流氓软件3448卡卡可能还没有删除干净!!!
今天我中招了,用了卡卡3.0显示机器中没有了流氓软件
可是我用360安全卫士扫描了一下,发现还有残留....重起机器在360安全卫士中还是有的.
在卡卡里面显示没有了.....请教....
c:\windows\system32\advapi.dll
这个文件能删除吗?????????????
这是个  4199/9505/3448是不是变种了的呀???

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

好

2006-11-18,16:44:01

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <360Safe><Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware>  [360Safe.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{87E9A375-55CC-4a8b-8DEC-5BA95BFD37E7}><c:\program files\rising\rav\huqvjxzu.dll>  [N/A]
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\rising\rav\yapfulkm.dll>  [N/A]

==================================
启动文件夹
N/A

2006-11-18,16:44:01

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <360Safe><Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware>  [360Safe.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{87E9A375-55CC-4a8b-8DEC-5BA95BFD37E7}><c:\program files\rising\rav\huqvjxzu.dll>  [N/A]
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\rising\rav\yapfulkm.dll>  [N/A]

==================================
启动文件夹
N/A

服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Indexing Manager / License]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\rcvshw17.dll><N/A>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
驱动程序
[BaseTDI / BaseTDI]
  <\??\C:\WINNT\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[usb Card Device / ft2kEnum]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc]
  <system32\DRIVERS\smccardb.sys><OEM>
[GEMPC430 / GEMPC430]
  <System32\Drivers\gemusb.sys><Gemplus>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[KWatch3 / KWatch3]
  <\??\C:\WINNT\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[MidiSyn / MidiSyn]
  <system32\drivers\MidiSyn.sys><Analog Devices Inc>
[npkcrypt / npkcrypt]
  <\??\D:\QQ\TMDlls\npkcrypt.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device]
  <system32\DRIVERS\usbic2k.sys><OEM>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RSPPSYS / RSPPSYS]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS NT Driver / RTL8023]
  <system32\DRIVERS\Rtlnic.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[senfilt / senfilt]
  <system32\drivers\senfilt.sys><Sensaura>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[usb token Device Driver / token]
  <system32\DRIVERS\eps2kt1.sys><N/A>

==================================
浏览器加载项
[]
  {D7ECC3AC-9614-4DDB-8FAB-69B74554CD9D} <C:\DOCUME~1\saq\APPLIC~1\MICROS~1\AddIns\IE_HEL~1.DLL, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINNT\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[Settings Class]
  {A996E48C-D3DC-4244-89F7-AFA33EC60679} <C:\WINNT\system32\capicom.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>

==================================

正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 176][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 172][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6898]
    [c:\program files\rising\rav\huqvjxzu.dll]  [, 1, 0, 0, 11]
[PID: 224][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 236][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 368][C:\WINNT\System32\SCardSvr.exe]  [Microsoft Corporation, 5.00.2195.6609]
[PID: 456][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 484][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 540][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
[PID: 576][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 620][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 644][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
[PID: 684][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 736][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 752][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 912][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1144][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [c:\program files\rising\rav\huqvjxzu.dll]  [, 1, 0, 0, 11]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[PID: 1236][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  [InstallShield Software Corporation, 3, 10, 100, 1146]
[PID: 1272][C:\WINNT\system32\ep2k_certd_bc.exe]  [, 1, 0, 4, 1011]
    [C:\WINNT\system32\ep2pk11_bc.dll]  [, 2, 4, 4, 1202]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
[PID: 1308][C:\WINNT\system32\ep2k_mon_bc.exe]  [, 1, 1, 4, 1202]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
[PID: 1324][C:\WINNT\system32\rundll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
[PID: 1352][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
[PID: 1364][C:\WINNT\system32\b0ti7w.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
[PID: 1276][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1396][C:\WINNT\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
[PID: 824][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
    [C:\WINNT\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINNT\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 1128][C:\Documents and Settings\saq\桌面\090\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINNT\system32\drivers\3shazo.sys]  [N/A, N/A]
    [C:\WINNT\system32\hazod.dll]  [N/A, N/A]
    [C:\WINNT\system32\NpOpenStore.dll]  [N/A, N/A]
    [C:\WINNT\system32\NPCard.dll]  [N/A, N/A]
    [C:\WINNT\system32\RsaFun.dll]  [N/A, N/A]
    [C:\WINNT\system32\GPKPCSC.dll]  [N/A, N/A]

==================================
文件关联
.TXT  Error. [notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  Error. [C:\WINNT\system32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  Error. [notepad.exe %1]
.VBS  Error. [wscript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
125.91.14.230 www.kzdh.com
125.91.14.230 www.7255.com
125.91.14.230 www.7322.com
125.91.14.230 www.7939.com
125.91.14.230 www.piaoxue.com
125.91.14.230 www.feixu.net
125.91.14.230 www.6781.com
125.91.14.230 www.7b.com.cn
125.91.14.230 7b.com.cn
125.91.14.230 www.918188.com
125.91.14.230 hao.allxue.com
125.91.14.230 good.allxue.com
125.91.14.230 baby.allxue.com
125.91.14.230 www.allxue.com
125.91.14.230 about.lank.la
125.91.14.230 www.x114x.com
125.91.14.230 www.37ss.com
125.91.14.230 www.7k.cc
125.91.14.230 www.73ss.com
125.91.14.230 www.hao123.com
125.91.14.230 www.81915.com
125.91.14.230 222.88.90.22
125.91.14.230 www.9991.com
125.91.14.230 www.my123.com
125.91.14.230 www.haokan123.com
125.91.14.230 www.5566.net
125.91.14.230 www.gjj.cc
125.91.14.230 www.2345.com
125.91.14.230 dl.hao318.com
125.91.14.230 www.123wa.com

==================================

显示隐藏文件
删除： 
C:\WINNT\system32\drivers\3shazo.sys
C:\WINNT\system32\hazod.dll
C:\WINNT\system32\b0ti7w.exe
无法删除,去反病毒论坛置贴下载冰刃删除,不要到安全模式下,因为中了3448进不了安全模式



运行SREng2,使用“启动项目”－－HOSTS 文件－－删除
125.91.14.230 www.kzdh.com
125.91.14.230 www.7255.com
125.91.14.230 www.7322.com
125.91.14.230 www.7939.com
125.91.14.230 www.piaoxue.com
125.91.14.230 www.feixu.net
125.91.14.230 www.6781.com
125.91.14.230 www.7b.com.cn
125.91.14.230 7b.com.cn
125.91.14.230 www.918188.com
125.91.14.230 hao.allxue.com
125.91.14.230 good.allxue.com
125.91.14.230 baby.allxue.com
125.91.14.230 www.allxue.com
125.91.14.230 about.lank.la
125.91.14.230 www.x114x.com
125.91.14.230 www.37ss.com
125.91.14.230 www.7k.cc
125.91.14.230 www.73ss.com
125.91.14.230 www.hao123.com
125.91.14.230 www.81915.com
125.91.14.230 222.88.90.22
125.91.14.230 www.9991.com
125.91.14.230 www.my123.com
125.91.14.230 www.haokan123.com
125.91.14.230 www.5566.net
125.91.14.230 www.gjj.cc
125.91.14.230 www.2345.com
125.91.14.230 dl.hao318.com
125.91.14.230 www.123wa.com

所有东西都不是完美的

大哥,冰刃在那,我找不到啊,来个地址????
哈哈