[推荐下载] 德国优秀免费杀毒软件----Antivir(小红伞)

谢谢兄弟！

真不知用哪个好了

现在用的“捷克杀”感觉还不错

[quoteid]42956[/quoteid]

捷克杀杀马不错哦！

说明书真详细啊!

[quoteid]43188[/quoteid]

装好了不用怎么设的。放那里给它自动升级就行了。

AntiVir PersonalEdition Classic
Report file date: 2007年2月4日  16:27

Scanning for 662599 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         new
Computer name:    3146BC00CD994C9

Version information:
BUILD.DAT    : 217           12749 Bytes   2006-12-5 17:00:00
AVSCAN.EXE   : 7.0.3.5      208936 Bytes    2007-2-4 08:18:48
AVSCAN.DLL   : 7.0.3.1       35880 Bytes   2006-12-5 09:00:24
LUKE.DLL     : 7.0.3.2      143400 Bytes  2006-10-31 09:07:48
LUKERES.DLL  : 7.0.2.0        9256 Bytes   2006-12-5 09:00:24
ANTIVIR0.VDF : 6.35.0.1    7371264 Bytes   2006-5-31 08:30:08
ANTIVIR1.VDF : 6.37.0.153  3131392 Bytes   2007-1-12 08:18:50
ANTIVIR2.VDF : 6.37.0.235   374784 Bytes   2007-1-29 08:18:50
ANTIVIR3.VDF : 6.37.1.27    108544 Bytes    2007-2-2 08:18:50
AVEWIN32.DLL : 7.3.1.34    2290176 Bytes    2007-2-4 08:18:50
AVPREF.DLL   : 7.0.2.0       23592 Bytes   2006-11-3 03:53:46
AVREP.DLL    : 6.37.1.1    1105960 Bytes    2007-2-4 08:18:50
AVRPBASE.DLL : 7.0.0.0     2162728 Bytes   2006-3-30 01:43:32
AVPACK32.DLL : 7.2.0.5      368680 Bytes  2006-10-23 08:21:32
AVREG.DLL    : 7.0.1.2       30760 Bytes    2007-2-4 08:18:48
NETNT.DLL    : No Information!
RCIMAGE.DLL  : 7.0.1.3     2097192 Bytes   2006-11-8 05:26:28
RCTEXT.DLL   : 7.0.12.1      77864 Bytes   2006-12-5 09:00:22

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00007000

Start of the scan: 2007年2月4日  16:27

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'iexplore.exe' - '1' Modules have been scanned
Scan process 'wuauclt.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'wdfmgr.exe' - '1' Modules have been scanned
Scan process 'nvsvc32.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'RUNDLL32.EXE' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'daemon.exe' - '1' Modules have been scanned
Scan process 'RUNDLL32.EXE' - '1' Modules have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'EXPLORER.EXE' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'LSASS.EXE' - '1' Modules have been scanned
Scan process 'SERVICES.EXE' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
27 processes with 27 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!
Boot sector 'E:\'
      [NOTE]      No virus was found!
Boot sector 'F:\'
      [NOTE]      No virus was found!
Boot sector 'A:\'
      [NOTE]      In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( 14 files ).

Starting the file scan:

Begin scan in 'C:\' <WINXP>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\Program Files\装机人员工具\UPIEA(IE插件屏蔽) 2005 SP2 正式版.exe
      [DETECTION] Is the Trojan horse TR/Drop.Basim.C
      [INFO]      The file was moved to '460e9c3f.qua'!
C:\Program Files\Tencent\QQ\QQexternal.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQPass.PC.1
      [INFO]      The file was moved to '462a9dfd.qua'!
C:\Program Files\KuGoo3\kugou_cns.exe
      [DETECTION] Is the Trojan horse TR/Drop.Ag.187906.B
      [INFO]      The file was moved to '462c9e59.qua'!
C:\Program Files\KuGoo3\EbayShop.exe
  [0] Archive type: RAR SFX (self extracting)
  --> EbayShop\EbayShopSetup.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '46269e4c.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP26\A0007862.exe
  [0] Archive type: ZIP SFX (self extracting)
  --> KUGOU_CNS.EXE
      [DETECTION] Is the Trojan horse TR/Drop.Ag.187906.B
    --> EBAYSHOP.EXE
      [1] Archive type: RAR SFX (self extracting)
      --> EbayShop\EbayShopSetup.exe
          [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '45f59e31.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP29\A0010326.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agen.rs.2.A
      [INFO]      The file was moved to '45f59e49.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP29\A0010337.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agen.rs.2.A
      [INFO]      The file was moved to '45f59e4c.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP37\A0016658.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Baido
      [INFO]      The file was moved to '45f59e7a.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP37\A0016659.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Baido
      [INFO]      The file was moved to '45f59e7e.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP38\A0017344.exe
      [DETECTION] Is the Trojan horse TR/Drop.Basim.C
      [INFO]      The file was moved to '45f59e9f.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP38\A0017345.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQPass.PC.1
      [INFO]      The file was moved to '45f59ea3.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP38\A0017346.exe
      [DETECTION] Is the Trojan horse TR/Drop.Ag.187906.B
      [INFO]      The file was moved to '45f59ea6.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP38\A0017347.exe
  [0] Archive type: RAR SFX (self extracting)
  --> EbayShop\EbayShopSetup.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '45f59ea9.qua'!
Begin scan in 'D:\' <ENTER>
Begin scan in 'E:\' <VIDEO>
Begin scan in 'F:\' <DOCUMENTS>
Begin scan in 'A:\'
The path A:\ could not be found!
设备未就绪。

Begin scan in 'G:\'
The path G:\ could not be found!
设备未就绪。

Begin scan in 'H:\'
The path H:\ could not be found!
设备未就绪。

End of the scan: 2007年2月4日  17:01
Used time: 33:49 min

The scan has been done completely.

   3069 Scanning directories
 102198 Files were scanned
     14 viruses and/or unwanted programs were found
      0 files were deleted
      0 files were repaired
     13 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 102184 Files not concerned
   1136 Archives were scanned
      2 Warnings
      4 Notes

[quoteid]43216[/quoteid]

当然，损坏的电缆已修好了！

EbayShop\EbayShopSetup.exe

把eBay这玩意儿给纠出来了。

[quoteid]43225[/quoteid]

eBay的安装文件：Contains suspicious code HEUR/Malware

里面含有可疑代码，已被红伞的启发给发现了。

Begin scan in 'C:\' <WINXP>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\Program Files\装机人员工具\UPIEA(IE插件屏蔽) 2005 SP2 正式版.exe
      [DETECTION] Is the Trojan horse TR/Drop.Basim.C
      [INFO]      The file was moved to '460e9c3f.qua'!
C:\Program Files\Tencent\QQ\QQexternal.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQPass.PC.1
      [INFO]      The file was moved to '462a9dfd.qua'!
C:\Program Files\KuGoo3\kugou_cns.exe
      [DETECTION] Is the Trojan horse TR/Drop.Ag.187906.B
      [INFO]      The file was moved to '462c9e59.qua'!
C:\Program Files\KuGoo3\EbayShop.exe
  [0] Archive type: RAR SFX (self extracting)
  --> EbayShop\EbayShopSetup.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '46269e4c.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP26\A0007862.exe
  [0] Archive type: ZIP SFX (self extracting)
  --> KUGOU_CNS.EXE
      [DETECTION] Is the Trojan horse TR/Drop.Ag.187906.B
    --> EBAYSHOP.EXE
      [1] Archive type: RAR SFX (self extracting)
      --> EbayShop\EbayShopSetup.exe
          [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '45f59e31.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP29\A0010326.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agen.rs.2.A
      [INFO]      The file was moved to '45f59e49.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP29\A0010337.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agen.rs.2.A
      [INFO]      The file was moved to '45f59e4c.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP37\A0016658.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Baido
      [INFO]      The file was moved to '45f59e7a.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP37\A0016659.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Baido
      [INFO]      The file was moved to '45f59e7e.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP38\A0017344.exe
      [DETECTION] Is the Trojan horse TR/Drop.Basim.C
      [INFO]      The file was moved to '45f59e9f.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP38\A0017345.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQPass.PC.1
      [INFO]      The file was moved to '45f59ea3.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP38\A0017346.exe
      [DETECTION] Is the Trojan horse TR/Drop.Ag.187906.B
      [INFO]      The file was moved to '45f59ea6.qua'!
C:\System Volume Information\_restore{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP38\A0017347.exe
  [0] Archive type: RAR SFX (self extracting)
  --> EbayShop\EbayShopSetup.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '45f59ea9.qua'!

-----------------------------------------------------------

这是红伞发现的一些可疑程序。当然，其中也有误报。

象这一条:

C:\Program Files\装机人员工具\UPIEA(IE插件屏蔽) 2005 SP2 正式版.exe
      [DETECTION] Is the Trojan horse TR/Drop.Basim.C
      [INFO]      The file was moved to '460e9c3f.qua'!

就是误报。不过呢，Upiea这个软件虽然不是木马或是病毒，但它还是带有后门的倾向。

Upiea是个不错的软件，我也用它的。

怎么把误报的重新搞出来啊?