V9P 的全盘扫描，怎么专动系统文件啊？

显示全部楼层 · 发表于 2009-3-24 10:40:42

在升级V9前，我用V8全盘扫描了，没有问题。

升级V9后，我再次全盘扫描，没想到一下子就卡住了——不断地跳出窗口（如果是病毒，那就自动处理；但是它跳出的是系统文件）。

别说没时间了，就算有时间也不会去一个个地处理啊！直接Abort。

贴一下相关的扫描纪录：

Version information:
BUILD.DAT    : 9.0.0.420    21382 Bytes 2009-3-11 15:37:00
AVSCAN.EXE    : 9.0.3.3    464641 Bytes 2009-3-20 02:28:34
AVSCAN.DLL    : 9.0.3.0    40705 Bytes 2009-3-20 02:28:32
LUKE.DLL       : 9.0.3.2    209665 Bytes 2009-3-20 02:29:40
LUKERES.DLL    : 9.0.2.0    12033 Bytes 2009-3-20 02:29:40
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes  2008-10-27 15:01:00
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2009-2-11 14:54:28
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 2009-3-11 09:58:22
ANTIVIR3.VDF : 7.1.2.198 271872 Bytes 2009-3-21 02:22:40
Engineversion : 8.2.0.120
AEVDF.DLL    : 8.1.1.0    106868 Bytes 2009-2-10 04:16:34
AESCRIPT.DLL : 8.1.1.67    364923 Bytes 2009-3-18 16:28:06
AESCN.DLL    : 8.1.1.8    127346 Bytes 2009-3-6 01:02:00
AERDL.DLL    : 8.1.1.3    438645 Bytes 2008-11-5 11:24:48
AEPACK.DLL    : 8.1.3.10    397686 Bytes 2009-3-5 03:28:12
AEOFFICE.DLL : 8.1.0.36    196987 Bytes 2009-2-27 02:28:40
AEHEUR.DLL    : 8.1.0.107 1663352 Bytes 2009-3-18 16:27:48
AEHELP.DLL    : 8.1.2.2    119158 Bytes 2009-2-27 02:28:36
AEGEN.DLL    : 8.1.1.30    336245 Bytes 2009-3-18 16:26:50
AEEMU.DLL    : 8.1.0.9    393588 Bytes  2008-10-16 08:03:32
AECORE.DLL    : 8.1.6.6    176501 Bytes 2009-2-18 01:03:24
AEBB.DLL       : 8.1.0.3    53618 Bytes  2008-10-16 08:03:24
AVWINLL.DLL    : 9.0.0.3    18177 Bytes 2009-3-20 02:28:44
AVPREF.DLL    : 9.0.0.1    43777 Bytes 2009-3-20 02:28:30
AVREP.DLL    : 8.0.0.3    155905 Bytes 2009-3-20 02:27:52
AVREG.DLL    : 9.0.0.0    36609 Bytes 2009-3-20 02:28:30
AVARKT.DLL    : 9.0.0.1    292609 Bytes 2009-3-20 02:27:56
AVEVTLOG.DLL : 9.0.0.7    167169 Bytes 2009-3-20 02:28:14
SQLITE3.DLL    : 3.6.1.0    326401 Bytes 2009-3-20 02:30:00
SMTPLIB.DLL    : 9.2.0.25    28417 Bytes 2009-3-20 02:29:56
NETNT.DLL    : 9.0.0.0    11521 Bytes 2009-3-20 02:29:42
RCIMAGE.DLL    : 9.0.0.21 2622721 Bytes 2009-3-20 02:27:32
RCTEXT.DLL    : 9.0.35.0    90369 Bytes 2009-3-20 02:27:32

怀疑这里打开了某样不应打开的功能：

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:, I:, J:, K:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

扫描纪录（都是系统文件）：

Start of the scan: 2009年3月22日  11:18
Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
NOT signed -> 'C:\WINDOWS\explorer.exe'
[DETECTION] Contains HEUR/Modified.SystemFile suspicious code
[NOTE]    A backup was created as '4a35af06.qua'  ( QUARANTINE )
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
NOT signed -> 'C:\WINDOWS\system32\spoolsv.exe'
[DETECTION] Contains HEUR/Modified.SystemFile suspicious code
[WARNING] The file was ignored!
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
NOT signed -> 'C:\WINDOWS\system32\user32.DLL'
[DETECTION] Contains HEUR/Modified.SystemFile suspicious code
[WARNING] The file was ignored!
NOT signed -> 'C:\WINDOWS\system32\gdi32.DLL'
[DETECTION] Contains HEUR/Modified.SystemFile suspicious code
[WARNING] The file was ignored!
NOT signed -> 'C:\WINDOWS\system32\kernel32.DLL'
[DETECTION] Contains HEUR/Modified.SystemFile suspicious code
[WARNING] The file was ignored!
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
NOT signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
[DETECTION] Contains HEUR/Modified.SystemFile suspicious code
[WARNING] The file was ignored!
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)
Starting search for hidden objects.
The scan has been canceled!

取消后的报告：

The scan has been canceled!
   0 Scanned directories
   0 Files were scanned
   0 Viruses and/or unwanted programs were found
   6 Files were classified as suspicious
   0 files were deleted
   0 Viruses and unwanted programs were repaired
   1 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   -6 Files not concerned
   0 Archives were scanned
   5 Warnings
   1 Notes
   1 Objects were scanned with rootkit scan
   0 Hidden objects were found

肯定是我选了某个不该选的选项……

[ 本帖最后由健美王子于 2009-3-24 10:42 编辑 ]

显示全部楼层 · 发表于 2009-3-24 11:11:30

http://bbs.kafan.cn/viewthread.php?tid=444216&highlight=

显示全部楼层 · 发表于 2009-3-24 11:27:45

果然……………………

感谢了~~

[求助] V9P 的全盘扫描，怎么专动系统文件啊？

评分

回复 2楼 Sebastian 的帖子