新型机器狗，过驱动防火墙

lf968

Program Guard: dwawdw.exe -> cmd.exe        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\dwawdw.exe(4872) wants to start C:\Windows\SysWOW64\cmd.exe(4148)
Program Guard: dwawdw.exe -> a.bat        2011/5/3 21:53        Allowed        C:\Users\xxxxxx\AppData\Local\Temp\dwawdw.exe wants to create executable file C:\Users\xxxxxx\AppData\Local\Temp\a.bat
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming TCP access blocked to: 0.0.0.0:6197
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming TCP access blocked to: 0.0.0.0:7828
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming TCP access blocked to: 0.0.0.0:7858
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming TCP access blocked to: 0.0.0.0:6294
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming TCP access blocked to: 0.0.0.0:6836
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming TCP access blocked to: 0.0.0.0:8090
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Outgoing UDP access blocked to: 0.0.0.0:1900
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming UDP access blocked to: 0.0.0.0:5199
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming UDP access blocked to: 0.0.0.0:5198
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming UDP access blocked to: 0.0.0.0:5136
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Incoming UDP access blocked to: 0.0.0.0:5135
Firewall: Automatic decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\dwawdw.exe, Outgoing TCP access blocked to: 222.211.91.39:87
Firewall: User decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\dwawdw.exe, Outgoing UDP access blocked to: (xfstat.qq.com) 127.0.0.1:51512
Firewall: User decision        2011/5/3 21:53        Blocked        C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe, Outgoing TCP access blocked to: (update.qvod.com) 119.184.126.124:80
Program Guard: QvodSetupPlus3.exe -> QvodSetupPlus3.exe        2011/5/3 21:53        Allowed        C:\Users\xxxxxx\Desktop\QvodSetupPlus3\QvodSetupPlus3.exe(3236) wants to start C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe
Program Guard: QvodSetupPlus3.exe -> QvodSetupPlus3.exe        2011/5/3 21:53        Allowed        C:\Users\xxxxxx\Desktop\QvodSetupPlus3\QvodSetupPlus3.exe wants to create executable file C:\Users\xxxxxx\AppData\Local\Temp\QvodSetupPlus3.exe
Program Guard: QvodSetupPlus3.exe        2011/5/3 21:52        Allowed        C:\Windows\explorer.exe -> C:\Users\xxxxxx\Desktop\QvodSetupPlus3\QvodSetupPlus3.exe

ioton

在网吧试了，没穿网吧的还原和驱动防火墙。。

sadfish5

连QQ管家都提示在加载驱动- -!

感染后再运行微点2.0，清理得一干二净。像没发生过啥事