瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助!!各位大大帮帮忙 ! 盗征途和QQ密码的木马

1   1  /  1  页   跳转

求助!!各位大大帮帮忙 ! 盗征途和QQ密码的木马

收藏
水果12345
头像
初生襁褓狮
  • 帖子:40
  • 注册: 2006-04-14
  • 来自:
发表于: 2006-12-14 16:57 | 显示全部 短消息 资料
字号: 1楼

求助!!各位大大帮帮忙 ! 盗征途和QQ密码的木马

前2天突然发现电脑中毒 用瑞星杀毒 我的是2007的 能杀出毒 显示重启后删除 但是小弟反复几次后也没有杀掉 第2天又有 很是不厌其烦 !!
病毒名: Trojan.PSW.ZhengTu 
        Trojan.PSW.JHOnline.eyl
        Trojan.PSW.QQPass.qyc
正是现在流行的QQ和征途GG盗号木马
望高手指导一下偶删除步骤
偶是菜鸟    谢谢!!!!


Process    PID    CPU    Description    Company Name
System Idle Process    0    48.48       
Interrupts    n/a        Hardware Interrupts   
DPCs    n/a    1.52    Deferred Procedure Calls   
System    4           
  smss.exe    444        Windows NT Session Manager    Microsoft Corporation
  csrss.exe    500    1.52    Client Server Runtime Process    Microsoft Corporation
  winlogon.exe    524        Windows NT Logon Application    Microsoft Corporation
    services.exe    568    1.52    Services and Controller app    Microsoft Corporation
    svchost.exe    736        Generic Host Process for Win32 Services    Microsoft Corporation
      TIMPlatform.exe    3444        TIMPlatform    tencent
    svchost.exe    792        Generic Host Process for Win32 Services    Microsoft Corporation
    CCenter.exe    856        CCenter    Beijing Rising Technology Co., Ltd.
    svchost.exe    876        Generic Host Process for Win32 Services    Microsoft Corporation
      wscntfy.exe    2060        Windows Security Center Notification App    Microsoft Corporation
    svchost.exe    928        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    1092        Generic Host Process for Win32 Services    Microsoft Corporation
    RavMonD.exe    1112        RavMond    Beijing Rising Technology Co., Ltd.
      RavStub.exe    1596        Rising RavStub    Beijing Rising Technology Co., Ltd.
    rfwsrv.exe    1284        Rising Personal FireWall Service    Beijing Rising Technology Co., Ltd.
      RFWMAIN.EXE    1732        Rising Personal FireWall Main Program    Beijing Rising Technology Co., Ltd.
    spoolsv.exe    1436        Spooler SubSystem App    Microsoft Corporation
    nvsvc32.exe    1684        NVIDIA Driver Helper Service, Version 15.20    NVIDIA Corporation
    wdfmgr.exe    992        Windows User Mode Driver Manager    Microsoft Corporation
    alg.exe    1040        Application Layer Gateway Service    Microsoft Corporation
    lsass.exe    580        LSA Shell (Export Version)    Microsoft Corporation
explorer.exe    1208        Windows Explorer    Microsoft Corporation
soundman.exe    1892        Avance Sound Manager    Avance Logic, Inc.
realsched.exe    172        RealNetworks Scheduler    RealNetworks, Inc.
RavTask.exe    216        RavTimer    Beijing Rising Technology Co., Ltd.
  RavMon.exe    352        RavMon    Beijing Rising Technology Co., Ltd.
runiep.exe    348        Rising AntiSpyware Monitor    Beijing Rising Technology Co., Ltd.
ctfmon.exe    372        CTF Loader    Microsoft Corporation
TTPlayer.exe    1132    3.03    千千静听    Alen Soft
VnetClient.exe    220    1.52    Vstar Microsoft 基础类应用程序   
TTraveler.exe    3264    13.64    Tencent Traveler    腾讯公司
QQ.EXE    1804    7.58    QQ    TENCENT
procexp.exe    3244    21.21    Sysinternals Process Explorer    Sysinternals
conime.exe    1372        Console IME    Microsoft Corporation


附件附件:

下载次数:249
文件类型:application/octet-stream
文件大小:
上传时间:2006-12-14 16:57:37
描述:



最后编辑2006-12-14 17:11:20
分享到:
gototop
 
水果12345
头像
初生襁褓狮
  • 帖子:40
  • 注册: 2006-04-14
  • 来自:
发表于: 2006-12-14 17:20 | 显示全部 短消息 资料
字号: 2楼

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 17:08:30, on 2006-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\ruising\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\ruising\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
D:\ruising\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\spoolsv.exe
D:\ruising\Rising\Rav\RavStub.exe
D:\ruising\Rising\Rfw\RfwMain.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\ruising\Rising\Rav\RavTask.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
D:\ruising\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TTPlayer\TTPlayer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
D:\TT\TTraveler.exe
D:\QQ\QQ.exe
D:\QQ\TIMPlatform.exe
C:\Program Files\深圳三代\迅雷\Program\Thunder5.exe
D:\hijackthis1.97_qoo\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO:
O2 - BHO: (no name) - {471A662A-4030-42BC-B632-758700A64DB9} - C:\PROGRA~1\cdnpack\cdncn.dll
O2 - BHO: (no name) - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll
O2 - BHO: (no name) - {67A90DD5-128D-43AB-B97C-565D2DD42A28} - C:\PROGRA~1\adx\atloader.dll (file missing)
O2 - BHO: (no name) - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: ????? - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - F:\BitComet\BitCometBar\BitCometBar0.6.dll
O3 - Toolbar: ????? - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [RfwMain] "D:\ruising\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RavTask] "D:\ruising\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [mhs2] C:\DOCUME~1\my\LOCALS~1\Temp\smss.exe
O4 - HKLM\..\Run: [] 8V?
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\RunOnce: [RavStub] "D:\ruising\Rising\Rav\ravstub.exe" /RUNONCE
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O9 - Extra button: QQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [TBH]
O17 - HKLM\System\CCS\Services\Tcpip\..\{78D0D6F3-3EE0-4240-A377-19BB0A39C041}: NameServer = 61.147.37.1 61.177.7.1
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT