4e,17,00,00,00,54,00,00,00,58,00,3a,00,c1,06,00,00,17,39,e2,74,20,00,41,44,\
  4f,42,45,52,7e,31,2e,4c,4e,4b,00,00,3c,00,03,00,04,00,ef,be,17,39,e2,74,17,\
  39,e2,74,14,00,00,00,41,00,64,00,6f,00,62,00,65,00,20,00,52,00,65,00,61,00,\
  64,00,65,00,72,00,20,00,38,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,\
  00,a6,00,00,00,5a,00,3a,00,42,06,00,00,17,39,ef,73,20,00,4d,4f,5a,49,4c,4c,\
  7e,31,2e,4c,4e,4b,00,00,3e,00,03,00,04,00,ef,be,17,39,ef,73,17,39,ef,73,14,\
  00,00,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,20,00,46,00,69,00,72,00,\
  65,00,66,00,6f,00,78,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,92,\
  02,00,00,54,00,3a,00,43,06,00,00,17,39,89,75,20,00,4e,45,52,4f,45,58,7e,31,\
  2e,4c,4e,4b,00,00,38,00,03,00,04,00,ef,be,17,39,89,75,17,39,89,75,14,00,00,\
  00,4e,00,65,00,72,00,6f,00,20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,\
  2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,f8,00,00,00,88,00,3a,00,53,\
  07,00,00,17,39,83,74,20,00,53,59,4d,41,4e,54,7e,31,2e,4c,4e,4b,00,00,6c,00,\
  03,00,04,00,ef,be,17,39,83,74,17,39,83,74,14,00,00,00,53,00,79,00,6d,00,61,\
  00,6e,00,74,00,65,00,63,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,\
  65,00,20,00,56,00,69,00,72,00,74,00,75,00,61,00,6c,00,69,00,7a,00,61,00,74,\
  00,69,00,6f,00,6e,00,20,00,41,00,64,00,6d,00,69,00,6e,00,2e,00,6c,00,6e,00,\
  6b,00,00,00,1c,00,65,00,00,00,4a,01,00,00,5e,00,3a,00,e1,06,00,00,17,39,2e,\
  7c,20,00,57,49,4e,44,4f,57,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,ef,be,\
  17,39,2e,7c,17,39,2e,7c,14,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,4c,00,69,00,76,00,65,00,20,00,4d,00,61,00,69,00,6c,00,2e,00,6c,00,\
  6e,00,6b,00,00,00,1c,00,65,00,00,00,a6,00,00,00,5e,00,3a,00,2c,03,00,00,17,\
  39,50,7a,20,00,59,41,48,4f,4f,21,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,\
  ef,be,17,39,50,7a,17,39,50,7a,14,00,00,00,59,00,61,00,68,00,6f,00,6f,00,21,\
  00,47,59,69,64,4d,00,65,00,73,00,73,00,65,00,6e,00,67,00,65,00,72,00,2e,00,\
  6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,4a,01,00,00,52,00,3a,00,e6,02,00,\
  00,17,39,d1,74,20,00,5a,55,4d,41,44,45,7e,31,2e,4c,4e,4b,00,00,36,00,03,00,\
  04,00,ef,be,17,39,d1,74,17,39,d1,74,14,00,00,00,5a,00,75,00,6d,00,61,00,20,\
  00,44,00,65,00,6c,00,75,00,78,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
  65,00,00,00,f8,00,00,00,48,00,3e,00,f4,02,00,00,17,39,96,7e,20,00,70,96,71,\
  5f,fb,7c,71,7d,2e,00,6c,00,6e,00,6b,00,00,00,28,00,03,00,04,00,ef,be,17,39,\
  f9,7a,17,39,f9,7a,14,00,00,00,70,96,71,5f,fb,7c,71,7d,2e,00,6c,00,6e,00,6b,\
  00,00,00,20,00,17,00,00,00,9c,01,00,00,4c,00,32,00,0c,06,00,00,17,39,95,74,\
  20,00,43,43,6c,65,61,6e,65,72,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,17,\
  39,95,74,17,39,95,74,14,00,00,00,43,00,43,00,6c,00,65,00,61,00,6e,00,65,00,\
  72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,ee,01,00,00,42,00,32,\
  00,d4,05,00,00,17,39,db,74,20,00,4b,4b,42,4f,58,2e,6c,6e,6b,00,2a,00,03,00,\
  04,00,ef,be,17,39,db,74,17,39,db,74,14,00,00,00,4b,00,4b,00,42,00,4f,00,58,\
  00,2e,00,6c,00,6e,00,6b,00,00,00,18,00,17,00,00,00,40,02,00,00,4c,00,32,00,\
  76,02,00,00,17,39,f1,74,20,00,4b,4d,50,6c,61,79,65,72,2e,6c,6e,6b,00,00,30,\
  00,03,00,04,00,ef,be,17,39,f1,74,17,39,f1,74,14,00,00,00,4b,00,4d,00,50,00,\
  6c,00,61,00,79,00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,65,00,00,\
  00,02,00,00,00,46,00,32,00,e8,05,00,00,17,39,a2,74,20,00,52,65,63,75,76,61,\
  2e,6c,6e,6b,00,00,2c,00,03,00,04,00,ef,be,17,39,a2,74,17,39,a2,74,14,00,00,\
  00,52,00,65,00,63,00,75,00,76,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,\
  65,00,00,00,9c,01,00,00,42,00,32,00,00,38,00,00,04,31,00,60,20,00,53,65,74,\
  75,70,2e,65,78,65,00,2a,00,03,00,04,00,ef,be,18,39,53,40,18,39,53,40,14,00,\
  00,00,53,00,65,00,74,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00,18,00,65,\
  00,00,00,ee,01,00,00,42,00,32,00,81,1d,00,00,18,39,4a,40,20,00,53,65,74,75,\
  70,2e,7a,69,70,00,2a,00,03,00,04,00,ef,be,18,39,4a,40,18,39,4a,40,14,00,00,\
  00,53,00,65,00,74,00,75,00,70,00,2e,00,7a,00,69,00,70,00,00,00,18,00,65,00,\
  00,00,54,00,00,00,4e,00,32,00,00,30,14,00,fb,32,61,49,20,00,54,57,4d,4a,5f,\
  31,7e,31,2e,45,58,45,00,00,32,00,03,00,04,00,ef,be,17,39,d3,74,17,39,d3,74,\
  14,00,00,00,74,00,77,00,6d,00,6a,00,5f,00,31,00,30,00,33,00,32,00,2e,00,65,\
  00,78,00,65,00,00,00,1c,00,65,00,00,00,54,00,00,00,00,00,00,00

啟動病毒後:
[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\8\HLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs"="[_B_]COMMONPROGRAMS[_E_]"

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\8\HLM\SYSTEM\CurrentControlSet\Control\Session Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\8\HLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ALLUSERSPROFILE"="[_B_]ALLUSERSPROFILE[_E_]"
"COMMONFILES"="[_B_]COMMONFILES[_E_]"
"DEFAULTUSERPROFILE"="[_B_]DEFAULTUSERPROFILE[_E_]"
"COMMONADMINTOOLS"="[_B_]COMMONADMINTOOLS[_E_]"
"COMMONAPPDATA"="[_B_]COMMONAPPDATA[_E_]"
"COMMONDESKTOP"="[_B_]COMMONDESKTOP[_E_]"
"COMMONDOCUMENTS"="[_B_]COMMONDOCUMENTS[_E_]"
"COMMONFAVORITES"="[_B_]COMMONFAVORITES[_E_]"
"COMMONPROGRAMS"="[_B_]COMMONPROGRAMS[_E_]"
"COMMONSTARTMENU"="[_B_]COMMONSTARTMENU[_E_]"
"COMMONSTARTUP"="[_B_]COMMONSTARTUP[_E_]"
"COMMONTEMPLATES"="[_B_]COMMONTEMPLATES[_E_]"
"COMMONMUSIC"="[_B_]COMMONMUSIC[_E_]"
"COMMONPICTURES"="[_B_]COMMONPICTURES[_E_]"
"COMMONVIDEO"="[_B_]COMMONVIDEO[_E_]"
"FONTS"="[_B_]FONTS[_E_]"
"MEDIAPATH"="[_B_]MEDIAPATH[_E_]"
"MSSHAREDTOOLS"="[_B_]MSSHAREDTOOLS[_E_]"
"PROFILESDIRECTORY"="[_B_]PROFILESDIRECTORY[_E_]"
"PROGRAMFILES"="[_B_]PROGRAMFILES[_E_]"
"SYSTEMDRIVE"="[_B_]SYSTEMDRIVE[_E_]"
"WINDIR"="[_B_]WINDIR[_E_]"
"ADMINTOOLS"="[_B_]ADMINTOOLS[_E_]"
"APPDATA"="[_B_]APPDATA[_E_]"
"CACHE"="[_B_]CACHE[_E_]"
"CDBURNING"="[_B_]CDBURNING[_E_]"
"COOKIES"="[_B_]COOKIES[_E_]"
"DESKTOP"="[_B_]DESKTOP[_E_]"
"FAVORITES"="[_B_]FAVORITES[_E_]"
"HISTORY"="[_B_]HISTORY[_E_]"
"LOCALAPPDATA"="[_B_]LOCALAPPDATA[_E_]"
"LOCALSETTINGS"="[_B_]LOCALSETTINGS[_E_]"
"MYMUSIC"="[_B_]MYMUSIC[_E_]"
"MYPICTURES"="[_B_]MYPICTURES[_E_]"
"MYVIDEO"="[_B_]MYVIDEO[_E_]"
"NETHOOD"="[_B_]NETHOOD[_E_]"
"PERSONAL"="[_B_]PERSONAL[_E_]"
"PRINTHOOD"="[_B_]PRINTHOOD[_E_]"
"PROGRAMS"="[_B_]PROGRAMS[_E_]"
"RECENT"="[_B_]RECENT[_E_]"
"SENDTO"="[_B_]SENDTO[_E_]"
"STARTMENU"="[_B_]STARTMENU[_E_]"
"STARTUP"="[_B_]STARTUP[_E_]"
"TEMPLATES"="[_B_]TEMPLATES[_E_]"
"TEMP"="[_B_]TEMP[_E_]"
"USERPROFILE"="[_B_]USERPROFILE[_E_]"

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\B\HU\S-1-5-21-484763869-1844823847-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum]
"Implementing"=hex:1c,00,00,00,01,00,00,00,d8,07,08,00,00,00,18,00,08,00,07,00,\
  15,00,da,00,05,00,00,00,01,24,d0,30,81,6a,d0,11,82,74,00,c0,4f,d5,ae,38,f3,\
  31,ee,c4,68,47,d2,11,be,5c,00,a0,c9,a8,3d,a1,61,4e,a2,ef,78,b0,d0,11,89,e4,\
  00,c0,4f,c9,e2,6e,62,4e,a2,ef,78,b0,d0,11,89,e4,00,c0,4f,c9,e2,6e,64,4e,a2,\
  ef,78,b0,d0,11,89,e4,00,c0,4f,c9,e2,6e

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\B\HU\S-1-5-21-484763869-1844823847-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop"="C:\\Documents and Settings\\Administrator\\桌面"
"Start Menu"="C:\\Documents and Settings\\Administrator\\「開始」功能表"
"Programs"="C:\\Documents and Settings\\Administrator\\「開始」功能表\\程式集"
"NetHood"="C:\\Documents and Settings\\Administrator\\NetHood"
"Favorites"="C:\\Documents and Settings\\Administrator\\Favorites"
"Recent"="C:\\Documents and Settings\\Administrator\\Recent"
"My Pictures"="C:\\Documents and Settings\\Administrator\\My Documents\\My Pictures"
"Personal"="C:\\Documents and Settings\\Administrator\\My Documents"
"My Music"="C:\\Documents and Settings\\Administrator\\My Documents\\My Music"

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\B\HU\S-1-5-21-484763869-1844823847-682003330-500\Software\Microsoft\Windows\Shell\Bags\1\Desktop]
"Mode"=dword:00000001
"ScrollPos1024x768(1).x"=dword:00000000
"ScrollPos1024x768(1).y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:ffffffff
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,\
  00,04,00,20,00,10,00,28,00,3c,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,\
  00,00,b4,00,60,00,78,00,78,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\
  00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ItemPos1024x768(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,17,00,\
  00,00,02,00,00,00,14,00,1f,60,40,f0,5f,64,81,50,1b,10,9f,08,00,aa,00,2f,95,\
  4e,17,00,00,00,54,00,00,00,58,00,3a,00,c1,06,00,00,17,39,e2,74,20,00,41,44,\
  4f,42,45,52,7e,31,2e,4c,4e,4b,00,00,3c,00,03,00,04,00,ef,be,17,39,e2,74,17,\
  39,e2,74,14,00,00,00,41,00,64,00,6f,00,62,00,65,00,20,00,52,00,65,00,61,00,\
  64,00,65,00,72,00,20,00,38,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,\
  00,a6,00,00,00,5a,00,3a,00,42,06,00,00,17,39,ef,73,20,00,4d,4f,5a,49,4c,4c,\
  7e,31,2e,4c,4e,4b,00,00,3e,00,03,00,04,00,ef,be,17,39,ef,73,17,39,ef,73,14,\
  00,00,00,4d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,20,00,46,00,69,00,72,00,\
  65,00,66,00,6f,00,78,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,92,\
  02,00,00,54,00,3a,00,43,06,00,00,17,39,89,75,20,00,4e,45,52,4f,45,58,7e,31,\
  2e,4c,4e,4b,00,00,38,00,03,00,04,00,ef,be,17,39,89,75,17,39,89,75,14,00,00,\
  00,4e,00,65,00,72,00,6f,00,20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,\
  2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,f8,00,00,00,88,00,3a,00,53,\
  07,00,00,17,39,83,74,20,00,53,59,4d,41,4e,54,7e,31,2e,4c,4e,4b,00,00,6c,00,\
  03,00,04,00,ef,be,17,39,83,74,17,39,83,74,14,00,00,00,53,00,79,00,6d,00,61,\
  00,6e,00,74,00,65,00,63,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,\
  65,00,20,00,56,00,69,00,72,00,74,00,75,00,61,00,6c,00,69,00,7a,00,61,00,74,\
  00,69,00,6f,00,6e,00,20,00,41,00,64,00,6d,00,69,00,6e,00,2e,00,6c,00,6e,00,\
  6b,00,00,00,1c,00,65,00,00,00,4a,01,00,00,5e,00,3a,00,e1,06,00,00,17,39,2e,\
  7c,20,00,57,49,4e,44,4f,57,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,ef,be,\
  17,39,2e,7c,17,39,2e,7c,14,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,4c,00,69,00,76,00,65,00,20,00,4d,00,61,00,69,00,6c,00,2e,00,6c,00,\
  6e,00,6b,00,00,00,1c,00,65,00,00,00,a6,00,00,00,5e,00,3a,00,2c,03,00,00,17,\
  39,50,7a,20,00,59,41,48,4f,4f,21,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,\
  ef,be,17,39,50,7a,17,39,50,7a,14,00,00,00,59,00,61,00,68,00,6f,00,6f,00,21,\
  00,47,59,69,64,4d,00,65,00,73,00,73,00,65,00,6e,00,67,00,65,00,72,00,2e,00,\
  6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,4a,01,00,00,52,00,3a,00,e6,02,00,\
  00,17,39,d1,74,20,00,5a,55,4d,41,44,45,7e,31,2e,4c,4e,4b,00,00,36,00,03,00,\
  04,00,ef,be,17,39,d1,74,17,39,d1,74,14,00,00,00,5a,00,75,00,6d,00,61,00,20,\
  00,44,00,65,00,6c,00,75,00,78,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
  65,00,00,00,f8,00,00,00,48,00,3e,00,f4,02,00,00,17,39,96,7e,20,00,70,96,71,\
  5f,fb,7c,71,7d,2e,00,6c,00,6e,00,6b,00,00,00,28,00,03,00,04,00,ef,be,17,39,\
  f9,7a,17,39,f9,7a,14,00,00,00,70,96,71,5f,fb,7c,71,7d,2e,00,6c,00,6e,00,6b,\
  00,00,00,20,00,17,00,00,00,9c,01,00,00,4c,00,32,00,0c,06,00,00,17,39,95,74,\
  20,00,43,43,6c,65,61,6e,65,72,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,17,\
  39,95,74,17,39,95,74,14,00,00,00,43,00,43,00,6c,00,65,00,61,00,6e,00,65,00,\
  72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,17,00,00,00,ee,01,00,00,42,00,32,\
  00,d4,05,00,00,17,39,db,74,20,00,4b,4b,42,4f,58,2e,6c,6e,6b,00,2a,00,03,00,\
  04,00,ef,be,17,39,db,74,17,39,db,74,14,00,00,00,4b,00,4b,00,42,00,4f,00,58,\
  00,2e,00,6c,00,6e,00,6b,00,00,00,18,00,17,00,00,00,40,02,00,00,4c,00,32,00,\
  76,02,00,00,17,39,f1,74,20,00,4b,4d,50,6c,61,79,65,72,2e,6c,6e,6b,00,00,30,\
  00,03,00,04,00,ef,be,17,39,f1,74,17,39,f1,74,14,00,00,00,4b,00,4d,00,50,00,\
  6c,00,61,00,79,00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,65,00,00,\
  00,02,00,00,00,46,00,32,00,e8,05,00,00,17,39,a2,74,20,00,52,65,63,75,76,61,\
  2e,6c,6e,6b,00,00,2c,00,03,00,04,00,ef,be,17,39,a2,74,17,39,a2,74,14,00,00,\
  00,52,00,65,00,63,00,75,00,76,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,\
  65,00,00,00,9c,01,00,00,42,00,32,00,00,38,00,00,04,31,00,60,20,00,53,65,74,\
  75,70,2e,65,78,65,00,2a,00,03,00,04,00,ef,be,18,39,53,40,18,39,53,40,14,00,\
  00,00,53,00,65,00,74,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00,18,00,65,\
  00,00,00,ee,01,00,00,42,00,32,00,81,1d,00,00,18,39,4a,40,20,00,53,65,74,75,\
  70,2e,7a,69,70,00,2a,00,03,00,04,00,ef,be,18,39,4a,40,18,39,4a,40,14,00,00,\
  00,53,00,65,00,74,00,75,00,70,00,2e,00,7a,00,69,00,70,00,00,00,18,00,65,00,\
  00,00,54,00,00,00,4e,00,32,00,00,30,14,00,fb,32,61,49,20,00,54,57,4d,4a,5f,\
  31,7e,31,2e,45,58,45,00,00,32,00,03,00,04,00,ef,be,17,39,d3,74,17,39,d3,74,\
  14,00,00,00,74,00,77,00,6d,00,6a,00,5f,00,31,00,30,00,33,00,32,00,2e,00,65,\
  00,78,00,65,00,00,00,1c,00,65,00,00,00,54,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\B\HU\S-1-5-21-484763869-1844823847-682003330-500\Software\Microsoft\Windows\ShellNoRoam]

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\B\HU\S-1-5-21-484763869-1844823847-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@C:\\windows\\system32\\SHELL32.dll,-9227"="我的文件"
"@explorer.exe,-7024"="網際網路"
"@explorer.exe,-7025"="電子郵件"
"@C:\\windows\\system32\\tourstart.exe,-1"="導覽 Windows XP"
"@C:\\windows\\system32\\usmt\\migwiz.exe,-202"="檔案及設定轉移精靈"
"@shell32.dll,-21779"="我的圖片"
"@shell32.dll,-21790"="我的音樂"
"@C:\\windows\\system32\\SHELL32.dll,-9216"="我的電腦"
"@xpsp1res.dll,-10077"="設定程式存取及預設值"
"@C:\\windows\\system32\\SHELL32.dll,-9319"="印表機和傳真"
"@explorer.exe,-7021"="說明及支援(&H)"
"@explorer.exe,-7020"="搜尋(&S)"
"@explorer.exe,-7023"="執行(&R)..."

看了一下
發現他只有對登錄檔有作修改
沒有對檔案作動作
所以不知有沒有病毒行為~
所以就發給大家看看拉^^

這樣夠齊全嗎??
還是我打出來的都沒用
說一下八
integear (2008-8-24 17:44:53)

QUOTE:
原帖由 ss30102 於 2008-8-24 16:24 發表
用SVS測出的修改
正常:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\8\HU\USER_TEMPLATE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs"="[_ ...
基本上沒啥問題 .
eric7511 (2008-8-26 22:09:01)

費爾托斯特安全V7R3
病毒碼時間：v8.115.50146(2008.08.26.21:24)
未偵測到威脅
a5031428 (2008-8-27 11:02:08)

ＮＯＤ３２ Smart Security ３。０。６６９

以掃瞄檔案數：　　２
受感染檔案數　：　　０

已上報