日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 编程资源 > 编程问答 >内容正文

编程问答

感染explorer.exe,使用映像劫持,ShellExecHook…的AV杀手GRHSGIH.EXE1

發布時間:2023/12/29 编程问答 35 豆豆
生活随笔 收集整理的這篇文章主要介紹了 感染explorer.exe,使用映像劫持,ShellExecHook…的AV杀手GRHSGIH.EXE1 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

感染explorer.exe,使用映像劫持,ShellExecHook…的AV殺手GRHSGIH.EXE1

endurer 原創
2008-01-18 第1

剛才一位朋友打電話來求助,說他電腦中了病毒,金山毒霸無法啟動,無法復制/粘貼……

趕到朋友家,下載 pe_xscan 掃描 log 發現如下可疑項(進程模塊部分有省略):

/===

pe_xscan 08-01-10 by Purple Endurer
2008-1-18 11:55:23
Windows XP Service Pack 2(5.1.2600)
管理員用戶組

[System Process] * 0
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 騰訊科技(深圳)有限公司 版權所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56
  C:/WINDOWS/FONTS/AVZXOMN.DLL | 2004-8-4 10:49:53
  C:/WINDOWS/FONTS/KVDXMMA.DLL | 2004-8-4 10:49:40
C:/WINDOWS/SYSTEM32/WINLOGON.EXE * 1084
  C:/WINDOWS/SYSTEM32/MANGDRIVE.DLL | 2007-1-18 10:39:24
C:/WINDOWS/EXPLORER.EXE* 1036 | 2004-8-17 12:0:0
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9
C:/WINDOWS/SYSTEM32/DLLCACHE/EXPLORER.EXE* 1604 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9
  C:/WINDOWS/FONTS/RSJZBPM.DLL | 2004-8-4 11:24:52
  C:/WINDOWS/FONTS/GJFHBYC.DLL | 2004-8-4 16:54:3
  C:/WINDOWS/FONTS/GJCSDYC.DLL | 2008-1-9 16:53:59
  C:/WINDOWS/FONTS/RARJFPI.DLL | 2004-8-4 10:50:4
  C:/WINDOWS/FONTS/RATBUPI.DLL | 2004-8-4 16:53:24
  C:/WINDOWS/FONTS/OKMHFZY.DLL | 2004-8-4 16:53:7
  C:/WINDOWS/FONTS/SWRCGZC.DLL | 2004-8-4 9:17:7
  C:/WINDOWS/FONTS/WSMSGZX.DLL | 2004-8-4 10:49:26
  C:/WINDOWS/FONTS/KAWDJZY.DLL | 2004-8-4 10:50:0
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57
  C:/WINDOWS/FONTS/RSMYKPM.DLL | 2004-8-4 16:53:11
  C:/WINDOWS/FONTS/KAQHMZY.DLL | 2008-1-17 10:49:32
  C:/WINDOWS/FONTS/KVDXMMA.DLL | 2004-8-4 10:49:40
  C:/WINDOWS/FONTS/AVZXOMN.DLL | 2004-8-4 10:49:53
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 騰訊科技(深圳)有限公司 版權所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll
C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE * 1188
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 騰訊科技(深圳)有限公司 版權所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll
C:/WINDOWS/SYSTEM32/RUNDLL32.EXE * 2968
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 騰訊科技(深圳)有限公司 版權所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56
C:/PROGRAM FILES/COMMON FILES/SYSTEM/DULEVHS.EXE * 3468 | 2008-1-3 21:31:20
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56
C:/WINDOWS/SYSTEM32/CTFMON.EXE * 2404
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 騰訊科技(深圳)有限公司 版權所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57

F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/Userinit.exe>
F2 - Shell = <Explorer.exe>
F3 - REG: win.ini: load=Explorer.exe

O1 - Hosts: 125.67.67.183 sdch.sdo.com
O1 - Hosts: 125.67.67.183 ekey.sdo.com
O1 - Hosts: 125.67.67.183 mir2.sdo.com
O1 - Hosts: 125.67.67.183 kf.sdo.com
O1 - Hosts: 125.67.67.183 www.mir2.com.cn
O1 - Hosts: 125.67.67.183 mir2.com.cn
O1 - Hosts: 125.67.67.183 home.mir2.sdo.com
O1 - Hosts: 125.67.67.183 shandacs.allyes.com

O2 - BHO PPGOUCATCHER - {00000000-0000-0000-0000-E58E57C9C848} -C:/PROGRA~1/PPGOU/PPGOUI~2.DLL
O4 - HKLM/../RUN: [STUP.EXE] RUNDLL32.EXEC:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL ,Rundll32 R
O4 - HKLM/../RUN: [TFAKUCW]C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O4 - HKLM/../RUN: [WFRAPKX]C:/PROGRAM FILES/COMMON FILES/SYSTEM/DULEVHS.EXE
O4 - HKLM/../RUN: [WINSYSM]C:/WINDOWS/381131M.EXE
O4 - HKLM/../RUN: [UPXDND]C:/WINDOWS/UPXDND.EXE
O4 - HKLM/../RUN: [DBGHLP32]C:/WINDOWS/DBGHLP32.EXE
O4 - HKLM/../RUN: [NVDISPDRV]C:/WINDOWS/NVDISPDRV.EXE
O4 - HKLM/../RUN: [KVSC3]C:/WINDOWS/KVSC3.EXE
O4 - HKLM/../POLICIES/EXPLORER/RUN: [VISIN]C:/WINDOWS/SYSTEM32/VISIN.EXE

C:/autorun.inf
/-----
[AutoRun]
open=tfakucw.exe
shell/open=打開(&O)
shell/open/Command=tfakucw.exe
shell/open/Default=1
shell/explore=資源管理器(&X)
shell/explore/Command=tfakucw.exe
-----/
D:/autorun.inf
/-----
[AutoRun]
open=tfakucw.exe
shell/open=打開(&O)
shell/open/Command=tfakucw.exe
shell/open/Default=1
shell/explore=資源管理器(&X)
shell/explore/Command=tfakucw.exe
-----/
E:/autorun.inf
/-----
[AutoRun]
open=tfakucw.exe
shell/open=打開(&O)
shell/open/Command=tfakucw.exe
shell/open/Default=1
shell/explore=資源管理器(&X)
shell/explore/Command=tfakucw.exe
-----/

O11 - IE擴展選項組:TBH (中文搜搜) =

O23 - 服務: MSEQSY (MSEQSY) - SYSTEM32/DRIVERS/MSACPE.SYS(自動)
O23 - 服務: PHY (PHY) -C:/WINDOWS/SYSTEM32/DRIVERS/PHY.SYS | 2008-1-17 11:24:45(手動)
O23 - 服務: SECSVR (LENOVO FILE SERVICE) -C:/WINDOWS/SECSVR.EXE(自動)

O24 - SHLEXECHOOK: [E] - {E159854F-6971-3456-6941-10235412974E} =C:/WINDOWS/FONTS/HOOKHELP.DLL
O24 - SHLEXECHOOK: [INTERNET] - {00854F80-5DF9-42C3-916E-5EE7D13D09DC} =
O24 - SHLEXECHOOK: [2] - {22FAACDE-34DA-CCD4-AB4D-DA34485A3422} =C:/WINDOWS/FONTS/RSJZBPM.DLL
O24 - SHLEXECHOOK: [2] - {2D908534-AD45-920F-AC89-4024FA9D26D2} =C:/WINDOWS/FONTS/GJFHBYC.DLL
O24 - SHLEXECHOOK: [4] - {4FA10261-B890-F432-A453-69F1023513F4} =C:/WINDOWS/FONTS/GJCSDYC.DLL
O24 - SHLEXECHOOK: [6] - {6598FF45-DA60-F48A-BC43-10AC47853D56} =C:/WINDOWS/FONTS/RARJFPI.DLL
O24 - SHLEXECHOOK: [6] - {67650011-3344-6688-4899-345FABCD1576} =C:/WINDOWS/FONTS/RATBUPI.DLL
O24 - SHLEXECHOOK: [6] - {6A57CAD1-412F-9547-713F-9641FA3FC7A6} =C:/WINDOWS/FONTS/OKMHFZY.DLL
O24 - SHLEXECHOOK: [8] - {878A7521-FA87-34AB-34C2-4893F3AD34C8} =C:/WINDOWS/FONTS/SWRCGZC.DLL
O24 - SHLEXECHOOK: [9] - {992FADFA-BCDE-ACDF-CDEF-21054865CBA9} =C:/WINDOWS/FONTS/WSMSGZX.DLL
O24 - SHLEXECHOOK: [A] - {A8907901-1416-3389-9981-37217856998A} =C:/WINDOWS/FONTS/KAWDJZY.DLL
O24 - SHLEXECHOOK: [A] - {AA1247C1-53DA-FF43-ABD3-345F323A48DA} =C:/WINDOWS/FONTS/AVWGJMN.DLL
O24 - SHLEXECHOOK: [B] - {B960356A-458E-DE24-BD50-268F589A56AB} =C:/WINDOWS/FONTS/AVWLKMN.DLL
O24 - SHLEXECHOOK: [B] - {BE32FA58-3453-FA2D-BC49-F340348ACCEB} =C:/WINDOWS/FONTS/RSMYKPM.DLL
O24 - SHLEXECHOOK: [D] - {D7D81718-1314-5200-2597-58790101807D} =C:/WINDOWS/FONTS/KAQHMZY.DLL
O24 - SHLEXECHOOK: [D] - {DC87A354-ABC3-DEDE-FF33-3213FD7447CD} =C:/WINDOWS/FONTS/KVDXMMA.DLL
O24 - SHLEXECHOOK: [F] - {F859245F-345D-BC13-AC4F-145D47DA34FF} =C:/WINDOWS/FONTS/AVZXOMN.DLL
O24 - SHLEXECHOOK: [F] - {FD561258-45F3-A451-F908-A258458226DF} =C:/WINDOWS/FONTS/KVDXSOMA.DLL

O26 - IFEO: 360RPT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: 360SAFE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: 360TRAY.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ADAM.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AGENTSVR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: APPSVC32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ARSWP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AUTORUNS.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVASTU3.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVCONSOL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVGRSSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVMONITOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVP.COM ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: CCENTER.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: CCSVCHST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: EGHOST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: FILEDSTY.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: FTCLEANERSHELL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: FYFIREWALL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: GHOST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: HIJACKTHIS.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ICESWORD.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: IPARMO.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: IPARMOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: IRSETUP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ISPWDSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KABALOAD.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KASCRSCN.SCR ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KASMAIN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KASTASK.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAV32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVDX.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVPF.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVPFW.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVSETUP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVSTART.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KISLNCHR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KMAILMON.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KMFILTER.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KPFW32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KPFW32X.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KPFWSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KREGEX.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KREPAIR.COM ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KSLOADER.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVCENTER.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVDETECT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVFWMCL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVMONXP.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVMONXP_1.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVOL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVOLSELF.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVREPORT.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVSCAN.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVSRVXP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVSTUB.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVUPLOAD.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVWSC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVXP.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVXP_1.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KWATCH.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KWATCH9X.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KWATCHX.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: LOADDLL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: MAGICSET.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: MCCONSOL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: MMQCZJ.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: MMSK.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NAVAPSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NAVAPW32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NOD32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NOD32KRN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NOD32KUI.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NPFMNTOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: PFW.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: PFWLIVEUPDATE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: QHSET.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: QQDOCTOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: QQKAV.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: QQSC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAS.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAV.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAVMON.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAVMOND.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAVSTUB.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAVTASK.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: REGCLEAN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RFWCFG.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RFWMAIN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RFWSRV.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RSAGENT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RSAUPD.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RSTRUI.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RUNIEP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SAFELIVE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SCAN32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SHCFG32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SMARTUP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SRENG.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SYMLCSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SYSSAFE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: TROJANDETECTOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: TROJANWALL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: TROJDIE.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UIHOST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXAGENT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXATTACHMENT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXCFG.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXFWHLP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXPOL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UPIEA.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UPLIVE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: USBCLEANER.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: VSSTAT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: WEBSCANX.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: WOPTICLEAN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ZJB.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
===/

總結

以上是生活随笔為你收集整理的感染explorer.exe,使用映像劫持,ShellExecHook…的AV杀手GRHSGIH.EXE1的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。