瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【求助】瑞星中病毒自动退出.杀毒杀不干净
天涯沦落118 - 2008-4-10 20:34:00
每次启动后,还没有连接上网络,就出闪过一个对话框,很快,看不清什么内容,然后瑞星监控会自动退出,重启后变红.可以升级,而且升级后,就恢复正常,再杀毒就会杀出一些Trojan.PSW.Win32.*******的病毒,主要感染文件为RAV.exe QQ.exe  和EXLOPROR.exe.<br>QQ软件还是自动出现两个登陆框.<br><br><font color=#808080>[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; WPS; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)</font><br><br><br>重新扫描了一个日志.请高手看看,关键是下楼大大的说的文件有好多找不到,去掉隐藏也找不到.

附件: 10367502008410224323.txt
★蓝色羽毛★ - 2008-4-10 20:47:00
<><C:\Program Files\Common Files\Services\svchost.exe>  []
    <PTSShell><C:\WINDOWS\PTSShell.exe>  []
<{05922c2d-da84-48e8-a3e4-e797c58c39cf}><C:\WINDOWS\system32\ttEZZEZZ1046.dll>  []
    <{396f1715-e494-4aeb-8c0e-7c98486b3fd1}><C:\WINDOWS\system32\ttCBDCBD1047.dll>  []
    <{1e09deb9-98ef-4875-976c-803271f8f51c}><C:\WINDOWS\system32\ttVUFVUF1012.dll>  []
    <{6694b036-4cf7-4c28-94c9-a96cf331edec}><C:\WINDOWS\system32\ttSADSAD1033.dll>  []
    <{fff1c771-4dc7-4c01-8be1-8495780f3f1d}><C:\WINDOWS\system32\txTQLTQL1039.dll>  []
    <{c4bf46a2-1c05-427d-992f-4e24f7d57f68}><ttNNBNNB1047.dll>  [N/A]
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp><N/A>
Autorun.inf
[C:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
[D:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
[E:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
[F:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
[G:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
还有就是不建议把安博士和瑞星一起安装
小企鹅S - 2008-4-10 20:48:00
[C:\WINDOWS\system32\peckte.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\WINDOWS\system32\hfjg.dll]  [N/A, ]
    [C:\WINDOWS\system32\faczfl.dll]  [N/A, ]
    [C:\WINDOWS\system32\jyjlt.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttEZZEZZ1046.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttCBDCBD1047.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttVUFVUF1012.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\hgfhk.dll]  [N/A, ]
C:\WINDOWS\system32\ttSADSAD1033.dll]  [N/A, ]
    [C:\WINDOWS\system32\txTQLTQL1039.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\hgfhk.dll]  [N/A, ]
    [C:\WINDOWS\system32\hfjg.dll]  [N/A, ]
    [C:\WINDOWS\system32\jyjlt.dll]  [N/A, ]
    [C:\WINDOWS\system32\faczfl.dll]  [N/A, ]
    [C:\WINDOWS\system32\peckte.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\Program Files\QQ2006\MSIMG32.dll]  [N/A, ]
    [C:\Program Files\QQ2006\FinePlus.Dll]  [N/A, ]
    [C:\Program Files\QQ2006\fphelper.dll]  [N/A, ]
[C:\Program Files\QQ2006\QQMainFrame.dll]  [N/A, ]
    [C:\Program Files\QQ2006\UnReadMsgMgr.dll]  [N/A, ]
    [C:\Program Files\QQ2006\QQPlugin.dll]  [N/A, ]
    [C:\Program Files\QQ2006\CQQApplication.dll]  [N/A, ]
[C:\WINDOWS\system32\msdmo.dll]  [, ]
[C:\Program Files\QQ2006\QQAvatar.dll]  [N/A, ]
[C:\Program Files\QQ2006\QQCustomFace.dll]  [N/A, ]
[C:\Program Files\QQ2006\QRingMng.dll]  [N/A, ]
[C:\Program Files\QQ2006\QQSysMsgMng.dll]  [N/A, ]
    [C:\Program Files\QQ2006\BQQApplication.dll]  [N/A, ]
[C:\Program Files\QQ2006\QQSceneMng.dll]  [N/A, ]
[C:\WINDOWS\system32\hfjg.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttEZZEZZ1046.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttCBDCBD1047.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttVUFVUF1012.dll]  [N/A, ]
    [C:\WINDOWS\system32\jyjlt.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttSADSAD1033.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\hgfhk.dll]  [N/A, ]
    [C:\WINDOWS\system32\txTQLTQL1039.dll]  [N/A, ]
    [C:\WINDOWS\system32\faczfl.dll]  [N/A, ]
    [C:\WINDOWS\system32\peckte.dll]  [N/A, ]
[C:\Program Files\bdgame\hookproc.dll]  [N/A, ]
[C:\Program Files\bdgame\ChkUsr.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\faczfl.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\WINDOWS\system32\peckte.dll]  [N/A, ]
    [C:\WINDOWS\system32\hfjg.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\jyjlt.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\hgfhk.dll]  [N/A, ]
[C:\WINDOWS\system32\hgfhk.dll]  [N/A, ]
    [C:\WINDOWS\system32\hfjg.dll]  [N/A, ]
    [C:\WINDOWS\system32\jyjlt.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
把可能的可疑文件都找了出来,不敢贸然让楼主删掉,请天月或猫叔来看一下。
超级游戏迷 - 2008-4-10 20:55:00
可疑注册表项目
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <><C:\Program Files\Common Files\Services\svchost.exe>  []
    <PTSShell><C:\WINDOWS\PTSShell.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><wfhyt.dll,kghk.dll,ethsh.dll,stehs.dll,sthth.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,msepbe.dll,>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{05922c2d-da84-48e8-a3e4-e797c58c39cf}><C:\WINDOWS\system32\ttEZZEZZ1046.dll>  []
    <{396f1715-e494-4aeb-8c0e-7c98486b3fd1}><C:\WINDOWS\system32\ttCBDCBD1047.dll>  []
    <{1e09deb9-98ef-4875-976c-803271f8f51c}><C:\WINDOWS\system32\ttVUFVUF1012.dll>  []
    <{6694b036-4cf7-4c28-94c9-a96cf331edec}><C:\WINDOWS\system32\ttSADSAD1033.dll>  []
    <{fff1c771-4dc7-4c01-8be1-8495780f3f1d}><C:\WINDOWS\system32\txTQLTQL1039.dll>  []
    <{c4bf46a2-1c05-427d-992f-4e24f7d57f68}><ttNNBNNB1047.dll>  [N/A]
==================================
可疑驱动程序
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp><N/A>
==================================
可疑文件
C:\Program Files\Common Files\Services\svchost.exe
C:\WINDOWS\PTSShell.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp
C:\Autorun.inf
C:\pagefile.pif
D:\Autorun.inf
D:\pagefile.pif
E:\Autorun.inf
E:\pagefile.pif
F:\Autorun.inf
F:\pagefile.pif
G:\Autorun.inf
G:\pagefile.pif
以及C:\WINDOWS\system32 目录下的以下文件:
wfhyt.dll,kghk.dll,ethsh.dll,stehs.dll,sthth.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,msepbe.dll,ttEZZEZZ1046.dll,ttCBDCBD1047.dllnttVUFVUF1012.dll,ttSADSAD1033.dll,txTQLTQL1039.dll,ttVUFVUF1012.dll,ttNNBNNB1047.dll,PTSShell.dll,faczfl.dll


天月来了 - 2008-4-11 9:52:00
引用:
【小企鹅S的贴子】[C:\WINDOWS\system32\peckte.dll]  [N/A, ]
..............................
把可能的可疑文件都找了出来,不敢贸然让楼主删掉,请天月或猫叔来看一下。
………………

[C:\Program Files\QQ2006\MSIMG32.dll] [N/A, ]
[C:\Program Files\QQ2006\FinePlus.Dll] [N/A, ]
[C:\Program Files\QQ2006\fphelper.dll] [N/A, ]
[C:\Program Files\QQ2006\QQMainFrame.dll] [N/A, ]
[C:\Program Files\QQ2006\UnReadMsgMgr.dll] [N/A, ]
[C:\Program Files\QQ2006\QQPlugin.dll] [N/A, ]
[C:\Program Files\QQ2006\CQQApplication.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\QQ2006\QQAvatar.dll] [N/A, ]
[C:\Program Files\QQ2006\QQCustomFace.dll] [N/A, ]
[C:\Program Files\QQ2006\QRingMng.dll] [N/A, ]
[C:\Program Files\QQ2006\QQSysMsgMng.dll] [N/A, ]
[C:\Program Files\QQ2006\BQQApplication.dll] [N/A, ]
[C:\Program Files\QQ2006\QQSceneMng.dll] [N/A, ]

这些怎还看错呢????还是复制错了????
1
查看完整版本: 【求助】瑞星中病毒自动退出.杀毒杀不干净
© 2000 - 2026 Rising Corp. Ltd.