[中毒] KAVO中毒清除..但avp.exe一直應用程式뼠…

看板AntiVirus (防毒)作者Monaludo (新警察)時間17年前 (2008/11/21 19:25)推噓4(4推 0噓 5→)

留言9則, 5人參與討論串1/1

大家好我用 Efix 4.93 掃過系統發現了 kavo 病毒並以經清掉了.. 但卡巴司基 8.0.0.254 (KAV2009) 一直出現 avp.exe 應用程式錯誤關閉又出現病毒碼資料過期訊息, 且不能更新病毒碼. 請教這是出了什麼問題? 有何應對方案修復? 我把Efix的 log 檔貼上.. http://kotuha.com/file/6swbL-LOG.html 4.93 2008-11-21 19:00:36.453 [CODE] EFIX 4.93 - BBXP 2008-11-21 19:03:29.57 - NTFS Microsoft Windows XP [版本 5.1.2600] - Service Pack 2 執行位置: C:\Documents and Settings\BBXP\桌面系統在 2008/11/21 星期五 19:02:12.04 重新啟動提示： "C:\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS" NOT FOUND. 未安裝安全性更新 KB958644 [MS08-067] ======================================================= EFix刪除的檔案列表: c:\1bg.cmd c:\autorun.inf c:\bn0.bat c:\windows\system32\j3ewro.exe c:\windows\system32\jwedsfdo0.dll c:\windows\system32\jwedsfdo1.dll c:\windows\system32\kxvo.exe c:\windows\system32\kxvo0.dll c:\windows\system32\kxvo1.dll e:\1bg.cmd e:\autorun.inf e:\bn0.bat e:\kk.bat ======================================================= EFix刪除的驅動服務列表: ....\SERVICE\AVPsys EFix刪除的登錄值列表: [HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] "jvsoft"=- [HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] "tasoft"=- 登錄值刪除前的值. "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN":jvsoft C:\WINDOWS\system32\j3ewro.exe "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN":tasoft C:\WINDOWS\system32\kxvo.exe ======================================================= EFix刪除的檔案備份位置列表: c:\1bg.cmd => C:\NEFix\backup\files\c\1bg.cmd c:\autorun.inf => C:\NEFix\backup\files\c\autorun.inf c:\bn0.bat => C:\NEFix\backup\files\c\bn0.bat c:\WINDOWS\system32\j3ewro.exe => C:\NEFix\backup\files\c\WINDOWS\system32\j3ewro.exe c:\WINDOWS\system32\jwedsfdo0.dll => C:\NEFix\backup\files\c\WINDOWS\system32\jwedsfdo0.dll c:\WINDOWS\system32\jwedsfdo1.dll => C:\NEFix\backup\files\c\WINDOWS\system32\jwedsfdo1.dll c:\WINDOWS\system32\kxvo.exe => C:\NEFix\backup\files\c\WINDOWS\system32\kxvo.exe c:\WINDOWS\system32\kxvo0.dll => C:\NEFix\backup\files\c\WINDOWS\system32\kxvo0.dll c:\WINDOWS\system32\kxvo1.dll => C:\NEFix\backup\files\c\WINDOWS\system32\kxvo1.dll e:\1bg.cmd => C:\NEFix\backup\files\e\1bg.cmd e:\autorun.inf => C:\NEFix\backup\files\e\autorun.inf e:\bn0.bat => C:\NEFix\backup\files\e\bn0.bat e:\kk.bat => C:\NEFix\backup\files\e\kk.bat ======================================================= 各磁碟根目錄含有隱藏和系統屬性的檔案 : --sha-w 7,168 2008-08-14 05:16:20 E:\Thumbs.db ======================================================= Created 2008-10 -- 2008-11 Files: NO Files. ======================================================= 執行中的程序: C:\WINDOWS\Explorer.EXE <Microsoft Corporation> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe <Kaspersky Lab> C:\WINDOWS\system32\wdfmgr.exe <Microsoft Corporation> C:\Program Files\UPHClean\uphclean.exe <Microsoft Corporation> C:\WINDOWS\system32\cmd.exe <Microsoft Corporation> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe <Macrovision Corporation> C:\WINDOWS\RTHDCPL.EXE <Realtek Semiconductor Corp.> C:\WINDOWS\SOUNDMAN.EXE <Realtek Semiconductor Corp.> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe <Kaspersky Lab> C:\WINDOWS\System32\alg.exe <Microsoft Corporation> ======================================================= HOSTS: Hosts Path: C:\WINDOWS\System32\drivers\etc\hosts 登錄值列表 *** 注意 : 部分正常值不會顯示 *** [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "APPINIT_DLLS"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920] "RTHDCPL"=RTHDCPL.EXE [2008-07-23 16:51 16804864 C:\WINDOWS\RTHDCPL.exe] "SoundMan"=SOUNDMAN.EXE [2008-06-18 18:01 77824 C:\WINDOWS\SoundMan.exe] "AlcWzrd"=ALCWZRD.EXE [2008-06-19 16:42 2808832 C:\WINDOWS\alcwzrd.exe] "Alcmtr"=ALCMTR.EXE [2008-06-19 16:20 57344 C:\WINDOWS\Alcmtr.exe] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 20:20 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] . 2008-07-29 20:21 62728 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll MD5: 453888766da789f18fbbf5b20e4bc17f 2004-08-04 20:00 976896 C:\WINDOWS\explorer.exe MD5: f3a20a3c6a4df7fe038f4cca70080b10 2004-08-04 20:00 23552 C:\WINDOWS\system32\userinit.exe 沒有數位簽章的系統檔案 MD5: bd8686216e34e22c4ed45a2320b2bea1 2006-09-19 15:30 360576 C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS <Microsoft Corporation> C:\Documents and Settings\BBXP\「開始」功能表\程式集\啟動\ GIGABYTE VGA Utility.lnk - C:\Documents and Settings\BBXP\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2008-11-21 08:39:04 40960] C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\ ComproRemote.lnk - C:\Program Files\Common Files\VideoMate\ComproRemote.exe [2008-11-21 08:54:33 151552] ComproSchedulerDTV.lnk - C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe [2008-11-21 08:54:33 77824] 服務 \ 驅動列表: 顯示方式 : 啟動狀態服務名稱;顯示名稱;檔案名稱啟動狀態 : S0 = Boot Start S1 = System Start S2 = Auto Start S3 = Manual Start S4 = Disable S9 = Unknow S0 klbg;Kaspersky Lab Boot Guard Driver;"C:\WINDOWS\SYSTEM32\drivers\klbg.sys" [2008-01-29 18:29 32784] S3 klim5;Kaspersky Anti-Virus NDIS Filter;"C:\WINDOWS\SYSTEM32\DRIVERS\klim5.sys" [2008-04-30 18:06 24592] ======================================================= catchme 0.3.1361 W2K/XP/Vista - userland rootkit detector by Gmer, hxxp://www.gmer.net 掃描被隱藏的檔案：掃描被隱藏的程序：掃描被隱藏的啟動模組：被隱藏的檔案數量：0 . ======================================================= 磁碟空間 C: - 58,447,609,856 位元組可用磁碟空間 E: - 8,189,734,912 位元組可用掃描結束時間: 2008-11-21 19:04:19.67 [/CODE] -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 220.139.46.97