【求助】我中了Trojan-Downloader.Win32.QQHelper请大家帮忙，内有日志 bbs.ikaka.com

magisty - 2006-9-2 2:56:00

我的情况和这位朋友一样

http://forum.ikaka.com/topic.asp?board=28&artid=8159268

都是用的kav6，也都是要去从这个网站下载文件

http://pc.3yyy.cn/down/v3.gif/PE_Patch.PECompact/PecBundle/PECompact

一般都是每次使用右键点一个文件或者我的电脑，网络邻居什么的kav就会报警

magisty - 2006-9-2 2:57:00

2006-09-02,02:34:33

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> []
<AtiTrayTools><"C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.exe"> [Ray Adams]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<AtiPTA><atiptaxx.exe> [ATI Technologies, Inc.]
<NVMixerTray><"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation]
<kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<ANetFox ADClean><"D:\Program Files\Windows 流氓软件清理大师\clean.exe" /autokill:156> [ANetfox]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><LogonUI.EXE> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]

==================================
启动文件夹
[Logitech SetPoint]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech SetPoint.lnk><N>
[cfosspeed]
<C:\Documents and Settings\mMiFx\「开始」菜单\程序\启动\cfosspeed.lnk><N>
[CoreCenter]
<C:\Documents and Settings\mMiFx\「开始」菜单\程序\启动\CoreCenter.lnk><N>

magisty - 2006-9-2 2:58:00

==================================
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[卡巴斯基反病毒软件6.0 / AVP]
<"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[cFosSpeed System Service / cFosSpeedS]
<"C:\Program Files\cFosSpeed\spd.exe" -service><cFos Software GmbH>
[Diskeeper / Diskeeper]
<"D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[StyleXPService / StyleXPService]
<"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>

==================================
浏览器加载项
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <d:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTPlugi1.ocx, Apple Computer, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[WordReferenceEnIt]
{5776A2BC-D803-47F6-9DC0-8344DB8D604C} <d:\Program Files\WordReferenceEnIt\wordreferenceEnIt.dll, N/A>
[MSIDev Control]
{5B693D57-8C39-4FB8-9407-25C481620165} <C:\PROGRA~1\MSI\Live Update 3\MSIDev.ocx, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0\bin\ssv.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\flash\flash8.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[上传到QQ网络硬盘]
<, N/A>
[使用网际快车下载]
<D:\Program Files\FlashGet\jc_link.htm, N/A>
[添加到QQ自定义面板]
<, N/A>
[添加到QQ表情]
<, N/A>
[用比特精灵下载(&B)]
<D:\Program Files\BitSpirit\bsurl.htm, N/A>

magisty - 2006-9-2 3:02:00

正在运行的进程
[PID: 620][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 732][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4132>
[PID: 780][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 960][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4132>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2500>
[PID: 984][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1080][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1156][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1188][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe] <><0, 20, 0, 3000>
[PID: 1316][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1352][C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe] <Autodesk, Inc.><2.51.000>
[PID: 1400][C:\Program Files\cFosSpeed\spd.exe] <cFos Software GmbH><3.00.1103>
[PID: 1428][D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe] <Diskeeper Corporation><10.0.593.0>
[D:\Program Files\Diskeeper Corporation\Diskeeper\DkLib.dll] <Diskeeper Corporation><10.0.593.0>
[D:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll] <Diskeeper? Corporation.><1.0.37.0>
[D:\Program Files\Diskeeper Corporation\Diskeeper\GetFATExtents.dll] <Diskeeper Corporation><10.0.593.0>
[D:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll] <Diskeeper Corporation><10.0.593.0>
[D:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll] <Diskeeper Corporation><10.0.593.0>
[PID: 1912][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4132>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2500>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[PID: 2024][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.4.0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[d:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[C:\WINDOWS\system32\WmShell.dll] <KillSoft><1.0.0.1>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\attext.dll] <Ray Adams><1, 0, 0, 1>
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] <Kaspersky Lab><6.0.0.299>
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] <Kaspersky Lab><6.0.0.299>
[PID: 448][C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe] <NVIDIA Corporation><1.0.451>
[C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerENU.dll] <NVIDIA Corporation><1.0.451>
[C:\Program Files\Common Files\NVIDIA Shared\Audio\NVAudioMod.dll] <NVIDIA Corporation><1.0.451>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>

magisty - 2006-9-2 3:04:00

[PID: 484][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[PID: 512][C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.exe] <Ray Adams><1.0.5.880>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\support.dll] <N/A><N/A>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\attsio.dll] <OverSoft Team><1.0.0.22>
[C:\WINDOWS\system32\atipdlxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2498>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\kbdhook.dll] <N/A><N/A>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\plugins\cpuload.dll] <N/A><N/A>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\plugins\hddtemp.dll] <N/A><N/A>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\plugins\pciset.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[PID: 568][C:\Program Files\Logitech\SetPoint\SetPoint.exe] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[C:\WINDOWS\system32\KemXML.dll] <Logitech Inc.><2.60.590>
[C:\WINDOWS\system32\kemutb.dll] <Logitech Inc.><2.60.590>
[C:\WINDOWS\system32\KemUtil.dll] <Logitech Inc.><2.60.590>
[C:\WINDOWS\system32\KemWnd.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\SetPointCOM.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\IMHook.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Common Files\Logitech\KhalShared\KhalApi.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\kgame.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\LCabHandler.dll] <Logitech Inc.><2.60.590>
[PID: 320][C:\Program Files\cFosSpeed\cfosspeed.exe] <cFos Software GmbH><3.00.1103>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[PID: 676][D:\Program Files\MSI\Core Center\CoreCenter.exe] <><1, 7, 3, 0>
[D:\Program Files\MSI\Core Center\GLM7X.dll] <MICRO-STAR INT'L CO., LTD.><3, 0, 0, 0>
[D:\Program Files\MSI\Core Center\RushTop.dll] <N/A><N/A>
[C:\WINDOWS\ntuneoem.dll] <NVIDIA><2.05.09>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[PID: 2584][C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE] <Logitech Inc.><2.60.570>
[C:\Program Files\Common Files\Logitech\KhalShared\KHALAPI.DLL] <Logitech Inc.><2.60.590>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Common Files\Logitech\KhalShared\KHALITCH.DLL] <Logitech Inc.><2.60.590>
[C:\Program Files\Common Files\Logitech\KhalShared\KHALMW.DLL] <Logitech Inc.><2.60.590>
[C:\Program Files\Common Files\Logitech\KhalShared\KHALHPP.DLL] <Logitech Inc.><2.60.590>
[PID: 2948][D:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 6, 42>
[D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] <Kaspersky Lab><1.0.6.299>
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] <Kaspersky Lab><6.0.0.299>
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] <Kaspersky Lab><6.0.0.299>
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] <Kaspersky Lab><6.0.0.299>
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] <Kaspersky Lab><6.0.0.304>
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] <Kaspersky Lab><6.0.0.299>
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] <Kaspersky Lab><6.0.0.299>
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] <Kaspersky Lab><6.0.0.299>
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] <Kaspersky Lab><6.0.0.299>
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] <Kaspersky Lab><6.0.0.299>
[C:\WINDOWS\system32\Macromed\flash\flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 2304][D:\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\raphook.dll] <N/A><N/A>
[C:\Program Files\Logitech\SetPoint\GameHook.dll] <Logitech Inc.><2.60.590>
[C:\Program Files\Logitech\SetPoint\lgscroll.dll] <Logitech Inc.><2.60.590>
[D:\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>

westbeck - 2006-9-2 3:11:00

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Remote Packet Capture Protocol v.0 (experimental) / rpcapd,WinLogon / WinLogon选择“删除服务”点“设置”选择“否”(注:一个逗号隔开的是一个病毒服务名,注意看,别删漏了)
显示隐藏文件删除:
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\WinPcap\rpcapd.ini
C:\WINDOWS\winnt.exe

westbeck - 2006-9-2 3:11:00

日志不全...
清空IE临时文件

magisty - 2006-9-2 3:16:00

谢谢楼上的这么晚还能来帮忙。

Remote Packet Capture Protocol v.0 (experimental) / rpcapd,WinLogon / WinLogon

这3个服务我很早以前就把病毒文件都删了，服务也设置了禁止，只是没把服务本身删除。
没想到SREng2把这些都列出来了

magisty - 2006-9-2 3:18:00

eh..请问还需要哪些日志?

westbeck - 2006-9-2 3:21:00

你只把服务禁了,没删文件当然没用的

magisty - 2006-9-2 3:27:00

我真的早就把这3个服务的病毒文件都删了的...以前没用过SREng2

觉得赵注册表删除服务太麻烦,病毒文件没了后就直接把服务禁用了

westbeck - 2006-9-2 3:33:00

病毒路径

瑞星卡卡安全论坛