594157544你的主题帖《扫描问题》的参考答案

显示全部楼层 · 发表于 2010-12-26 08:14:53

本帖最后由 hujiwa 于 2010-12-26 08:52 编辑

你在卡饭主题为http://bbs.kafan.cn/thread-874169-1-1.html
那位仁兄碰到的问题，红伞版主给他的解决方法在我贴出来的帖子的17楼。

Hi,
Please disable Windows Defender: Control panel -> Windows Defender -> Tools -> Options -> untick "Use Real-Time Protection" and "Use Windows Defender".

hujiwa注：打开控制面板后，改用小图标或大图标模式~，不要类别模式，否则不好找哈~
请禁用windows defender：打开控制面板——windows defender_工具————选项——实时保护——去掉“使用实时保护”前的√

"Use Windows Defender".这个暂时不清楚哈，估计是windows defender——>管理员——>去掉“使用此程序”前的√

设置完记得保存哈~

红伞论坛一个UK朋友个给了如下链接：
http://forum.avira.com/wbb/index.php?page=Thread&threadID=79617&highlight=AVARKT.DLL+error

因为是此帖子看上去比较有难度，所以贴出来，大家一起看。

1楼（楼主）
Hangs scanning for Rootkits Antivir PE Classic (fully updated as of this very moment) hangs while scanning for Rootkits (started with Admin rights):

It hangs at the path: HKLM\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertySchema\InstalledSchemasCheckpoint.
Timer goes on but the scan is stuck.

Here are the results (I've stopped it):

Avira AntiVir Personal
Report file date: domenica 14 dicembre 2008  08:51

Scanning for 1085187 virus strains and unwanted programs.

Licensed to:    Avira AntiVir PersonalEdition Classic
Serial number: xxxxxxxxxx-Axxxx-xxxx
Platform:       Windows Vista
Windows version:  (Service Pack 1)  [6.0.6001]
Boot mode:       Normally booted
Username:       xxxxxx
Computer name: xx-xxxxxx

Version information:
BUILD.DAT    : 8.2.0.337    16934 Bytes  18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10    315649 Bytes  25/11/2008 19:53:45
AVSCAN.DLL : 8.1.4.0       40705 Bytes  26/05/2008 07:56:40
LUKE.DLL    : 8.1.4.5    164097 Bytes  12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0       12033 Bytes  26/05/2008 07:58:52
ANTIVIR0.VDF  : 7.1.0.0    15603712 Bytes  27/10/2008 22:35:43
ANTIVIR1.VDF  : 7.1.0.197 1170432 Bytes  07/12/2008 16:21:39
ANTIVIR2.VDF  : 7.1.0.198    2048 Bytes  07/12/2008 16:21:39
ANTIVIR3.VDF  : 7.1.0.229    137728 Bytes  12/12/2008 23:23:24
Engineversion : 8.2.0.45
AEVDF.DLL    : 8.1.0.6    102772 Bytes  15/10/2008 18:15:25
AESCRIPT.DLL  : 8.1.1.19    336252 Bytes  11/12/2008 18:01:15
AESCN.DLL    : 8.1.1.5    123251 Bytes  07/11/2008 17:36:09
AERDL.DLL    : 8.1.1.3    438645 Bytes  05/11/2008 11:46:58
AEPACK.DLL : 8.1.3.4    393591 Bytes  11/11/2008 17:58:46
AEOFFICE.DLL  : 8.1.0.33    196987 Bytes  11/12/2008 18:01:14
AEHEUR.DLL : 8.1.0.75    1524087 Bytes  11/12/2008 18:01:13
AEHELP.DLL : 8.1.2.0    119159 Bytes  18/11/2008 20:49:56
AEGEN.DLL    : 8.1.1.8    323956 Bytes  11/12/2008 18:01:07
AEEMU.DLL    : 8.1.0.9    393588 Bytes  15/10/2008 18:14:41
AECORE.DLL : 8.1.5.2    172405 Bytes  28/11/2008 23:22:43
AEBB.DLL    : 8.1.0.3       53618 Bytes  15/10/2008 18:14:31
AVWINLL.DLL : 1.0.0.12    15105 Bytes  09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0       38657 Bytes  16/05/2008 09:28:01
AVREP.DLL    : 8.0.0.2       98344 Bytes  25/09/2008 17:18:55
AVREG.DLL    : 8.0.0.1       33537 Bytes  09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23    307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.16    119041 Bytes  12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1    339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23    28929 Bytes  12/06/2008 12:49:40
NETNT.DLL    : 8.0.0.1       7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51    2371841 Bytes  12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0    86273 Bytes  27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Skipped files....................: C:\Windows\SoftwareDistribution\Datastore\Datastore.edb, C:\Windows\SoftwareDistribution\Datastore\Logs\Edb*.log, C:\Windows\SoftwareDistribution\Datastore\Logs\Edb.chk, C:\Windows\SoftwareDistribution\Datastore\Logs\Res1.log, C:\Windows\SoftwareDistribution\Datastore\Logs\Res2.log, C:\Windows\SoftwareDistribution\Datastore\Logs\Tmp.edb, C:\hiberfil.sys, C:\pagefile.sys, C:\Users\Hexaae\WinUAE\WinUAE files,
Expanded search settings.........: 0x00300922

Start of the scan: domenica 14 dicembre 2008  08:51

Starting search for hidden objects.
In the module 'AVARKT.DLL' an exception occured.
Calling the function ARK_Scan
Error description:ACCESS_VIOLATION
  EAX = 00009404  EBX = 050A0000
  ECX = 00000091  EDX = 050A0000
  ESI = 036B7000  EDI = 0366cfe0
  EIP = 776F8169  EBP = 0363EA2C
  ESP = 0363EA04  Flg = 00010206
  CS = 00000023 SS = 0000001B

End of the scan: domenica 14 dicembre 2008  09:42
Used time: 51:21 Minute(s)

The scan has been canceled!

   0 Scanning directories
   0 Files were scanned
   0 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes
569176 Objects were scanned with rootkit scan
   0 Hidden objects were found

显示全部楼层 · 发表于 2010-12-26 08:20:30

本帖最后由 hujiwa 于 2010-12-26 08:36 编辑

2楼：
Hi hexaae,

As a test please download Blacklight from here , does this complete or also freeze up on the same file?

I also edited out your personal info.

Regards
Barrie

3楼
In normal mode it completes. Should I test in /expert mode too? I used manual (deep) Rootkit scan with Antivir...

4楼
Hi hexaae,

This is strange, and yes I would scan using expert mode but please remember this will not only be a lot slower you might also get some alerts on non-malicious hidden items.

Regards
Barrie

5楼
I'm currently running again the Antivir Rootkit complete scan... maybe it was a sporadic case when that registry key was still in use?
After this, if it hangs again, I'll try Blacklite /expert... :S
PS
Of course you did notice this in my report:

In the module 'AVARKT.DLL' an exception occured.
Calling the function ARK_Scan
Error description:ACCESS_VIOLATION
EAX = 00009404 EBX = 050A0000
ECX = 00000091 EDX = 050A0000
ESI = 036B7000 EDI = 0366cfe0
EIP = 776F8169 EBP = 0363EA2C
ESP = 0363EA04 Flg = 00010206
CS = 00000023 SS = 0000001B

6楼
:cursing: Just hung exactly at the same point when scanning that registry entry! Timer goes on but there is no progress or HD activity and CPU after a sudden 100% has gone idle...

Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Skipped files....................: C:\Windows\SoftwareDistribution\Datastore\Datastore.edb, C:\Windows\SoftwareDistribution\Datastore\Logs\Edb*.log, C:\Windows\SoftwareDistribution\Datastore\Logs\Edb.chk, C:\Windows\SoftwareDistribution\Datastore\Logs\Res1.log, C:\Windows\SoftwareDistribution\Datastore\Logs\Res2.log, C:\Windows\SoftwareDistribution\Datastore\Logs\Tmp.edb, C:\hiberfil.sys, C:\pagefile.sys, C:\Users\Hexaae\WinUAE\WinUAE files,
Expanded search settings.........: 0x00300922

Start of the scan: lunedì 15 dicembre 2008 00:35

Starting search for hidden objects.
In the module 'AVARKT.DLL' an exception occured.
Calling the function ARK_Scan
Error description:ACCESS_VIOLATION
EAX = 00009404 EBX = 03E40000
ECX = 000000BD EDX = 03E40000
ESI = 04DA7000 EDI = 04d5cfe0
EIP = 77878169 EBP = 0343E930
ESP = 0343E908 Flg = 00010206
CS = 00000023 SS = 0000001B

7楼Hi hexaae,

I really can not explain this, but feel possibly a file has become corrupted or there is a conflict with other loaded security software like BOClean or some other. I feel the safest thing would be a reinstall and registry clean via these instructions.

Also it might be prudent to run HJT and post the log file here for us to see. There is a link to HJT in my signiture.

Regards
Barrie

8楼
Quoted from "Barrie"
Hi hexaae,

I really can not explain this, but feel possibly a file has become corrupted or there is a conflict with other loaded security software like BOClean or some other. I feel the safest thing would be a reinstall and registry clean via these instructions.

I don't use other security software.

I've run Blacklight /expert and the scan has been completed.
Notice that Antivir doesn't hang on a real file, but while analyzing the registry. As far as I can see Blacklight didn't check those registry entries...
It hangs when at this registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertySchema\InstalledSchemasCheckpoint

9楼
I've done some other testings (and scans) and I've finally found the origin of the problem!

With this option enabled Deviating archive types..........: +MS Outlook Mailbox and Windows Vista Mail open the 'AVARKT.DLL' fails with that ACCESS error.
Without Mail running plus Deviating archive types..........: +MS Outlook Mailbox check still enabled the scan completes without errors.

However I think that the Rootkit scan process should be more robust and simply skip an object if the access is denied... Hope you'll improve it.

Anyway, the problem has been found

10楼（moderator——原来英语版主是这么说的哈，10楼是版主）
Hi,
Thank you very much for your feed-back.
I performed two scans (one with MS Outlook scan activated and one with MS Outlook deactivated). Scan finished every time. Of course, Windows Mail was started.

11楼

                                                                                             Quoted from "Nicolae Moldoveanu"
                     Hi,
Thank you very much for your feed-back.
I performed two scans (one with MS Outlook scan activated and one with MS Outlook deactivated). Scan finished every time. Of course, Windows Mail was started.

And why does it fail for me? I use Vista with UAC on... Mail is set to automatically compress (= don't ask the user) its DB from time to time if I remember well...

12楼

Quoted from "Nicolae Moldoveanu"
I performed two scans (one with MS Outlook scan activated and one with MS Outlook deactivated). Scan finished every time. Of course, Windows Mail was started.

Did you try exactly with my own settings (see some posts before)? Maybe the bug has something to do with other settings AND Outlook check in Antivir...

13楼
News? Developers are investigating?

14楼
I re-tried a new scan: Antivir stopped as usual, but this time I then tried to quit Windows Mail on Vista, and it was stuck too while contacting news server! Have had to "Stop" the news downloading and finally quitted.

Once again Antivir log reports:

Starting search for hidden objects.
In the module 'AVARKT.DLL' an exception occured.
Calling the function ARK_Scan
Error description:ACCESS_VIOLATION
  EAX = 00009404  EBX = 02B20000
  ECX = 000000B5  EDX = 02B20000
  ESI = 02A07000  EDI = 029bcfe0
  EIP = 776A8169  EBP = 023CE918
  ESP = 023CE8F0  Flg = 00010206
  CS = 00000023 SS = 0000001B

@Nicolae
Do you have newsgroups configured for WM?

15楼（版主）
Hi,
I didn't configured news for Windows mail, just a plain POP3 account.
Please tell me the name of the process that crashes (it should be displayed in the Windows popup).
Also, please post here a HijackThis log.

16楼（楼主）

                                                                                             Quoted from "Nicolae Moldoveanu"
                     Hi,
I didn't configured news for Windows mail, just a plain POP3 account.
Please tell me the name of the process that crashes (it should be displayed in the Windows popup).
Also, please post here a HijackThis log.

There is no crash, nothing crashes. When I said "stopped" I meant was apparently hung and idle, sorry...
Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.57.08, on 20/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Hexaae\Util\Taskix1.5_32\Taskix32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CLCL\CLCL.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Hexaae\Util\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&;tp=iehome&locale=IT_IT&c=71&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&;tp=iehome&locale=IT_IT&c=71&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dcortes.net:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Taskix] C:\Users\Hexaae\Util\Taskix1.5_32\Taskix32.exe start
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: CLCL.lnk = C:\Program Files\CLCL\CLCL.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.micro ... l.cab?1202404399454
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags ... roductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) - http://dl8-cdn-01.sun.com/s/ESD5 ... e=1229137138886&;h=43a86bab80db488af248d360ed4f03c4/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf ... DownloadManager.ocx
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{315154F1-3B29-44BF-BC33-BAD5CBD0807F}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{315154F1-3B29-44BF-BC33-BAD5CBD0807F}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{315154F1-3B29-44BF-BC33-BAD5CBD0807F}: NameServer = 192.168.2.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\Windows\system32\brsvc01a.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

17楼（版主）
Hi,
Please disable Windows Defender: Control panel -> Windows Defender -> Tools -> Options -> untick "Use Real-Time Protection" and "Use Windows Defender".

18楼（楼主）

Quoted from "Nicolae Moldoveanu"
Hi,
Please disable Windows Defender: Control panel -> Windows Defender -> Tools -> Options -> untick "Use Real-Time Protection" and "Use Windows Defender".

With Windows Defender on and Windows Mail not running there is no problem... I doubt it has something to do with Defender, but I'll try...

19楼（楼主）
Hey! You were right!
With Defender disabled or just the option Advanced settings>Scan the contents of archived files and folders for potential threats disabled (see docs at http://technet.microsoft.com/en-us/library/cc722071.aspx ) even with Windows Mail running the Rootkit scan proceeds without errors!

I wonder now if Antivir programmers can investigate further to avoid this prob (after all was a standard Windows Vista config, I guess) or just warn the users...

20楼（版主）

Hi,
Thank you for your feedback. I'm glad the issue is solved now.

显示全部楼层 · 发表于 2010-12-26 08:31:40

hujiwa占楼备用~

显示全部楼层 · 发表于 2010-12-26 10:12:04

Win7系统建议要么直接使用MSE（包括WD），要么使用别的杀软（关闭WD），单开WD确实觉得有点鸡肋。

显示全部楼层 · 发表于 2010-12-26 10:30:57

windows defender还是关闭的好啊，不然每次自动更新还要下载病毒库。

显示全部楼层 · 发表于 2010-12-26 11:22:38

那个 windows defender 已经关闭了啊只不过那个好像是个别现象诶

显示全部楼层 · 发表于 2010-12-26 12:55:44

回复 6楼 594157544 的帖子

暂时不晓得了

[讨论] 594157544你的主题帖《扫描问题》的参考答案