机器狗打败卡卡狮?瑞星监控变红伞
endurer 原创 2008-02-23 第1版 前天,一位网友求助,说他的电脑可能中了病毒,瑞星监控绿伞变成红伞了,系统反应很慢,请偶帮忙检修~ 下载 pe_xscan 扫描log 发现如下可疑项(进程模块部分有省略): /=== pe_xscan 08-02-19 by Purple Endurer [System Process] * 0 O11 - IE扩展选项组:TBH (中文搜搜) = O20 - AppInit_DLLs = bauhgnem.dll,eohsom.dll,fyom.dll,sauhad.dll, O23 - 服务: ATI2HDDSRV (ATI2HDDSRV) - C:\WINDOWS\SYSTEM32\DRIVERS\ATI32SRV.SYS (手动) O24 - SHLEXECHOOK: [MICROSOFT] - {45AADFAA-DD36-42AB-83AD-0521BBF58C24} = C:\WINDOWS\SYSTEM32\ZJYDCX.DLL O26 - IFEO: 360rpt.exe -> ntsd -d ===/ 从 pe_xscan 的 log 中 O23 - 服务: DEEPFREE UPDATE (DEEPFREE UPDATE) - C:\WINDOWS\SYSTEM32\DRIVERS\PCIHDD2.SYS (手动) 我们可以确定网友的电脑中了机器狗。 而且这份 log 的大部分项目与 输入密码登录系统后又自动注销?原来是机器狗惹的祸1 中 pe_xscan 扫描的 log 相同。 由于网络不太稳定(在检修过程中网络就了几次断开),所以还是让网友到瑞星网站下载机器狗专杀工具,并下载 DrWeb CureIt!来扫描,扫荡出4000多个病毒,其中大部分是在windows和IE临时文件夹中。 接下来打开注册表编辑器,删除 O26 - IFEO: Ras.exe -> ntsd -d 对应的注册表项。 这样我们就可以启动瑞星卡卡安全助手了。 用WinRAR 删除Windows临时文件夹,IE临时文件夹,d:\windows\prefetch 中可以删除的文件。 手动升级瑞星,重启电脑~ 瑞星监控恢复成绿伞了,再全面扫描一下……
2008-2-21 17:40:52
Windows XP Service Pack 2(5.1.2600)
管理员用户组
正常模式
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\ATGNEHZ.DLL | 2008-2-21 14:9:54
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\PAHZIJ.DLL | 2008-2-21 14:13:22
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\OAIJIHZEUYOUHZ.DLL | 2008-2-21 14:13:18
C:\WINDOWS\SYSTEM32\JEMNAW.DLL | 2008-2-21 14:13:28
C:\WINDOWS\SYSTEM32\LAIXUHZ.DLL | 2008-2-21 14:13:8
C:\WINDOWS\SYSTEM32\XJXR.DLL | 2008-2-21 14:11:10
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\ZADNEW.DLL | 2008-2-21 14:12:54
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\QLIHZOUHGNFE.DLL | 2008-2-21 14:12:50
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\QVBHOTYWOW.DLL | 2008-2-21 14:11:18 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:\WINDOWS\SYSTEM32\SGREFG.DLL | 2008-2-21 14:13:30
C:\WINDOWS\SYSTEM32\DBGHLP32.DLL | 2008-2-21 14:12:26
C:\WINDOWS\SYSTEM32\NVDISPDRV.DLL | 2008-2-21 14:12:18
C:\WINDOWS\SYSTEM32\HDDGUARD.DLL | 2008-2-21 14:9:34
C:\WINDOWS\SYSTEM32\SHAPROC.DLL | 2008-2-21 14:3:20
C:\WINDOWS\SYSTEM32\WINLOGON.EXE* 532 | 2006-12-14 6:29:30 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\SERVICES.EXE* 580 | 2006-12-14 6:29:30 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | services.exe | services.exe
C:\WINDOWS\SYSTEM32\LYMANGR.DLL | 2008-2-21 14:9:50
C:\WINDOWS\SYSTEM32\SVCHOST.EXE* 740 | 2006-12-14 6:29:30 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:\WINDOWS\SYSTEM32\SHAPROC.DLL | 2008-2-21 14:3:20
C:\WINDOWS\XWLQVVVV.DLL | 2008-2-21 14:3:8
C:\WINDOWS\SYSTEM32\HDDGUARD.DLL | 2008-2-21 14:9:34
C:\WINDOWS\WQVVICYG.DLL | 2008-2-21 14:9:52
C:\WINDOWS\SYSTEM32\QVBHOTYWOW.DLL | 2008-2-21 14:11:18 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:\WINDOWS\SYSTEM32\NVDISPDRV.DLL | 2008-2-21 14:12:18
C:\WINDOWS\SYSTEM32\DBGHLP32.DLL | 2008-2-21 14:12:26
C:\WINDOWS\SYSTEM32\SGREFG.DLL | 2008-2-21 14:13:30
C:\WINDOWS\SYSTEM32\USERINIT.EXE* 1348 | 2006-12-14 6:29:30
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\HDDGUARD.DLL | 2008-2-21 14:9:34
C:\WINDOWS\EXPLORER.EXE* 1428 | 2007-6-13 21:21:56 | Microsoft(R) Windows(R) Operating System | 6.00.2900.3156 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\XWLQVVVV.DLL | 2008-2-21 14:3:8
C:\WINDOWS\YYNRMFCH.DLL | 2008-2-21 14:3:8
C:\WINDOWS\SYSTEM32\SHAPROC.DLL | 2008-2-21 14:3:20
C:\WINDOWS\SYSTEM32\HDDGUARD.DLL | 2008-2-21 14:9:34
C:\WINDOWS\WQVVICYG.DLL | 2008-2-21 14:9:52
C:\WINDOWS\SYSTEM32\QVBHOTYWOW.DLL | 2008-2-21 14:11:18 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:\WINDOWS\SYSTEM32\NVDISPDRV.DLL | 2008-2-21 14:12:18
C:\WINDOWS\SYSTEM32\DBGHLP32.DLL | 2008-2-21 14:12:26
C:\WINDOWS\SYSTEM32\ZADNEW.DLL | 2008-2-21 14:12:54
C:\WINDOWS\SYSTEM32\SGREFG.DLL | 2008-2-21 14:13:30
C:\WINDOWS\TATZCYGYA.EXE * 224 | 2008-2-6 17:6:26
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\XWLQVVVV.DLL | 2008-2-21 14:3:8
C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE* 900 | 2007-12-22 19:3:8 | Rising Antivirus 2008 | 20.00 | RavTimer | Rising Corp.All rights reserved. | 20.0.0.22 | Beijing Rising Technology Co., Ltd.| ? | Beijing Rising Technology Co., Ltd. | RavTask.exe
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\SHAPROC.DLL | 2008-2-21 14:3:20
C:\WINDOWS\XWLQVVVV.DLL | 2008-2-21 14:3:8
C:\WINDOWS\SYSTEM32\HDDGUARD.DLL | 2008-2-21 14:9:34
C:\WINDOWS\WQVVICYG.DLL | 2008-2-21 14:9:52
C:\WINDOWS\SYSTEM32\QVBHOTYWOW.DLL | 2008-2-21 14:11:18 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:\WINDOWS\SYSTEM32\NVDISPDRV.DLL | 2008-2-21 14:12:18
C:\WINDOWS\SYSTEM32\DBGHLP32.DLL | 2008-2-21 14:12:26
C:\WINDOWS\SYSTEM32\SGREFG.DLL | 2008-2-21 14:13:30
C:\WINDOWS\SYSTEM32\CTFMON.EXE* 2348 | 2006-12-14 6:29:30 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\XWLQVVVV.DLL | 2008-2-21 14:3:8
C:\WINDOWS\SYSTEM32\SHAPROC.DLL | 2008-2-21 14:3:20
C:\WINDOWS\SYSTEM32\HDDGUARD.DLL | 2008-2-21 14:9:34
C:\WINDOWS\WQVVICYG.DLL | 2008-2-21 14:9:52
C:\WINDOWS\SYSTEM32\QVBHOTYWOW.DLL | 2008-2-21 14:11:18 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:\WINDOWS\SYSTEM32\DBGHLP32.DLL | 2008-2-21 14:12:26
C:\WINDOWS\SYSTEM32\NVDISPDRV.DLL | 2008-2-21 14:12:18
C:\WINDOWS\SYSTEM32\SGREFG.DLL | 2008-2-21 14:13:30
C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE* 3224 | 2007-12-19 19:40:46 | QQ | 7,0,313,1681 | QQ | Copyright (C) 1998 - 2007 TENCENT Inc. All Rights Reserved | 7,0,313,1681 | TENCENT | | COMQQD | QQ.exe
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\SHAPROC.DLL | 2008-2-21 14:3:20
C:\WINDOWS\XWLQVVVV.DLL | 2008-2-21 14:3:8
C:\WINDOWS\SYSTEM32\WBJJU.DLL | 2004-11-13 10:27:2
C:\WINDOWS\SYSTEM32\HDDGUARD.DLL | 2008-2-21 14:9:34
C:\WINDOWS\WQVVICYG.DLL | 2008-2-21 14:9:52
C:\WINDOWS\SYSTEM32\QVBHOTYWOW.DLL | 2008-2-21 14:11:18 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:\WINDOWS\SYSTEM32\NVDISPDRV.DLL | 2008-2-21 14:12:18
C:\WINDOWS\SYSTEM32\DBGHLP32.DLL | 2008-2-21 14:12:26
C:\WINDOWS\SYSTEM32\SGREFG.DLL | 2008-2-21 14:13:30
C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE* 1296 | 2008-1-30 11:47:16 | Rising AntiVirus 2008 | 20.00 | Rising realtime monitor shell | Rising Corp. All rights reserved. | 20.0.01.11 | Beijing Rising Technology Co., Ltd.| ? | Beijing Rising Technology Co., Ltd. | RavTray.EXE
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\SHAPROC.DLL | 2008-2-21 14:3:20
C:\WINDOWS\XWLQVVVV.DLL | 2008-2-21 14:3:8
C:\WINDOWS\SYSTEM32\HDDGUARD.DLL | 2008-2-21 14:9:34
C:\WINDOWS\WQVVICYG.DLL | 2008-2-21 14:9:52
C:\WINDOWS\SYSTEM32\QVBHOTYWOW.DLL | 2008-2-21 14:11:18 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:\WINDOWS\SYSTEM32\NVDISPDRV.DLL | 2008-2-21 14:12:18
C:\WINDOWS\SYSTEM32\DBGHLP32.DLL | 2008-2-21 14:12:26
C:\WINDOWS\SYSTEM32\SGREFG.DLL | 2008-2-21 14:13:30
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE* 3792 | 2007-8-17 18:19:26 | Windows? Internet Explorer | 7.00.6000.16544 | Internet Explorer | ? Microsoft Corporation. All rights reserved. | 7.00.6000.16544 (vista_gdr.070814-1500) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\SHAPROC.DLL | 2008-2-21 14:3:20
C:\WINDOWS\XWLQVVVV.DLL | 2008-2-21 14:3:8
C:\WINDOWS\SYSTEM32\HDDGUARD.DLL | 2008-2-21 14:9:34
C:\WINDOWS\WQVVICYG.DLL | 2008-2-21 14:9:52
C:\WINDOWS\SYSTEM32\QVBHOTYWOW.DLL | 2008-2-21 14:11:18 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:\WINDOWS\SYSTEM32\NVDISPDRV.DLL | 2008-2-21 14:12:18
C:\WINDOWS\SYSTEM32\DBGHLP32.DLL | 2008-2-21 14:12:26
C:\WINDOWS\SYSTEM32\SGREFG.DLL | 2008-2-21 14:13:30
C:\WINDOWS\WQVVICYG.EXE * 272 | 2008-2-21 14:9:50
C:\WINDOWS\SYSTEM32\VHQQ.DLL | 2008-2-21 14:12:32
C:\WINDOWS\SYSTEM32\IJOUGIEMNAW.DLL | 2008-2-21 14:12:58
C:\WINDOWS\SYSTEM32\TSQC.DLL | 2008-2-21 14:11:46
C:\WINDOWS\SYSTEM32\KILUW.DLL | 2008-2-21 14:13:4
C:\WINDOWS\SYSTEM32\SVE.DLL | 2008-2-21 14:12:42
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL | 2008-2-21 14:11:4
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL | 2008-2-21 14:12:46
C:\WINDOWS\SYSTEM32\DUYGNEF.DLL | 2008-2-21 14:13:12
C:\WINDOWS\SYSTEM32\XHTD.DLL | 2008-2-6 17:7:12
C:\WINDOWS\SYSTEM32\3AUHAD.DLL | 2008-2-6 17:6:40
C:\WINDOWS\SYSTEM32\OADNEW.DLL | 2008-2-6 17:6:58
C:\WINDOWS\SYSTEM32\IEMNAW.DLL | 2008-2-6 17:7:10
C:\WINDOWS\SYSTEM32\HJXR.DLL | 2008-2-6 17:6:32
C:\WINDOWS\SYSTEM32\NAIXUHZ.DLL | 2008-2-6 17:7:2
C:\WINDOWS\SYSTEM32\NAHZIJ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL | 2008-2-6 17:6:30
C:\WINDOWS\SYSTEM32\AUHAD.DLL | 2008-2-6 17:6:38
C:\WINDOWS\SYSTEM32\NAIJIHZEUYOUHZ.DLL | 2008-2-6 17:7:8
C:\WINDOWS\WQVVICYG.DLL | 2008-2-21 14:9:52
O2 - BHO TENCENT BROWSER HELPER - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\PROGRAM FILES\TENCENT\SSPLUS\SADDR1.DLL
O4 - HKLM\..\RUN: [STUP.EXE] RUNDLL32.EXE C:\PROGRA~1\TENCENT\SSPLUS\SPLUS.DLL ,Rundll32 R
O4 - HKLM\..\RUN: [NVDISPDRV] C:\WINDOWS\NVDISPDRV.EXE
O4 - HKLM\..\RUN: [DBGHLP32] C:\WINDOWS\DBGHLP32.EXE
O4 - HKLM\..\POLICIES\EXPLORER\RUN: [TATZCYGYA] TATZCYGYA.EXE
O4 - HKLM\..\POLICIES\EXPLORER\RUN: [WISIN] C:\WINDOWS\SYSTEM32\WISIN.EXE
O23 - 服务: DEEPFREE UPDATE (DEEPFREE UPDATE) - C:\WINDOWS\SYSTEM32\DRIVERS\PCIHDD2.SYS (手动)
O23 - 服务: MSERTK (MSERTK) - SYSTEM32\DRIVERS\MSYECP.SYS (自动)
O23 - 服务: MSSKYE (MSSKYE) - SYSTEM32\DRIVERS\MSACLUE.SYS (自动)
O24 - SHLEXECHOOK: [MICROSOFT] - {8C41B7F7-3168-400D-A702-0E7EFE0BA304} = C:\WINDOWS\system32\sgrefg.dll
O26 - IFEO: 360Safe.exe -> ntsd -d
O26 - IFEO: 360tray.exe -> ntsd -d
O26 - IFEO: adam.exe -> ntsd -d
O26 - IFEO: AgentSvr.exe -> ntsd -d
O26 - IFEO: AppSvc32.exe -> ntsd -d
O26 - IFEO: autoruns.exe -> ntsd -d
O26 - IFEO: avconsol.exe -> ntsd -d
O26 - IFEO: avgrssvc.exe -> ntsd -d
O26 - IFEO: AvMonitor.exe -> ntsd -d
O26 - IFEO: avp.com -> ntsd -d
O26 - IFEO: avp.exe -> ntsd -d
O26 - IFEO: CCenter.exe -> ntsd -d
O26 - IFEO: ccSvcHst.exe -> ntsd -d
O26 - IFEO: EGHOST.exe -> ntsd -d
O26 - IFEO: FileDsty.exe -> ntsd -d
O26 - IFEO: FTCleanerShell.exe -> ntsd -d
O26 - IFEO: FYFireWall.exe -> ntsd -d
O26 - IFEO: HijackThis.exe -> ntsd -d
O26 - IFEO: IceSword.exe -> ntsd -d
O26 - IFEO: iparmo.exe -> ntsd -d
O26 - IFEO: Iparmor.exe -> ntsd -d
O26 - IFEO: isPwdSvc.exe -> ntsd -d
O26 - IFEO: kabaload.exe -> ntsd -d
O26 - IFEO: KaScrScn.SCR -> ntsd -d
O26 - IFEO: KASMain.exe -> ntsd -d
O26 - IFEO: KASTask.exe -> ntsd -d
O26 - IFEO: KAV32.exe -> ntsd -d
O26 - IFEO: KAVDX.exe -> ntsd -d
O26 - IFEO: KAVPF.exe -> ntsd -d
O26 - IFEO: KAVPFW.exe -> ntsd -d
O26 - IFEO: KAVSetup.exe -> ntsd -d
O26 - IFEO: KAVStart.exe -> ntsd -d
O26 - IFEO: KISLnchr.exe -> ntsd -d
O26 - IFEO: KMailMon.exe -> ntsd -d
O26 - IFEO: KMFilter.exe -> ntsd -d
O26 - IFEO: KPFW32.exe -> ntsd -d
O26 - IFEO: KPFW32X.exe -> ntsd -d
O26 - IFEO: KPfwSvc.exe -> ntsd -d
O26 - IFEO: KRegEx.exe -> ntsd -d
O26 - IFEO: KRepair.com -> ntsd -d
O26 - IFEO: KsLoader.exe -> ntsd -d
O26 - IFEO: KVCenter.kxp -> ntsd -d
O26 - IFEO: KvDetect.exe -> ntsd -d
O26 - IFEO: KvfwMcl.exe -> ntsd -d
O26 - IFEO: KVMonXP.kxp -> ntsd -d
O26 - IFEO: KVMonXP_1.kxp -> ntsd -d
O26 - IFEO: kvol.exe -> ntsd -d
O26 - IFEO: kvolself.exe -> ntsd -d
O26 - IFEO: KvReport.kxp -> ntsd -d
O26 - IFEO: KVScan.kxp -> ntsd -d
O26 - IFEO: KVSrvXP.exe -> ntsd -d
O26 - IFEO: KVStub.kxp -> ntsd -d
O26 - IFEO: kvupload.exe -> ntsd -d
O26 - IFEO: kvwsc.exe -> ntsd -d
O26 - IFEO: KvXP.kxp -> ntsd -d
O26 - IFEO: KvXP_1.kxp -> ntsd -d
O26 - IFEO: KWatch.exe -> ntsd -d
O26 - IFEO: KWatch9x.exe -> ntsd -d
O26 - IFEO: KWatchX.exe -> ntsd -d
O26 - IFEO: MagicSet.exe -> ntsd -d
O26 - IFEO: mcconsol.exe -> ntsd -d
O26 - IFEO: mmqczj.exe -> ntsd -d
O26 - IFEO: mmsk.exe -> ntsd -d
O26 - IFEO: Navapw32.exe -> ntsd -d
O26 - IFEO: nod32.exeNavapsvc.exe -> ntsd -d
O26 - IFEO: nod32krn.exe -> ntsd -d
O26 - IFEO: nod32kui.exe -> ntsd -d
O26 - IFEO: NPFMntor.exe -> ntsd -d
O26 - IFEO: OllyDBG.EXE -> ntsd -d
O26 - IFEO: OllyICE.EXE -> ntsd -d
O26 - IFEO: PFW.exe -> ntsd -d
O26 - IFEO: PFWLiveUpdate.exe -> ntsd -d
O26 - IFEO: procexp.exe -> ntsd -d
O26 - IFEO: QHSET.exe -> ntsd -d
O26 - IFEO: QQDoctor.exe -> ntsd -d
O26 - IFEO: QQKav.exe -> ntsd -d
O26 - IFEO: Ras.exe -> ntsd -d
O26 - IFEO: RavMonD.exe -> ntsd -d
O26 - IFEO: RavStub.exe -> ntsd -d
O26 - IFEO: RawCopy.exe -> ntsd -d
O26 - IFEO: RegClean.exe -> ntsd -d
O26 - IFEO: RegTool.exe -> ntsd -d
O26 - IFEO: rfwcfg.exe -> ntsd -d
O26 - IFEO: rfwmain.exe -> ntsd -d
O26 - IFEO: rfwProxy.exe -> ntsd -d
O26 - IFEO: rfwsrv.exe -> ntsd -d
O26 - IFEO: rfwstub.exe -> ntsd -d
O26 - IFEO: RsAgent.exe -> ntsd -d
O26 - IFEO: Rsaupd.exe -> ntsd -d
O26 - IFEO: runiep.exe -> ntsd -d
O26 - IFEO: safelive.exe -> ntsd -d
O26 - IFEO: scan32.exe -> ntsd -d
O26 - IFEO: shcfg32.exe -> ntsd -d
O26 - IFEO: SmartUp.exe -> ntsd -d
O26 - IFEO: SREng.EXE -> ntsd -d
O26 - IFEO: symlcsvc.exe -> ntsd -d
O26 - IFEO: SysSafe.exe -> ntsd -d
O26 - IFEO: TrojanDetector.exe -> ntsd -d
O26 - IFEO: Trojanwall.exe -> ntsd -d
O26 - IFEO: TrojDie.kxp -> ntsd -d
O26 - IFEO: UIHost.exe -> ntsd -d
O26 - IFEO: UmxAgent.exe -> ntsd -d
O26 - IFEO: UmxAttachment.exe -> ntsd -d
O26 - IFEO: UmxCfg.exe -> ntsd -d
O26 - IFEO: UmxFwHlp.exe -> ntsd -d
O26 - IFEO: UmxPol.exe -> ntsd -d
O26 - IFEO: UpLive.exe -> ntsd -d
O26 - IFEO: vsstat.exe -> ntsd -d
O26 - IFEO: webscanx.exe -> ntsd -d
O26 - IFEO: WoptiClean.exe -> ntsd -d
http://blog.csdn.net/Purpleendurer/archive/2008/02/23/2114717.aspx
http://endurer.bokee.com/6634438.html
http://blog.nnsky.com/blog_view_302078.html
http://blog.sina.com.cn/s/blog_49926d9101008m30.html)
http://blog.csdn.net/Purpleendurer/archive/2008/02/15/2097467.aspx
http://endurer.bokee.com/6627992.html
http://blog.nnsky.com/blog_view_294292.html
http://blog.sina.com.cn/s/blog_49926d9101008hf4.html
具体扫描结果就不贴出来了。
启动后自动扫描出2个流氓软件,清除了。
在[高级功能]—>[插件管理及卸载]里,把 O24 项卸载掉
在[高级功能]—>[系统启用项管理]里,在左边点击[登录项],在右边找到 O4 项对应的项目,右击,从弹出的菜单里选择删除。
在[高级功能]—>[系统启用项管理]里,在左边点击[应用程序初始化动态连接库],在右边找到 O20 项对应的项目,右击,从弹出的菜单里选择删除。
在[高级功能]—>[系统启用项管理]里,在左边点击[服务项]和[驱动],在右边找到 O23 项对应的项目,右击,从弹出的菜单里选择删除。
在[高级功能]—>[系统启用项管理]里,在左边点击[应用程序劫持项],在右边找到 O26 项对应的项目,右击,从弹出的菜单里选择删除。
