小红伞的报告帮忙看一下！！

显示全部楼层 · 发表于 2007-1-20 17:02:31

Start scanning boot sectors:
Boot sector 'C:\'
   [NOTE]    No virus was found!
Boot sector 'D:\'
   [NOTE]    No virus was found!
Boot sector 'E:\'
   [NOTE]    No virus was found!
Boot sector 'F:\'
   [NOTE]    No virus was found!
Boot sector 'G:\'
   [NOTE]    No virus was found!
Starting to scan the registry.
The registry was scanned ( 9 files ).

Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
   [WARNING] The file could not be opened!
C:\Documents and Settings\HN1001\Local Settings\Temporary Internet Files\Content.IE5\85E78TYJ\a_index[1].js
   [DETECTION] Contains signature of the exploits EXP/IframeJS
   [WARNING] The file was ignored!

End of the scan: 2007年1月20日  16:57
Used time: 11:15 min
The scan has been canceled!
174 Scanning directories
2074 Files were scanned
   1 viruses and/or unwanted programs were found
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   1 Files cannot be scanned
2073 Files not concerned
   14 Archives were scanned
   2 Warnings
   1 Notes

显示全部楼层 · 发表于 2007-1-20 17:15:42

pagefile.sys是虚拟内存文件，本身就无法打开，没问题
至于第二个的那个，一个js脚本而已，估计是弹出广告什么的，也不重要，你可以安装路径把它删除了，或者清空ie的cache都可以

显示全部楼层 · 发表于 2007-1-20 17:30:31

谢谢了！该学英文了

显示全部楼层 · 发表于 2007-1-20 18:13:17

Start of the scan: 2007年1月20日  17:27

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'TIMPlatform.exe' - '1' Modules have been scanned
Scan process 'QQ.exe' - '1' Modules have been scanned
Scan process 'RacerKp.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'conime.exe' - '1' Modules have been scanned
Scan process 'wdfmgr.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'racer.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'MPSVC1.exe' - '0' Modules have been scanned
Scan process 'MPSVC2.exe' - '0' Modules have been scanned
Scan process 'MPSVC.exe' - '0' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
24 processes with 24 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
   [NOTE]    No virus was found!
Boot sector 'D:\'
   [NOTE]    No virus was found!
Boot sector 'E:\'
   [NOTE]    No virus was found!
Boot sector 'F:\'
   [NOTE]    No virus was found!
Boot sector 'G:\'
   [NOTE]    No virus was found!

Starting to scan the registry.
The registry was scanned ( 9 files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
   [WARNING] The file could not be opened!
C:\Program Files\装机人员工具\UPIEA IE插件管理.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agen.664099
   [INFO]    The file was deleted!
C:\Program Files\装机人员工具\系统之家网络质量测试工具.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '93fd612f.qua'!
C:\Program Files\装机人员工具\微软正版验证\序列号更换器.exe
   [DETECTION] Contains signature of the dropper DR/PSW.RAS.A.3
   [INFO]    The file was deleted!
Begin scan in 'D:\'
D:\大智慧\layout-new.exe
   [DETECTION] Is the Trojan horse TR/Starter.M.2
   [WARNING] The file was ignored!
D:\jk8[1].com.zhb_setup\jk8.com.zhb_setup.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
D:\jk8[1].com.zhb_setup\《金卡绣球》股票数据转换宝www.jk8.com.exe
   [DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
   [WARNING] The file was ignored!
Begin scan in 'E:\'
E:\UC\MAIL\UCMail.exe
   [DETECTION] Is the Trojan horse TR/Spy.Banker.GN.1701376
   [INFO]    The file was deleted!
E:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002716.exe
   [DETECTION] Is the Trojan horse TR/Spy.Banker.GN.1701376
   [INFO]    The file was moved to '45e1e6f1.qua'!
Begin scan in 'F:\'
Begin scan in 'G:\'
G:\飞狐\WindowsXP减肥专家\throttle.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [INFO]    The file was moved to '4623e9a0.qua'!
G:\jk8[1].com.zhb_setup\jk8.com.zhb_setup.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '45e9e9a8.qua'!
G:\Program Files\ppStream\xpsp2\XPSP2Patch.exe
   [DETECTION] Contains signature of the application APPL/Tool.EvID4226.A
   [WARNING] The file was ignored!
G:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002736.EXE
   [DETECTION] Contains signature of the application APPL/Tool.EvID4226.A
   [INFO]    The file was deleted!
G:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002738.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [INFO]    The file was moved to '45e1eae3.qua'!
G:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002739.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [INFO]    The file was moved to '45e1eaea.qua'!
G:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002740.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '45e1eaf0.qua'!

[ 本帖最后由 hn1001 于 2007-1-20 18:14 编辑 ]

显示全部楼层 · 发表于 2007-1-20 18:59:44

没有打的毛病就可以了～

显示全部楼层 · 发表于 2007-1-20 20:54:18

谢谢了

小红伞 的报告 帮忙看一下！！

小红伞的报告帮忙看一下！！