瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】我中了Trojan-Downloader.Win32.QQHelper请大家帮忙,内有日志

1   1  /  1  页   跳转

【求助】我中了Trojan-Downloader.Win32.QQHelper请大家帮忙,内有日志

收藏
magisty
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-02 02:56 | 显示全部 短消息 资料
字号: 1楼

【求助】我中了Trojan-Downloader.Win32.QQHelper请大家帮忙,内有日志

我的情况和这位朋友一样

http://forum.ikaka.com/topic.asp?board=28&artid=8159268

都是用的kav6,也都是要去从这个网站下载文件

http://pc.3yyy.cn/down/v3.gif/PE_Patch.PECompact/PecBundle/PECompact

一般都是每次使用右键点一个文件或者我的电脑,网络邻居什么的kav就会报警
最后编辑2006-09-02 03:25:16
分享到:
gototop
 
magisty
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-02 02:57 | 显示全部 短消息 资料
字号: 2楼

2006-09-02,02:34:33

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide>  []
    <AtiTrayTools><"C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.exe">  [Ray Adams]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <AtiPTA><atiptaxx.exe>  [ATI Technologies, Inc.]
    <NVMixerTray><"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe">  [NVIDIA Corporation]
    <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <ANetFox ADClean><"D:\Program Files\Windows 流氓软件清理大师\clean.exe" /autokill:156>  [ANetfox]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><LogonUI.EXE>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    <WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  [ATI Technologies Inc.]

==================================
启动文件夹
[Logitech SetPoint]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech SetPoint.lnk><N>
[cfosspeed]
  <C:\Documents and Settings\mMiFx\「开始」菜单\程序\启动\cfosspeed.lnk><N>
[CoreCenter]
  <C:\Documents and Settings\mMiFx\「开始」菜单\程序\启动\CoreCenter.lnk><N>
gototop
 
magisty
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-02 02:58 | 显示全部 短消息 资料
字号: 3楼

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[卡巴斯基反病毒软件6.0 / AVP]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[cFosSpeed System Service / cFosSpeedS]
  <"C:\Program Files\cFosSpeed\spd.exe" -service><cFos Software GmbH>
[Diskeeper / Diskeeper]
  <"D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[StyleXPService / StyleXPService]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>


==================================
浏览器加载项
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <d:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTPlugi1.ocx, Apple Computer, Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[WordReferenceEnIt]
  {5776A2BC-D803-47F6-9DC0-8344DB8D604C} <d:\Program Files\WordReferenceEnIt\wordreferenceEnIt.dll, N/A>
[MSIDev Control]
  {5B693D57-8C39-4FB8-9407-25C481620165} <C:\PROGRA~1\MSI\Live Update 3\MSIDev.ocx, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0\bin\ssv.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\flash\flash8.ocx, Macromedia, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[上传到QQ网络硬盘]
  <, N/A>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[添加到QQ自定义面板]
  <, N/A>
[添加到QQ表情]
  <, N/A>
[用比特精灵下载(&B)]
  <D:\Program Files\BitSpirit\bsurl.htm, N/A>
gototop
 
magisty
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-02 03:02 | 显示全部 短消息 资料
字号: 4楼

正在运行的进程
[PID: 620][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 732][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <ATI Technologies Inc.><6.14.10.4132>
[PID: 780][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 960][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4132>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2500>
[PID: 984][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1080][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1156][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1188][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe]  <><0, 20, 0, 3000>
[PID: 1316][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1352][C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe]  <Autodesk, Inc.><2.51.000>
[PID: 1400][C:\Program Files\cFosSpeed\spd.exe]  <cFos Software GmbH><3.00.1103>
[PID: 1428][D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe]  <Diskeeper Corporation><10.0.593.0>
    [D:\Program Files\Diskeeper Corporation\Diskeeper\DkLib.dll]  <Diskeeper Corporation><10.0.593.0>
    [D:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll]  <Diskeeper? Corporation.><1.0.37.0>
    [D:\Program Files\Diskeeper Corporation\Diskeeper\GetFATExtents.dll]  <Diskeeper Corporation><10.0.593.0>
    [D:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll]  <Diskeeper Corporation><10.0.593.0>
    [D:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll]  <Diskeeper Corporation><10.0.593.0>
[PID: 1912][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4132>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2500>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
[PID: 2024][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\mp3infp.dll]  <win32lab.com><2.52.4.0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
    [d:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll]  <Kaspersky Lab><6.0.0.299>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
    [C:\WINDOWS\system32\WmShell.dll]  <KillSoft><1.0.0.1>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\attext.dll]  <Ray Adams><1, 0, 0, 1>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  <Kaspersky Lab><6.0.0.299>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  <Kaspersky Lab><6.0.0.299>
[PID: 448][C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe]  <NVIDIA Corporation><1.0.451>
    [C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerENU.dll]  <NVIDIA Corporation><1.0.451>
    [C:\Program Files\Common Files\NVIDIA Shared\Audio\NVAudioMod.dll]  <NVIDIA Corporation><1.0.451>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
gototop
 
magisty
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-02 03:04 | 显示全部 短消息 资料
字号: 5楼

[PID: 484][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
[PID: 512][C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.exe]  <Ray Adams><1.0.5.880>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\support.dll]  <N/A><N/A>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\attsio.dll]  <OverSoft Team><1.0.0.22>
    [C:\WINDOWS\system32\atipdlxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2498>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\kbdhook.dll]  <N/A><N/A>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\plugins\cpuload.dll]  <N/A><N/A>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\plugins\hddtemp.dll]  <N/A><N/A>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\plugins\pciset.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
[PID: 568][C:\Program Files\Logitech\SetPoint\SetPoint.exe]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
    [C:\WINDOWS\system32\KemXML.dll]  <Logitech Inc.><2.60.590>
    [C:\WINDOWS\system32\kemutb.dll]  <Logitech Inc.><2.60.590>
    [C:\WINDOWS\system32\KemUtil.dll]  <Logitech Inc.><2.60.590>
    [C:\WINDOWS\system32\KemWnd.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\SetPointCOM.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\IMHook.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Common Files\Logitech\KhalShared\KhalApi.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\kgame.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\LCabHandler.dll]  <Logitech Inc.><2.60.590>
[PID: 320][C:\Program Files\cFosSpeed\cfosspeed.exe]  <cFos Software GmbH><3.00.1103>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
[PID: 676][D:\Program Files\MSI\Core Center\CoreCenter.exe]  <><1, 7, 3, 0>
    [D:\Program Files\MSI\Core Center\GLM7X.dll]  <MICRO-STAR INT'L CO., LTD.><3, 0, 0, 0>
    [D:\Program Files\MSI\Core Center\RushTop.dll]  <N/A><N/A>
    [C:\WINDOWS\ntuneoem.dll]  <NVIDIA><2.05.09>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
[PID: 2584][C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE]  <Logitech Inc.><2.60.570>
    [C:\Program Files\Common Files\Logitech\KhalShared\KHALAPI.DLL]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Common Files\Logitech\KhalShared\KHALITCH.DLL]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Common Files\Logitech\KhalShared\KHALMW.DLL]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Common Files\Logitech\KhalShared\KHALHPP.DLL]  <Logitech Inc.><2.60.590>
[PID: 2948][D:\Program Files\Maxthon\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 6, 42>
    [D:\Program Files\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
    [D:\Program Files\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  <Kaspersky Lab><1.0.6.299>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  <Kaspersky Lab><6.0.0.299>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  <Kaspersky Lab><6.0.0.299>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  <Kaspersky Lab><6.0.0.299>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  <Kaspersky Lab><6.0.0.304>
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  <Kaspersky Lab><6.0.0.299>
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  <Kaspersky Lab><6.0.0.299>
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  <Kaspersky Lab><6.0.0.299>
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  <Kaspersky Lab><6.0.0.299>
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  <Kaspersky Lab><6.0.0.299>
    [C:\WINDOWS\system32\Macromed\flash\flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 2304][D:\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll]  <N/A><N/A>
    [C:\Program Files\Logitech\SetPoint\GameHook.dll]  <Logitech Inc.><2.60.590>
    [C:\Program Files\Logitech\SetPoint\lgscroll.dll]  <Logitech Inc.><2.60.590>
    [D:\SREng2\Plugins\SREngPluginDemo.SRE]  <Smallfrogs Studio><1, 1, 1, 0>
gototop
 
magisty
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-02 03:16 | 显示全部 短消息 资料
字号: 6楼

谢谢楼上的这么晚还能来帮忙。

Remote Packet Capture Protocol v.0 (experimental) / rpcapd,WinLogon / WinLogon

这3个服务我很早以前就把病毒文件都删了,服务也设置了禁止,只是没把服务本身删除。
没想到SREng2把这些都列出来了
gototop
 
magisty
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-02 03:18 | 显示全部 短消息 资料
字号: 7楼

eh..请问还需要哪些日志?
gototop
 
magisty
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-02 03:27 | 显示全部 短消息 资料
字号: 8楼

我真的早就把这3个服务的病毒文件都删了的...以前没用过SREng2

觉得赵注册表删除服务太麻烦,病毒文件没了后就直接把服务禁用了
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT