Rootkit. win32.gamehack. Gen, Trojan. psw. win32.gameol. Gen, and rootkit. win32.mnless
Today, a netizen said that his computer suddenly became very slow yesterday afternoon, so he had to force the shutdown. Today, there was a black window flashing when he started the system. He detected some viruses with rising, but the system response was still slow, let me help with the repair.
With the help of QQ Remote Assistance, check rising's antivirus logs (fragments) first ):
/=
Pe_xscan 08-03-03 by Purple endurer
12:28:31
Windows XP Service Pack 2 (5.1.2600)
Administrator user group
Normal Mode
[System process] * 0
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/Winlogon. EXE * 524 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | Windows NT logon application | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Winlogon. exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/services. EXE * 568 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | services and controller app | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Services.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/LSASS. EXE * 580 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | LSA shell (export version) |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Lsass.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/SVCHOST. EXE * 724 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | generic host process for Win32 services |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Svchost.exe
C:/Windows/system32/cuhad. dll | 16:33:14
D:/program files/rising/rav/ravstub. EXE * 1340 | 20:10:24 | ravstub application | 19, 0, 0, 4 | rising ravstub | copyright (c) 1998-2005 rising Corp. | 19, 0, 0, 4 | Beijing rising Technology Co ., ltd. | ravstub | ravstub.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/wdfmgr. EXE * 1528 | 13:44:28 | MICROSOFT? Windows? Operating System | 5.2.20.0.1230 | Windows user mode driver manager |? Microsoft Corporation. All Rights Reserved. | 5.2.20.0.1230 built by: dnsrv (bld4act) | Microsoft Corporation |? | Wdfmgr | wdfmgr.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/explorer. EXE * 1952 | 21:21:56 | MICROSOFT (r) Windows (r) Operating System | 6.00.2900.3156 | Windows Explorer | (c) Microsoft Corporation. all rights reserved. | 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Microsoft Corporation |? | Explorer | EXPLORER. EXE
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/ALG. EXE * 496 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | Application Layer Gateway Service |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Alg.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/ctfmon. EXE * 1516 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | CTF loader |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Ctfmon. exe
C:/Windows/system32/cuhad. dll | 16:33:14
O4-HKLM/../run: [winsysm] C:/Windows/49400m. exe
O4-Global startup: atisrv.exe-> invalid lnk file
O20-appinit_dlls: bauhgnem. DLL, eohsom. DLL, fyom. DLL, sauhad. DLL, ijougiemnaw. DLL, taijoad. DLL, lnaixnauhqq. DLL, idtj. DLL, vhqq. DLL, atgnehz. DLL, rsqq. DLL, tsqc. DLL, vauyiqvlnaix. DLL, WQ. DLL, fmxh. DLL, cty. DLL, pahzij. DLL, JZ. DLL, BZ. DLL, pyomielnux. DLL, mhtd. DLL, qnefnaib. DLL, EJ. DLL, uixauh. DLL, hjiq. DLL, kiluw. DLL, dsfg. DLL, yqhs. DLL, oaijihzeuyouhz. DLL, jemnaw. DLL, cuhad. DLL, laixuhz. DLL, rfhx. DLL, mnauygniqaixnaij. DLL, oqnauhc. DLL, xjxr. DLL, utiemnaw. DLL, SVE. DLL, wininat. DLL, gnolnait. DLL, zadnew. DLL, htwx. DLL, knaixnauhuoyizqq. DLL, duygnef. DLL, gmx. DLL, nadgnohiac. DLL, agzg. DLL, qlihzouhgnfe. DLL, bchib. DLL, tzm. DLL, r2.dll, slcs. DLL, xptyj. DLL, xhtd. DLL, QQ. DLL, sfhx. DLL, gnaixnauhqq. DLL, 3auhad. DLL, oadnew. DLL, iemnaw. DLL, qcsct. DLL, oadgnohiac. DLL, iqnauhc. DLL, aixauh. DLL, ddtj. DLL, nuygnef. DLL, uohsom. DLL, gnefnaib. DLL, ijiq. DLL, hjxr. DLL, naijoad. DLL, naixuhz. DLL, nahzij. DLL, fmxh. DLL, zqhs. DLL, jsfg. DLL, utgnehz. DLL, uyom. DLL, wtiemnaw. DLL, uyomielnux. DLL, vlihzouhgnfe. DLL, 2ty. DLL, nauhgnem. DLL, auhad. DLL, RJ. DLL, Hz. DLL, naijihzeuyouhz. DLL, xhqq. DLL, JMX. DLL, dgzg. DLL, gsqq. DLL, Fz. DLL
O23-service: icafe Manager (icafe manager)-C:/docume ~ 1/DONGHE/locals ~ 1/temp/usbhcid. sys (manual)
O23-service: SC Manager-C:/docume ~ 1/DONGHE/locals ~ 1/temp/usbcams3.sys (manual)
O24-shlexechook: [Microsoft]-{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068} = C:/Windows/system32/jhrcar. dll
O26-ifeo: 360rpt.exe-> ntsd-d
O26-ifeo: 360safe.exe-> ntsd-d
O26-ifeo: 360safebox.exe-> ntsd-d
O26-ifeo: 360tray.exe-> ntsd-d
O26-ifeo: adam.exe-> ntsd-d
O26-ifeo: agentsvr.exe-> ntsd-d
O26-ifeo: Prepare vc32.exe-> ntsd-d
O26-ifeo: autoruns.exe-> ntsd-d
O26-ifeo: avconsol.exe-> ntsd-d
O26-ifeo: avgrssvc.exe-> ntsd-d
O26-ifeo: avmonitor.exe-> ntsd-d
O26-ifeo: avp.com-> ntsd-d
O26-ifeo: avp.exe-> ntsd-d
O26-ifeo: ccsvchst.exe-> ntsd-d
O26-ifeo: eghost.exe-> ntsd-d
O26-ifeo: ftcleanershell.exe-> ntsd-d
O26-ifeo: fyfirewall.exe-> ntsd-d
O26-ifeo: hijackthis.exe-> ntsd-d
O26-ifeo: icesword.exe-> ntsd-d
O26-ifeo: iparmo.exe-> ntsd-d
O26-ifeo: iparmor.exe-> ntsd-d
O26-ifeo: ispwdsvc.exe-> ntsd-d
O26-ifeo: kabaload.exe-> ntsd-d
O26-ifeo: kascrscn. scr-> ntsd-d
O26-ifeo: kasmain.exe-> ntsd-d
O26-ifeo: kastask.exe-> ntsd-d
O26-ifeo: kav32.exe-> ntsd-d
O26-ifeo: kavdx.exe-> ntsd-d
O26-ifeo: kavpf.exe-> ntsd-d
O26-ifeo: kavpfw.exe-> ntsd-d
O26-ifeo: kavsetup.exe-> ntsd-d
O26-ifeo: kavstart.exe-> ntsd-d
O26-ifeo: kislnchr.exe-> ntsd-d
O26-ifeo: kmailmon.exe-> ntsd-d
O26-ifeo: kmfilter.exe-> ntsd-d
O26-ifeo: kpfw32.exe-> ntsd-d
O26-ifeo: kpfw32x.exe-> ntsd-d
O26-ifeo: kpfwsvc.exe-> ntsd-d
O26-ifeo: kregex.exe-> ntsd-d
O26-ifeo: krepair.com-> ntsd-d
O26-ifeo: ksloader.exe-> ntsd-d
O26-ifeo: kvcenter. KXP-> ntsd-d
O26-ifeo: kvdetect.exe-> ntsd-d
O26-ifeo: kvfwmcl.exe-> ntsd-d
O26-ifeo: kvmonxp. KXP-> ntsd-d
O26-ifeo: kvmonxp_1.kxp-> ntsd-d
O26-ifeo: kvol.exe-> ntsd-d
O26-ifeo: kvolself.exe-> ntsd-d
O26-ifeo: kvreport. KXP-> ntsd-d
O26-ifeo: kvscan. KXP-> ntsd-d
O26-ifeo: kvsrvxp.exe-> ntsd-d
O26-ifeo: kvstub. KXP-> ntsd-d
O26-ifeo: kvupload.exe-> ntsd-d
O26-ifeo: kvwsc.exe-> ntsd-d
O26-ifeo: kvxp. KXP-> ntsd-d
O26-ifeo: kvxp_1.kxp-> ntsd-d
O26-ifeo: kwatch.exe-> ntsd-d
O26-ifeo: kwatch9x.exe-> ntsd-d
O26-ifeo: kwatchx.exe-> ntsd-d
O26-ifeo: magicset.exe-> ntsd-d
O26-ifeo: mcconsol.exe-> ntsd-d
O26-ifeo: mmqczj.exe-> ntsd-d
O26-ifeo: mmsk.exe-> ntsd-d
O26-ifeo: navapsvc.exe-> ntsd-d
O26-ifeo: navapw32.exe-> ntsd-d
O26-ifeo: nod32.exe-> ntsd-d
O26-ifeo: nod32krn.exe-> ntsd-d
O26-ifeo: nod32kui.exe-> ntsd-d
O26-ifeo: npfmntor.exe-> ntsd-d
O26-ifeo: ollydbg. exe-> ntsd-d
O26-ifeo: ollyice. exe-> ntsd-d
O26-ifeo: pfw.exe-> ntsd-d
O26-ifeo: pfwliveupdate.exe-> ntsd-d
O26-ifeo: procexp.exe-> ntsd-d
O26-ifeo: qhset.exe-> ntsd-d
O26-ifeo: qqdoctor.exe-> ntsd-d
O26-ifeo: qqkav.exe-> ntsd-d
O26-ifeo: rawcopy.exe-> ntsd-d
O26-ifeo: regtool.exe-> ntsd-d
O26-ifeo: rfwproxy.exe-> ntsd-d
O26-ifeo: rfwstub.exe-> ntsd-d
O26-ifeo: safebank.exe-> ntsd-d
O26-ifeo: safeboxtray.exe-> ntsd-d
O26-ifeo: safelive.exe-> ntsd-d
O26-ifeo: scan32.exe-> ntsd-d
O26-ifeo: shda-32.exe-> ntsd-d
O26-ifeo: Sreng. exe-> ntsd-d
O26-ifeo: symlcsvc.exe-> ntsd-d
O26-ifeo: syssafe.exe-> ntsd-d
O26-ifeo: trojandetector.exe-> ntsd-d
O26-ifeo: trojanwall.exe-> ntsd-d
O26-ifeo: trojdie. KXP-> ntsd-d
O26-ifeo: uihost.exe-> ntsd-d
O26-ifeo: umxagent.exe-> ntsd-d
O26-ifeo: umxattachment.exe-> ntsd-d
O26-ifeo: umxw..exe-> ntsd-d
O26-ifeo: umxfwhlp.exe-> ntsd-d
O26-ifeo: umxpol.exe-> ntsd-d
O26-ifeo: uplive.exe-> ntsd-d
O26-ifeo: vsstat.exe-> ntsd-d
O26-ifeo: webscanx.exe-> ntsd-d
O26-ifeo: windbg.exe-> ntsd-d
O26-ifeo: wopticlean.exe-> ntsd-d
===/
(To be continued)