瑞星卡卡安全论坛

刚才隐藏了，每刷新，现在刷新了，你看看。
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ KAVPersonal50Kaspersky Anti-Virus GUI PartKaspersky Labd:\program files\kaspersky lab\kaspersky anti-virus personal\kav.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ 卡巴斯基反黑客.lnkKaspersky Anti-HackerKaspersky Labd:\program files\kaspersky lab\kaspersky anti-hacker\kavpf.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ usbadpt32.dllc:\windows\system32\usbadpt32.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell ExtensionPDF Shell ExtensionAdobe Systems, Inc.c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 7.0 for ActiveXAdobe Systems Incorporatedc:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll

HKLM\System\CurrentControlSet\Services

+ ANSYS FLEXlm license managerMacrovision Corporationc:\program files\ansys inc\shared files\licensing\intel\lmgrd.exe

+ Ati HotKey PollerATI External Event Utility EXE ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.exe

+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe

+ kavsvcKaspersky Anti-Virus ServiceKaspersky Labd:\program files\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe

HKLM\System\CurrentControlSet\Services

+ ac97intcIntel(r) Integrated Controller Hub Audio DriverIntel Corporationc:\windows\system32\drivers\ac97intc.sys

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys

+ AliIdeFile not found: System32\DRIVERS\aliide.sys

+ Apaidic:\windows\system32\drivers\apaidi.sys

+ ati2mtagATI Radeon WindowsNT Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys

+ CmdIdeCMD PCI IDE Bus DriverCMD Technology, Inc.c:\windows\system32\drivers\cmdide.sys

+ DS1410DFile not found: SYSTEM32\drivers\DS1410D.SYS

+ FETNDISNDIS 5.0 miniport driverVIA Technologies, Inc.              c:\windows\system32\drivers\fetnd5.sys

+ HWiNFO32HWiNFO32 Kernel DriverREALiX(tm)c:\program files\hwinfo32\hwinfo32.sys

+ ids00026File not found: C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys

+ ids0005cKaspersky Anti-Hacker IDS PluginKaspersky Labsc:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0005c.sys

+ KlickKaspersky Anti-Hacker NDIS InterceptorKaspersky Labsc:\windows\system32\drivers\klick.sys

+ Klifspuper-ptorKaspersky Labsc:\windows\system32\drivers\klif.sys

+ KlinKaspersky Anti-Hacker TDI InterceptorKaspersky Labsc:\windows\system32\drivers\klin.sys

+ KlmcKaspersky Anti-Virus Mail Checker ProxyKaspersky Labc:\windows\system32\drivers\klmc.sys

+ KlpfklpfKLc:\windows\system32\drivers\klpf.sys

+ KlpidklpidKLc:\windows\system32\drivers\klpid.sys

+ klstmKaspersky Anti-Hacker Stealth Mode PluginKaspersky Labsc:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\klstm.sys

+ kmsinputc:\windows\system32\drivers\kmsinput.sys

+ MegaIDELSI MegaRAID IDE DriverLSI Logic Corporation.c:\windows\system32\drivers\megaide.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\program files\tencent\qq1\npkcrypt.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys

+ nvmpu401NVIDIA? nForce(TM) MPU401 DriverNVIDIA Corporationc:\windows\system32\drivers\nvmpu401.sys

+ PCAlertDriverDescription string for NTGLM7X driverYour Corporationd:\program files\msi\pc alert 4\ntglm7x.sys

+ pfcPadus(R) ASPI ShellPadus, Inc.c:\windows\system32\drivers\pfc.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ RTL8023xpRealtek 10/100/1000 NDIS 5.1 Driver                        Realtek Semiconductor Corporation                          c:\windows\system32\drivers\rtlnicxp.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ TSPspuper-ptorKaspersky Labsc:\windows\system32\drivers\klif.sys

+ WINIOc:\windows\system32\winio.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEventATI External Event Utility DLL ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ usbadpt32.dllc:\windows\system32\usbadpt32.dll

WINIOc:\windows\system32\winio.sys

删除启动项
重启
删除c:\windows\system32\usbadpt32.dll；c:\windows\system32\winio.sys试试

不行阿，我把c:\windows\system32\winio.sys删了，c:\windows\system32\usbadpt32.dll删不掉，在安全模式下也不行，怎么办呢

在安全模式下用Microsoft AntiSpyware可以看到C:\Windows\System32\DirectX\svchost.exe在运行，我把它结束了，手动删除，可是开机还是有这个病毒，被卡巴删了，进程里也看不到它，不清楚到底躲在哪里

引用:

【guojp的贴子】不行阿，我把c:\windows\system32\winio.sys删了，c:\windows\system32\usbadpt32.dll删不掉，在安全模式下也不行，怎么办呢 ...........................

用Unlocker工具删除试试
工具下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7471002

谢谢你，就是c:\windows\system32\usbadpt32.dll在作怪，我用Unlocker操作的时候卡巴也在不停的发现病毒，我用Unlocker把它删了，重启之后没有发现病毒，不知道会不会死灰复燃，希望不会！非常谢谢你，如果你在西安，我请你吃饭，呵呵