查看: 2825|回复: 5
收起左侧

小红伞 的报告 帮忙看一下!!

[复制链接]
hn1001
发表于 2007-1-20 17:02:31 | 显示全部楼层 |阅读模式
Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!
Boot sector 'E:\'
      [NOTE]      No virus was found!
Boot sector 'F:\'
      [NOTE]      No virus was found!
Boot sector 'G:\'
      [NOTE]      No virus was found!
Starting to scan the registry.
The registry was scanned ( 9 files ).

Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\HN1001\Local Settings\Temporary Internet Files\Content.IE5\85E78TYJ\a_index[1].js
      [DETECTION] Contains signature of the exploits EXP/IframeJS
      [WARNING]   The file was ignored!

End of the scan: 2007年1月20日  16:57
Used time: 11:15 min
The scan has been canceled!
    174 Scanning directories
   2074 Files were scanned
      1 viruses and/or unwanted programs were found
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
   2073 Files not concerned
     14 Archives were scanned
      2 Warnings
      1 Notes
mofunzone
发表于 2007-1-20 17:15:42 | 显示全部楼层
pagefile.sys是虚拟内存文件,本身就无法打开,没问题
至于第二个的那个,一个js脚本而已,估计是弹出广告什么的,也不重要,你可以安装路径把它删除了,或者清空ie的cache都可以
hn1001
 楼主| 发表于 2007-1-20 17:30:31 | 显示全部楼层
谢谢 了 !该学英文了
hn1001
 楼主| 发表于 2007-1-20 18:13:17 | 显示全部楼层
Start of the scan: 2007年1月20日  17:27

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'TIMPlatform.exe' - '1' Modules have been scanned
Scan process 'QQ.exe' - '1' Modules have been scanned
Scan process 'RacerKp.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'conime.exe' - '1' Modules have been scanned
Scan process 'wdfmgr.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'racer.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'MPSVC1.exe' - '0' Modules have been scanned
Scan process 'MPSVC2.exe' - '0' Modules have been scanned
Scan process 'MPSVC.exe' - '0' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
24 processes with 24 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!
Boot sector 'E:\'
      [NOTE]      No virus was found!
Boot sector 'F:\'
      [NOTE]      No virus was found!
Boot sector 'G:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( 9 files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Program Files\装机人员工具\UPIEA IE插件管理.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agen.664099
      [INFO]      The file was deleted!
C:\Program Files\装机人员工具\系统之家网络质量测试工具.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '93fd612f.qua'!
C:\Program Files\装机人员工具\微软正版验证\序列号更换器.exe
      [DETECTION] Contains signature of the dropper DR/PSW.RAS.A.3
      [INFO]      The file was deleted!
Begin scan in 'D:\'
D:\大智慧\layout-new.exe
      [DETECTION] Is the Trojan horse TR/Starter.M.2
      [WARNING]   The file was ignored!
D:\jk8[1].com.zhb_setup\jk8.com.zhb_setup.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
D:\jk8[1].com.zhb_setup\《金卡绣球》股票数据转换宝www.jk8.com.exe
      [DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
      [WARNING]   The file was ignored!
Begin scan in 'E:\'
E:\UC\MAIL\UCMail.exe
      [DETECTION] Is the Trojan horse TR/Spy.Banker.GN.1701376
      [INFO]      The file was deleted!
E:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002716.exe
      [DETECTION] Is the Trojan horse TR/Spy.Banker.GN.1701376
      [INFO]      The file was moved to '45e1e6f1.qua'!
Begin scan in 'F:\'
Begin scan in 'G:\'
G:\飞狐\WindowsXP减肥专家\throttle.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '4623e9a0.qua'!
G:\jk8[1].com.zhb_setup\jk8.com.zhb_setup.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '45e9e9a8.qua'!
G:\Program Files\ppStream\xpsp2\XPSP2Patch.exe
      [DETECTION] Contains signature of the application APPL/Tool.EvID4226.A
      [WARNING]   The file was ignored!
G:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002736.EXE
      [DETECTION] Contains signature of the application APPL/Tool.EvID4226.A
      [INFO]      The file was deleted!
G:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002738.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '45e1eae3.qua'!
G:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002739.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '45e1eaea.qua'!
G:\System Volume Information\_restore{62DFA165-9123-4ADE-AFE0-0CBEF97F9AA6}\RP39\A0002740.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '45e1eaf0.qua'!

[ 本帖最后由 hn1001 于 2007-1-20 18:14 编辑 ]
shardineblog
发表于 2007-1-20 18:59:44 | 显示全部楼层
没有打的毛病就可以了~
hn1001
 楼主| 发表于 2007-1-20 20:54:18 | 显示全部楼层
谢谢 了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 14:53 , Processed in 0.124964 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表