In addition, Trojan. psw. win32.qqpass, Trojan. psw. win32.gameol, etc. 1
Original endurer 2008-06-13 1st
A friend said that the real-time monitoring icons of the Rising anti-virus software and firewall software in his computer have disappeared recently, and the computer's response is very slow. Please help me with the repair.
Download pe_xscan to scan logs and analyze the logs. The following suspicious items are found:
Pe_xscan 08-04-26 by Purple Endurer2008-6-12 12: 20: 52 Windows XP Service Pack 2 (5.1.2600) MSIE: 6.0.2900.2180 administrator user group normal mode[System process] * 0 C:/Windows/system32/sysdajchv. DLL | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP msplay api dll | (c) Microsoft Corporation. all rights resad. | 5.1.2600.3099 | Microsoft Corporation | MICROSOFT | msplay32 | msplay32 C:/Windows/system32/msosptfs01.dll | C:/Windows/system32/msoscqet01.dll | 20 08-6-9 2:24:37 C:/Windows/system32/msosfasq01.dll | C:/Windows/system32/msosping01.dll | C: /Windows/system32/msoscqit00.dll | 3:29:26 C:/Windows/system32/msosjtio00.dll | 3:32:36 C:/Windows/system32/msosfmsq01.dll | 7:58:15 C: /Windows/system32/msosjtfo01.dll | 2:24:57 C:/Windows/system32/msosdrop00.dll | C:/window S/system32/ytewcxzsw. DLL | C:/Windows/system32/wwwwww. DLL | 2:18:42 C:/Windows/system32/qqqqqq. DLL | 8:29:38 C:/Windows/system32/gggggg. DLL | 0:11:23 C:/Windows/system32/kduonz. DLL | 0:11:30 C:/Windows/system32/Oooooooo. DLL | 6:57:29 C:/Windows/system32/cccccc. DLL | C:/Windows/system32/eeeeee. DLL | C:/W Indows/system32/mmmmmm. DLL | 2:29:38 C:/Windows/system32/tttttt. DLL | 7:26:26 C:/Windows/system32/xxxxxx. DLL | 0:14:16 C:/program files/Internet Explorer/plugins/dossys08.sys | C:/Windows/system32/winlogon.exe * 1020 | MICROSOFT (r) windows (r) Operating System | 5.1.2600.2180 | Windows NT logon application | (c) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Winlogon. exe c:/Windows/system32/sysdajchv. DLL | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP msplay api dll | (c) Microsoft Corporation. all rights resad. | 5.1.2600.3099 | Microsoft Corporation | MICROSOFT | msplay32 | msplay32 C:/Windows/system32/msosptfs01.dll | C:/Windows/system32/msoscqet01.dl L | 2:24:37 C:/Windows/system32/versions | 3:29:26 C:/Windows/system32/msosping01.dll | C:/Windows/system32/msoscqit00.dll | C: /Windows/system32/msosjtio00.dll | 3:32:36 C:/Windows/system32/msosfmsq01.dll | 7:58:15 C:/Windows/system32/msosjtfo01.dll | 2:24:57 C: /Windows/system32/msosdrop00.dll | C :/ Windows/system32/ytewcxzsw. DLL | C:/Windows/system32/wwwwww. DLL | 2:18:42 C:/Windows/system32/qqqqqq. DLL | 8:29:38 C:/Windows/system32/gggggg. DLL | 0:11:23 C:/Windows/system32/kduonz. DLL | 0:11:30 C:/Windows/system32/Oooooooo. DLL | 6:57:29 C:/Windows/system32/cccccc. DLL | C:/Windows/system32/eeeeee. DLL | 2008-6-11 0: 56: 8 C:/Windows/system32/mmmmmm. DLL | 2:29:38 C:/Windows/system32/tttttt. DLL | 7:26:26 C:/Windows/system32/ctfmon.exe * 956 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | CTF loader |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Ctfmon. exe c:/Windows/system32/sysdajchv. DLL | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP msplay api dll | (c) Microsoft Corporation. all rights resad. | 5.1.2600.3099 | Microsoft Corporation | MICROSOFT | msplay32 | msplay32 C:/Windows/system32/msosptfs01.dll | C:/Windows/system32/msoscqet01.dll | 2:24:37 C:/Windows/system32/msosfasq01.dll | 3:29:26 C:/Windows/system32/msosping01.dll | C:/Windows/system32/versions | C: /Windows/system32/msosjtio00.dll | 3:32:36 C:/Windows/system32/msosfmsq01.dll | 7:58:15 C:/Windows/system32/msosjtfo01.dll | 2:24:57 C: /Windows/system32/msosdrop00.dll | C:/wind Ows/system32/ytewcxzsw. DLL | C:/Windows/system32/wwwwww. DLL | 2:18:42 C:/Windows/system32/qqqqqq. DLL | 8:29:38 C:/Windows/system32/gggggg. DLL | 0:11:23 C:/Windows/system32/kduonz. DLL | 0:11:30 C:/Windows/system32/Oooooooo. DLL | 6:57:29 C:/Windows/system32/cccccc. DLL | C:/Windows/system32/eeeeee. DLL | C: /Windows/system32/mmmmmm. DLL | 2:29:38 C:/Windows/system32/tttttt. DLL | 7:26:26 C:/Windows/system32/xxxxxx. DLL | 0:14:16 C:/program files/Internet Explorer/plugins/dossys08.sys | C:/Windows/system32/svchost.exe * 1028 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | generic host process for Win32 services |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Svchost.exe C:/Windows/system32/sysdajchv. DLL | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP msplay api dll | (c) Microsoft Corporation. all rights resad. | 5.1.2600.3099 | Microsoft Corporation | MICROSOFT | msplay32 | msplay32 C:/Windows/system32/msosptfs01.dll | C:/Windows/system32/msoscqet01. DLL | 2:24:37 C:/Windows/system32/versions | 3:29:26 C:/Windows/system32/msosping01.dll | C:/Windows/system32/msoscqit00.dll | C: /Windows/system32/msosjtio00.dll | 3:32:36 C:/Windows/system32/msosfmsq01.dll | 7:58:15 C:/Windows/system32/msosjtfo01.dll | 2:24:57 C: /Windows/system32/msosdrop00.dll | C :/Windows/system32/ytewcxzsw. DLL | C:/Windows/system32/wwwwww. DLL | 2:18:42 C:/Windows/system32/qqqqqq. DLL | 8:29:38 C:/Windows/system32/gggggg. DLL | 0:11:23 C:/Windows/system32/kduonz. DLL | 0:11:30 C:/Windows/system32/Oooooooo. DLL | 6:57:29 C:/Windows/system32/cccccc. DLL | C:/Windows/system32/eeeeee. DLL | C:/Windows/system32/mmmmmm. DLL | 2:29:38 C:/Windows/system32/tttttt. DLL | 7:26:26 C:/Windows/system32/xxxxxx. DLL | 0:14:16 C:/Windows/explorer.exe * 3728 | MICROSOFT (r) Windows (r) Operating System | 6.00.2900.2180 | Windows Explorer | (c) Microsoft Corporation. all rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | MICROSOFT atio N |? | Explorer. exe c:/Windows/system32/sysdajchv. DLL | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP msplay api dll | (c) Microsoft Corporation. all rights resad. | 5.1.2600.3099 | Microsoft Corporation | MICROSOFT | msplay32 | msplay32 C:/Windows/system32/msosptfs01.dll | C:/Windows/system32/msoscqet01.dl L | 2:24:37 C:/Windows/system32/versions | 3:29:26 C:/Windows/system32/msosping01.dll | C:/Windows/system32/msoscqit00.dll | C: /Windows/system32/msosjtio00.dll | 3:32:36 C:/Windows/system32/msosfmsq01.dll | 7:58:15 C:/Windows/system32/msosjtfo01.dll | 2:24:57 C: /Windows/system32/msosdrop00.dll | C :/ Windows/system32/ytewcxzsw. DLL | C:/Windows/system32/wwwwww. DLL | 2:18:42 C:/Windows/system32/qqqqqq. DLL | 8:29:38 C:/Windows/system32/gggggg. DLL | 0:11:23 C:/Windows/system32/kduonz. DLL | 0:11:30 C:/Windows/system32/Oooooooo. DLL | 6:57:29 C:/Windows/system32/cccccc. DLL | C:/Windows/system32/eeeeee. DLL | 2008-6-11 0: 56: 8 C:/Windows/system32/mmmmmm. DLL | 2:29:38 C:/Windows/system32/tttttt. DLL | 7:26:26 C:/Windows/system32/xxxxxx. DLL | 0:14:16 C:/program files/Internet Explorer/plugins/dossys08.sys | O2-BHO-{398c9b84-4ef7-47b5-9862-de29543b3c42}-C: /program files/Internet Explorer/plugins/dossys08.sysulfate-HKLM /.. /run: [ytewcxzsw] C:/Windows/ssssss.exe O4-HKLM /.. /Run: [juejwcx] C:/Windows/juejwcx.exe O4-HKLM /.. /run: [anistio] C:/Windows/anistio. exeo4-HKLM /.. /run: [isscs32] C:/Windows/isscs32.exeo4-HKLM /.. /run: [dionpis] C:/Windows/dionpis.exe O4-HKLM /.. /run: [hefcndy] C:/Windows/hefcndy.exe O4-HKLM /.. /run: [fmsbbqi] C:/Windows/fmsbbqi.exe O4-HKLM /.. /run: [bincdwsa] C:/Windows/bincdwsa.exe O4-HKLM /.. /run: [dbhlp32] C:/Windows/dbhlp32.exeo4-HKLM/ .. /Run: [fmsjvf] C:/Windows/fmsjhif.exe O4-HKLM /.. /run: [qrdkntbd] C:/Windows/rktdwvur.exe O4-HKLM /.. /run: [ptshell] C:/Windows/ptshell.exe O4-HKLM /.. /run: [tciocp64] C:/Windows/tciocp64.exeo4-HKLM /.. /run: [mfchlp64] C:/Windows/mfchlp64.exeo4-HKLM /.. /run: [winsvr64] C:/Windows/winsvr64.exeo4-HKLM /.. /run: [wrew2ds] C:/Windows/wrew2ds.exe O4-HKLM /.. /run: [isndntio] C:/Windows/isndntio.exe {D92688DA-7FAB-4AB4-8AC9-5EADE1E3C8E4} _ 234225_user.jobo6-hkcu/software/policies/Microsoft/Internet Explorer/restrictions IE or Internet options may be restricted by o6-hkcu/software/policies/Microsoft/Internet Explorer/Control the existence of panel IE or Internet options may be restricted by o20-appinit_dlls = sysdajchv. DLL, msosptfs01.dll, wipicdec. DLL, msoscqet01.dll, niczftp01.dll, rgvxyr. DLL, msosmhap00.dll, msosdohs01.dll, msosmnsf01.dll, msosfasq01.dll, Msosping01.dll, msosmhfp00.dll, msoscqit00.dll, msosjtio00.dll, msosfmsq01.dll, msosjtfo01.dll, msosdrop00.dll, ytewcxzsw. DLL, wwwwww. DLL, obrrrz. DLL, qqqqqq. DLL, gggggg. DLL, kduonz. DLL, Oooooo. DLL, cccccc. DLL, eeeeee. DLL, mmmmmm. DLL, tttttt. DLL, xxxxxx. dllo23-service: 71bfe972 (71bfe972)-C:/Windows/system32/25847834.exe-D (automatic) o23-service: cqet (cqet)-C:/docume ~ 1/user/locals ~ 1/temp/tmp88.tmp (automatic) o23-service: cqit (cqit)-C:/w.e ~ 1/user/locals ~ 1/temp/tmp7.tmp | 9:27:57 (automatic) o23-service: DoHS (DOHS)-C:/docume ~ 1/user/locals ~ 1/temp/tmp9.tmp | 7:57:49 (automatic) o23-service: Drop (drop)-C:/docume ~ 1/user/locals ~ 1/temp/tmp13.tmp | 9:29:51 (automatic) o23-service: fasq (fasq)-C:/127e ~ 1/user/locals ~ 1/temp/tmp92.tmp (automatic) o23-service: fmsq (fmsq)-C:/docume ~ 1/user/locals ~ 1/temp/tmpf. tmp | 9:28:15 (automatic) o23-service: IIS Manager-C:/iis e ~ 1/user/locals ~ 1/temp/1.tmp (manual) o23-service: jtfo (jtfo)-C:/docume ~ 1/user/locals ~ 1/temp/tmp94.tmp | 2:22:16 (automatic) o23-service: jtio (jtio)-C:/docume ~ 1/user/locals ~ 1/temp/tmp11.tmp | 7:45:41 (automatic) o23-service: mhap (mhap)-C:/docume ~ 1/user/locals ~ 1/temp/tmp1.tmp (automatic) o23-service: mhfp (mhfp)-C:/docume ~ 1/user/locals ~ 1/temp/tmp1.tmp (automatic) o23-service: mnsf (mnsf)-C:/docume ~ 1/user/locals ~ 1/temp/tmp9.tmp | 7:57:49 (automatic) o23-service: msfpfis64 (msfpfis64)-C:/Windows/system32/Drivers/msosmsfpfis64.sys | 3:29:16 (automatic) o23-service: msp2p32 (msp2p32)-C:/Windows/system32/Drivers/msosmsp2p32. sys | 3:28:25 (automatic) o23-service: NPF (netgroup Packet Filter)-system32/Drivers/NPF. sys | Winpcap netgroup Packet Filter Driver | 3, 1, 0, 27 | NPF | copyright? 2005 cace technologies. Copyright? 2003-2005 netgroup, Politecnico di Torino. | 3, 1, 0, 27 | cace technologies | NPF + tme | NPF. sys (manual) o23-service: Ping-C:/docume ~ 1/user/locals ~ 1/temp/tmpd. tmp | (automatic) o23-service: ptfs (ptfs)-C:/docume ~ 1/user/locals ~ 1/temp/tmpb. tmp | (automatic) o23-service: zftp (zftp)-C:/docume ~ 1/user/locals ~ 1/temp/tmp5.tmp | (automatic) o24-shlexechook: []-{program} = C:/program files/Internet Explorer/plugins/dossys08.sys O26-ifeo: 360rpt.exe-> ntsd-do26-ifeo: 360safe.exe-> ntsd-do26-ifeo: 360safebox.exe-> ntsd-do26-ifeo: 360tray.exe-> ntsd-do26-ifeo: avp.exe-> taskman. exeo26-ifeo: ccenter.exe-> ntsd-do26-ifeo: kppmain.exe-> ntsd-do26-ifeo: kwatch.exe-> ntsd-do26-ifeo: qqdoctor.exe-> ntsd-do26-ifeo: qqkav.exe-> ntsd-do26-ifeo: rav.exe-> taskman. exeo26-ifeo: ravmon.exe-> ntsd-do26-ifeo: ravmond.exe-> ntsd-do26-ifeo: ravstub.exe-> taskman. exeo26-ifeo: ravtask.exe-> taskman. exeo26-ifeo: rfww..exe-> taskman. exeo26-ifeo: rfwmain.exe-> taskman. exeo26-ifeo: rfwproxy.exe-> taskman. exeo26-ifeo: rfwsrv.exe-> taskman. exeo26-ifeo: rfwstub.exe-> taskman. exeo26-ifeo: runiep.exe-> taskman. exeo26-ifeo: safeboxtray.exe-> ntsd-do26-ifeo: tqat.exe-> ntsd-d
This is similar to the previous "encounter Trojan-PSW.Win32.QQPass, Trojan. psw. win32.gameol, etc.", but in the actual processing to be more complex ~
(To be continued)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
