瑞星卡卡安全论坛

我的机子中毒了，用卡卡助手能查出中了流氓软件，六个，可是让重启，重启后却删除不了，而且瑞星监控已经打不开了，机子也变慢了，请大家帮帮忙

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

附件: SREngLOG.log

由于没有版摸 我给你指出问题
注册表：
  <anistio><C:\WINDOWS\anistio.exE>  []
    <ptshell><C:\WINDOWS\ptshell.exe>  []
    <dkancufr><C:\WINDOWS\knurxjow.exe>  []
    <ticisms><C:\WINDOWS\ticisms.exe>  []
    <fmsbbqi><C:\WINDOWS\fmsbbqi.exe>  []
    <mfchlp64><C:\WINDOWS\mfchlp64.exe>  []
    <yuiabct><C:\WINDOWS\yuiabct.exe>  []
    <fewqickd><C:\WINDOWS\fewqickd.exe>  []
    <dionpis><C:\WINDOWS\dionpis.exe>  []
    <ytewcxzsw><C:\WINDOWS\ytewcxzsw.exe>  []
    <bincdwsa><C:\WINDOWS\bincdwsa.exe>  []
    <fmbiost><C:\WINDOWS\fmbiost.exe>  []
    <hefcndy><C:\WINDOWS\hefcndy.exe>  []
    <fmsjhif><C:\WINDOWS\fmsjhif.exe>  []
    <nmhgtce><C:\WINDOWS\nmhgtce.exe>  []
    <yuibbct><C:\WINDOWS\yuibbct.exe>  []
    <?{DC3D30AE-0380-4151-8934-EE98A34B0370}><>  [N/A]
    <?{d6763cab-b46e-4f7f-8347-6f098a83a164}><MMKAFNFW1097.dll>  []
    <?{28EB3777-3E23-4E72-8449-A992D09D24C3}><>  [N/A]
    <?{28766E1C-74B0-4417-8C75-F12AE309EF35}><>  [N/A]
    <?{18e64250-19a8-4d10-828f-30e101a22291}><MMBAIKOK1092.dll>  []
    <?{461D2AB4-29A5-45C2-9134-D52272D3DE38}><>  [N/A]
    <?{8c3dd05d-a6a1-4cb5-a714-94be3c3b4cd0}><MMHADPQG1091.dll>  []
    <?{8AD0F1B1-990D-4F52-A33D-2837E43CEF58}><>  [N/A]
    <?{d592daa6-9b5e-416d-973a-d76c53183e7e}><MMMHXGGD1062.dll>  []
    <{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll>  []
    <{d6763cab-b46e-4f7f-8347-6f098a83a164}><MMKAFNFW1097.dll>  []
    <{28EB3777-3E23-4E72-8449-A992D09D24C3}><C:\WINDOWS\system32\zgfdet.dll>  []
    <{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll>  []
    <{18e64250-19a8-4d10-828f-30e101a22291}><MMBAIKOK1092.dll>  []
    <{461D2AB4-29A5-45C2-9134-D52272D3DE38}><C:\WINDOWS\system32\rfdswc.dll>  []
    <{8c3dd05d-a6a1-4cb5-a714-94be3c3b4cd0}><MMHADPQG1091.dll>  []
    <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll>  []
    <{8AD0F1B1-990D-4F52-A33D-2837E43CEF58}><C:\Program Files\Internet Explorer\PLUGINS\DosSys08.Sys>  []
    <{d592daa6-9b5e-416d-973a-d76c53183e7e}><MMMHXGGD1062.dll>  []
<?{AAA288BA-9A4C-45B0-95D7-94D524869DB5}>  [N/A]
<IFEO[QQDoctorMain.exe]><TASKMAN.EXE>  [(Verified)Microsoft Windows Publisher]
<IFEO[SelfUpdate.exe]><TASKMAN.EXE>  [(Verified)Microsoft Windows Publisher]
把 <AppInit_DLLs><ieprot.dll,msosmhfp00.dll,msosdohs00.dll,nicozftp00.dll,ytewcxzsw.dll,msosmnsf00.dll,ahztay.dll,dddddd.dll,tttttt.dll,msosdror00.dll,cccccc.dll,eeeeee.dll> 的值改为空
=================================
文件：
C:\WINDOWS\anistio.exE
C:\WINDOWS\ptshell.exe
C:\WINDOWS\knurxjow.exe
C:\WINDOWS\ticisms.exe
C:\WINDOWS\fmsbbqi.exe
C:\WINDOWS\mfchlp64.exe
C:\WINDOWS\yuiabct.exe
C:\WINDOWS\fewqickd.exe
C:\WINDOWS\dionpis.exe
C:\WINDOWS\ytewcxzsw.exe
C:\WINDOWS\bincdwsa.exe
C:\WINDOWS\fmbiost.exe
C:\WINDOWS\hefcndy.exe
C:\WINDOWS\fmsjhif.exe
C:\WINDOWS\nmhgtce.exe
C:\WINDOWS\yuibbct.exe
C:\WINDOWS\system32\mfdesy.dll
C:\WINDOWS\system32\zgfdet.dll
C:\WINDOWS\system32\wzcfsw.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\wyrsdj.dll
C:\DOCUME~1\FOV\LOCALS~1\Temp\tmp12.tmp
C:\DOCUME~1\FOV\LOCALS~1\Temp\tmp91.tmp
C:\DOCUME~1\FOV\LOCALS~1\Temp\tmpE.tmp
C:\DOCUME~1\FOV\LOCALS~1\Temp\tmpB.tmp
C:\WINDOWS\system32\drivers\msosmsfpfis64.sys
C:\WINDOWS\system32\drivers\msosmsp2p32.sys
C:\DOCUME~1\FOV\LOCALS~1\Temp\tmp17.tmp
C:\WINDOWS\system32\ytewcxzsw.dll
C:\WINDOWS\system32\ahztay.dll
C:\WINDOWS\system32\dddddd.dll
C:\WINDOWS\system32\tttttt.dll
C:\WINDOWS\system32\msosdror00.dll
C:\WINDOWS\system32\cccccc.dll
C:\WINDOWS\system32\mfdesy.dll
C:\WINDOWS\system32\zgfdet.dll
C:\WINDOWS\system32\wzcfsw.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\wyrsdj.dll
C:\WINDOWS\system32\msosdror01.dll
C:\WINDOWS\system32\gqgg9.exe
C:\Program Files\Internet Explorer\PLUGINS\DosSys08.Sys
==============================
浏览器加载项：
[]
  {8AD0F1B1-990D-4F52-A33D-2837E43CEF58} <C:\Program Files\Internet Explorer\PLUGINS\DosSys08.Sys, N/A>
[]
  {8AD0F1B1-990D-4F52-A33D-2837E43CEF58} <C:\Program Files\Internet Explorer\PLUGINS\DosSys08.Sys, N/A>]
============================================
以下属于可疑文件：
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
===========================================

那我想问问，怎么解决那些儿问题，说明白一点行吗，谢谢

这贴病毒文件有意思

看我签名处，木马群清理

清理完再扫个最新2.6版的SRENG日志来打扫残余

还有这补丁打了么？
http://bbs.ikaka.com/showtopic-8509685.aspx

C:\WINDOWS\htpatch.exe
C:\WINDOWS\autoclk.exe
这两文件，楼主能找到压缩后打包发来看看才好

今天见几个求助的有它们了。