我想你用的费尔启发式扫描中的规则过严.我的规则可能是费尔的最严格的规则经常弹出小对话框.不想麻烦用默认规则.看看我的机器中的情况.
1185372705,2007-7-25 22:11:45,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[IMJPMIG8.1]=; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32,Realtime scan
1185372705,2007-7-25 22:11:45,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[PHIME2002ASync]=; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC,Realtime scan
1185372705,2007-7-25 22:11:45,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[PHIME2002A]=; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName,Realtime scan
1185372705,2007-7-25 22:11:45,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvCplDaemon]=; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll#NvStartup,Realtime scan
1185372705,2007-7-25 22:11:45,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[nwiz]=; nwiz.exe /install,Realtime scan
1185372705,2007-7-25 22:11:45,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185372705,2007-7-25 22:11:45,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvMediaCenter]=; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll#NvTaskbarInit,Realtime scan
1185372714,2007-7-25 22:11:54,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[SoundMan]=; SOUNDMAN.EXE,Realtime scan
1185372714,2007-7-25 22:11:54,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[OutpostFeedBack]=; C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup,Realtime scan
1185372714,2007-7-25 22:11:54,注册表监控,多余的值,ibelive,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run[ctfmon.exe]=; C:\WINDOWS\system32\ctfmon.exe,Realtime scan
1185372924,2007-7-25 22:15:24,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185372932,2007-7-25 22:15:32,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185372940,2007-7-25 22:15:40,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185372948,2007-7-25 22:15:48,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185372956,2007-7-25 22:15:56,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185372963,2007-7-25 22:16:03,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185372971,2007-7-25 22:16:11,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185372979,2007-7-25 22:16:19,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185372987,2007-7-25 22:16:27,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185373019,2007-7-25 22:16:59,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185373027,2007-7-25 22:17:07,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185373066,2007-7-25 22:17:46,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[PHIME2002ASync]=; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC,Realtime scan
1185373066,2007-7-25 22:17:46,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[PHIME2002A]=; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName,Realtime scan
1185373066,2007-7-25 22:17:46,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvCplDaemon]=; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll#NvStartup,Realtime scan
1185373066,2007-7-25 22:17:46,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[nwiz]=; nwiz.exe /install,Realtime scan
1185373066,2007-7-25 22:17:46,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185373066,2007-7-25 22:17:46,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvMediaCenter]=; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll#NvTaskbarInit,Realtime scan
1185373066,2007-7-25 22:17:46,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[SoundMan]=; SOUNDMAN.EXE,Realtime scan
1185373066,2007-7-25 22:17:46,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[OutpostFeedBack]=; C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup,Realtime scan
1185373066,2007-7-25 22:17:46,注册表监控,多余的值,ibelive,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run[ctfmon.exe]=; C:\WINDOWS\system32\ctfmon.exe,Realtime scan
1185373074,2007-7-25 22:17:54,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185373082,2007-7-25 22:18:02,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[PHIME2002A]=; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName,Realtime scan
1185373082,2007-7-25 22:18:02,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvCplDaemon]=; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll#NvStartup,Realtime scan
1185373082,2007-7-25 22:18:02,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[nwiz]=; nwiz.exe /install,Realtime scan
1185373082,2007-7-25 22:18:02,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvMediaCenter]=; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll#NvTaskbarInit,Realtime scan
1185373082,2007-7-25 22:18:02,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185373082,2007-7-25 22:18:02,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[SoundMan]=; SOUNDMAN.EXE,Realtime scan
1185373082,2007-7-25 22:18:02,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[OutpostFeedBack]=; C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup,Realtime scan
1185373082,2007-7-25 22:18:02,注册表监控,多余的值,ibelive,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run[ctfmon.exe]=; C:\WINDOWS\system32\ctfmon.exe,Realtime scan
1185373090,2007-7-25 22:18:10,RegChanger.AutoRunner.A,可疑程序,ibelive,C:\WINDOWS\system32\nwiz.exe,Realtime scan
1185373564,2007-7-25 22:26:04,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvCplDaemon]=; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll#NvStartup,Realtime scan
1185373565,2007-7-25 22:26:05,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[nwiz]=; nwiz.exe /install,Realtime scan
1185373565,2007-7-25 22:26:05,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvMediaCenter]=; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll#NvTaskbarInit,Realtime scan
1185373565,2007-7-25 22:26:05,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[SoundMan]=; SOUNDMAN.EXE,Realtime scan
1185373565,2007-7-25 22:26:05,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[OutpostFeedBack]=; C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup,Realtime scan
1185373565,2007-7-25 22:26:05,注册表监控,多余的值,ibelive,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run[ctfmon.exe]=; C:\WINDOWS\system32\ctfmon.exe,Realtime scan
1185373612,2007-7-25 22:26:52,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[nwiz]=; nwiz.exe /install,Realtime scan
1185373612,2007-7-25 22:26:52,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvMediaCenter]=; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll#NvTaskbarInit,Realtime scan
1185373612,2007-7-25 22:26:52,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[SoundMan]=; SOUNDMAN.EXE,Realtime scan
1185373612,2007-7-25 22:26:52,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[OutpostFeedBack]=; C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup,Realtime scan
1185373612,2007-7-25 22:26:52,注册表监控,多余的值,ibelive,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run[ctfmon.exe]=; C:\WINDOWS\system32\ctfmon.exe,Realtime scan
1185373635,2007-7-25 22:27:15,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[NvMediaCenter]=; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll#NvTaskbarInit,Realtime scan
1185373635,2007-7-25 22:27:15,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[SoundMan]=; SOUNDMAN.EXE,Realtime scan
1185373635,2007-7-25 22:27:15,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[OutpostFeedBack]=; C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup,Realtime scan
1185373635,2007-7-25 22:27:15,注册表监控,多余的值,ibelive,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run[ctfmon.exe]=; C:\WINDOWS\system32\ctfmon.exe,Realtime scan
1185375189,2007-7-25 22:53:09,HTML.Shell.PoliKey.D,病毒,ibelive,D:\资料\系统修复的工具\如何巧解注册表的锁定.txt.VIR,Realtime scan
1185375196,2007-7-25 22:53:16,INF.Autorun.c,病毒,ibelive,D:\资料\系统修复的工具\总结.txt,Realtime scan
1185375200,2007-7-25 22:53:20,INF.Autorun.e,病毒,ibelive,D:\资料\系统修复的工具\案例.txt,Realtime scan
1185375686,2007-7-25 23:01:26,注册表监控,多余的值,ibelive,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Outpost Firewall]=C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice,Realtime scan |