瑞星卡卡安全论坛

我在安全模式用了卡巴杀，提示删除后重启，但重启后还是在，野用rar着到该文件，用压缩后删除，在删除该压缩文件，也清理了注册表里的项，但重启后依然在。请问该怎么杀才能彻底杀掉这该死的病毒

病毒路径..

C;\Program Files\82241403\91f29088.dll属性是隐藏的，不让你修改，也就是看不到这个病毒文件的。我尝试国修改注册表来显示隐藏文件，但是好事不行。

http://www.kztechs.com/sreng/sreng2.zip 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

2006-11-15,10:02:40

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
N/A

==================================
启动文件夹
[Microtek 扫描仪探测器]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Microtek 扫描仪探测器.lnk --> C:\PROGRA~1\Microtek\SCANWI~1\SCANNE~1.EXE []><N>

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[卡巴斯基反病毒软件6.0 / AVP]

<E:\kaba\avp.exe -r><Kaspersky Lab>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <E:\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NetOp Helper ver. 7.50 (2003048) / NetOp Host for NT Service]
  <"E:\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE"><Danware Data A/S>
[SevenSword Service / SevenSword]
  <C:\WINDOWS\System32\SevenSowrdSvr.exe><N/A>

==================================
驱动程序
[00 / 00]
  <\SystemRoot\\SystemRoot\System32\drivers\3818859.sys><N/A>
[200812 / 200812]
  <C:\WINDOWS\SYSTEM32\DRIVERS\200812.SYS><N/A>
[43015 / 43015]
  <\SystemRoot\System32\drivers\43015.sys><N/A>
[45750 / 45750]
  <\SystemRoot\System32\drivers\45750.sys><N/A>
[BIOS / BIOS]
  <\??\C:\WINDOWS\System32\drivers\BIOS.sys><BIOSTAR Group>
[C-Media WDM Audio Interface / cmuda]
  <system32\drivers\cmuda.sys><C-Media Inc>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
  <\??\E:\ewido anti-spyware 4.0\guard.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[kl1 / kl1]

<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
[NetOp Driver 1 ver. 7.50 (2003048) / NHostNT1]
  <\SystemRoot\System32\Drivers\NHOSTNT1.SYS><Danware Data A/S>
[NetOp Driver 3 ver. 7.50 (2003048) / NHOSTNT3]
  <\SystemRoot\System32\Drivers\NHOSTNT3.SYS><Danware Data A/S>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S3Psddr / S3Psddr]
  <System32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[USB eKey / UsbKDev]
  <System32\DRIVERS\UsbKDev.sys><N/A>
[iTowNet USB Key Device / utkey]
  <System32\Drivers\utkey.sys><Union Technology>
[iTowNet Virtual SmartCard / utvsc]
  <System32\DRIVERS\utvsc.sys><Union Technology>
[VIA AGP Filter / viaagp1]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>

==================================

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[FavHook Class]
  {CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} <C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll, Deepdo.com,  Inc.>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\kaba\scieplugin.dll, Kaspersky Lab>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[MessengerStatsClient Class]
  {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[导出到 Microsoft Excel(&x)]
  <res://E:\MICROS~1\Office10\EXCEL.EXE/3000, N/A>

==================================

正在运行的进程
[PID: 764][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 852][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 876][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\System32\utsec.DLL]  [N/A, N/A]
    [C:\WINDOWS\System32\WKCSPIC.dll]  [UNION Technology, 2, 55, 0, 681]
[PID: 920][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 932][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1084][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1128][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1260][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1276][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1608][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
    [d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\System32\h2241403.log]  [N/A, N/A]
    [C:\WINDOWS\System32\hc9bbb32.log]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [E:\kaba\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [E:\ewido anti-spyware 4.0\context.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [C:\WINDOWS\System32\wbwsrpt.ime]  [LongWen Corporation, 3.4.00]
    [C:\WINDOWS\System32\getDateInfo.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
    [E:\ewido anti-spyware 4.0\shellexecutehook.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 1672][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 16, 0, 0]
    [C:\WINDOWS\system32\NRPMONNT.DLL]  [Danware Data A/S, 7.50 (2003048)]
[PID: 1820][C:\WINDOWS\System32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 7]
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 8]
[PID: 148][E:\ewido anti-spyware 4.0\guard.exe]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [E:\ewido anti-spyware 4.0\engine.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 316][E:\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE]  [Danware Data A/S, 7.50 (2003048)]
[PID: 384][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 464][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\MSMWUD13.dll]  [Microtek International Inc., 1.2.0]
    [C:\WINDOWS\System32\MSMe4W.DLL]  [Microtek International Inc., 1.00]
[PID: 1732][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\MSInfo\ms822414.dll]  [N/A, N/A]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 1988][C:\PROGRA~1\ITOWNX~1\CertRegX.exe]  [M&W, 2, 0, 0, 3]
    [C:\WINDOWS\System32\xcsp_eclib.dll]  [M&W L.t.d, 2, 0, 2, 6]
    [C:\WINDOWS\System32\HookDev.dll]  [mw, 1, 0, 1, 5]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 2032][D:\Program Files\iTowNet\信城通桌面安全套件 V2.5.12\eKeyDaemon.exe]  [北京信城通数码科技有限公司, 2.4.0.14]
    [C:\WINDOWS\System32\UTAdmDll.dll]  [N/A, N/A]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\System32\utsec.DLL]  [N/A, N/A]

[C:\WINDOWS\System32\WKCSPIC.dll]  [UNION Technology, 2, 55, 0, 681]
[PID: 2044][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 1424][C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Microtek\ScanWizard 5\SFRes.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\Msmgr32.dll]  [Microtek International Inc., 3.3]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\MS32RES.DLL]  [Microtek International Inc., 3.3]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\MPHASE32.DLL]  [N/A, N/A]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\MSSTI.DLL]  [Microtek International Inc., 1.62.4]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\SME432.DLL]  [Microtek International Inc., 1.11]
[PID: 1704][E:\Microsoft Office\Office10\EXCEL.EXE]  [Microsoft Corporation, 10.0.2614]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
[PID: 2396][E:\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

日志上来了，各位  兄弟帮帮忙

班竹进来帮帮我吧，我都为了它弄了半天了。

运行(双击)SRENG2，点“启动项目，服务，点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
00
200812
43015
45750
，选择“删除服务”
点“设置”选择“否”
重启按F８进入安全模式下修复
显示隐藏文件
删除：     
\SystemRoot\\SystemRoot\System32\drivers\3818859.sys
C:\WINDOWS\SYSTEM32\DRIVERS\200812.SYS
\SystemRoot\System32\drivers\43015.sys
\SystemRoot\System32\drivers\45750.sys

怎么没有注册表项

谢谢 ，我马上去试试

怎么我不能修复阿，我用兔子的修复都不能修复，无法显示隐藏的文件。红夜鬼，帮帮我阿

我和楼主一样啊！

怎么办？

求助。。。。