瑞星卡卡安全论坛

今天中了个很厉害的病毒,把所有有关杀毒的软件都禁了,现在手动删除了它,并重新杀了毒,修复了大部分软件,但瑞星防火墙还是打不开,不知道怎么回事下面是AUTORNS的报告
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           
+ CertificateRegistration    Certificate Registration Utility    A.E.T. Europe B.V.    c:\windows\system32\safesigncertreg.exe
+ gemstrmw    GSCardStart    Gemplus    c:\windows\system32\gemstrmw.exe
+ HotKeysCmds    hkcmd Module    Intel Corporation    c:\windows\system32\hkcmd.exe
+ IgfxTray            未找到文件:  ;
+ IMSCMig            未找到文件:  ;
+ MenuOrder            未找到文件:  C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\MenuOrder\MenuOrder.exe
+ MSPY2002            c:\windows\system32\ime\pintlgnt\imscinst.exe
+ PHIME2002A            未找到文件:  ;
+ PHIME2002ASync            未找到文件:  ;
+ SoundMan            未找到文件:  ;
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components           
+ n/a            未找到文件:  C:\Program Files\Common Files\System\IDrivers.pif
+ n/a            未找到文件:  C:\WINDOWS\system32\nwizwlwz.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks           
+ gdipri.dll            c:\windows\system32\gdipri.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           
+ mp3infp    mp3infp DLL    win32lab.com    c:\windows\system32\mp3infp.dll
+ RISING    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\windows\system32\ravext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers           
+ mp3infp    mp3infp DLL    win32lab.com    c:\windows\system32\mp3infp.dll
+ PDF Shell Extension    PDF Shell Extension    Adobe Systems, Inc.    f:\dongyi2006\acrobat reader 7.05\acrobat reader 7.05 中英文精简绿色版\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects           
+ FGCatchUrl    Flashget CatchUrl Module    www.flashget.com    d:\program files\flashget\jccatch.dll
+ FlashGet GetFlash Class    Flashget GetFlash Module    www.flashget.com    d:\program files\flashget\getflash.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions           
+ 超级解霸10 Beta    Hero Super Player    herosoft    e:\dddd\豪杰超级解霸\超级解霸10\sthsdvd.exe
+ 快车(FlashGet)    FlashGet    FlashGet.com    d:\program files\flashget\flashget.exe
HKLM\System\CurrentControlSet\Services           
+ dmserver    监测和监视新硬盘驱动器并向逻辑磁盘管理器管理服务发送卷的信息以便配置。如果此服务被终止，动态磁盘状态和配置信息会过时。如果此服务被禁用，任何依赖它的服务将无法启动。        未找到文件:  C:\WINDOWS\System32\afnaijgp.d1l
+ RemoteStorage    Network Connections Management        未找到文件:  C:\WINDOWS\system32\SVCH0ST.EXE
+ SENS    跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。        未找到文件:  C:\WINDOWS\System32\ujktrblc.dll
HKLM\System\CurrentControlSet\Services           
+ afnaijgp            c:\windows\system32\drivers\afnaijgp.sys
+ ALCXSENS    Sensaura WDM 3D Audio Driver    Sensaura Ltd    c:\windows\system32\drivers\alcxsens.sys
+ ALCXWDM    Realtek AC'97 Audio Driver (WDM)    Realtek Semiconductor Corp.    c:\windows\system32\drivers\alcxwdm.sys
+ BaseTDI    basetdi    Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\basetdi.sys
+ CmdIde    CMD PCI IDE Bus Driver    CMD Technology, Inc.    c:\windows\system32\drivers\cmdide.sys
+ FETNDIS    NDIS 5.0 miniport driver    VIA Technologies, Inc.                  c:\windows\system32\drivers\fetnd5.sys
+ ft2kEnum    usb token Enumerator Service    OEM Corporation    c:\windows\system32\drivers\ic2kenum.sys
+ GD_USB    USB Chip Service Name        c:\windows\system32\drivers\chip_usb.sys
+ GDBaseSmc    USB Chip Holder service Name    OEM    c:\windows\system32\drivers\chip_smc.sys
+ ialm    Controller Hub for Intel Graphics Driver    Intel Corporation    c:\windows\system32\drivers\ialmnt5.sys
+ MegaIDE    LSI MegaRAID IDE Driver    LSI Logic Corporation.    c:\windows\system32\drivers\megaide.sys
+ NPF    npf    CACE Technologies    c:\windows\system32\drivers\npf.sys
+ npkcrypt    nProtect KeyCrypt Driver    INCA Internet Co., Ltd.    e:\dddd\ipqq2006\qq\npkcrypt.sys
+ nv    NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73     NVIDIA Corporation    c:\windows\system32\drivers\nv4_mini.sys
+ pfc    Padus(R) ASPI Shell    Padus, Inc.    c:\windows\system32\drivers\pfc.sys
+ Ptilink    Direct Parallel Link Driver    Parallel Technologies, Inc.    c:\windows\system32\drivers\ptilink.sys
+ Reader_Device    SmartCard Reader Device Driver    OEM    c:\windows\system32\drivers\usbic2k.sys
+ RsAntiSpyware    RsBoot    Beijing Rising    c:\windows\system32\drivers\rsboot.sys
+ RsNTGDI    RsNTGDI    Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\rsntgdi.sys
+ rtl8139    Realtek RTL8139 NDIS 5.0 Driver    Realtek Semiconductor Corporation    c:\windows\system32\drivers\rtl8139.sys
+ Secdrv    SafeDisc driver        c:\windows\system32\drivers\secdrv.sys
+ {6080A529-897E-4629-A488-ABA0C29B635E}    Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM)    Intel Corporation    c:\windows\system32\drivers\ialmsbw.sys
+ {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}    Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM)    Intel Corporation    c:\windows\system32\drivers\ialmkchw.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify           
+ igfxcui    igfxsrvc Module    Intel Corporation    c:\windows\system32\igfxsrvc.dll

高手们帮忙看看哪里出了问题,哪些该删!

sreng日志有么

补充SRE日志
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [N/A]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <gemstrmw><C:\WINDOWS\system32\gemstrmw.exe /r>  [Gemplus]
    <CertificateRegistration><SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
    <MenuOrder><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\MenuOrder\MenuOrder.exe>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RavTask><"D:\瑞星杀毒\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\瑞星防火墙\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{131AB311-16F1-F13B-1E43-11A24B51AFD1}><C:\WINDOWS\system32\gdipri.dll>  []

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Logical Disk Manager / dmserver][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\afnaijgp.d1l><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start]
  <d:\SQLSER~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Windows Accounts Driver / RemoteStorage][Stopped/Auto Start]
  <C:\WINDOWS\system32\SVCH0ST.EXE><N/A>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\瑞星杀毒\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\瑞星杀毒\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[System Event Notification / SENS][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\ujktrblc.dll><N/A>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <d:\SQLSER~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\瑞星防火墙\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <d:\瑞星防火墙\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
==================================
正在运行的进程
[PID: 484][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 624][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\gdipri.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\mp3infp.dll]  [win32lab.com, 2.50.5.0]
    [F:\dongyi2006\Acrobat Reader 7.05\Acrobat Reader 7.05 中英文精简绿色版\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,1847]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1847]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1847]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1847]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1847]
    [D:\ACCSS\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3,0,0,1847]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\瑞星杀毒\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [F:\新2170~1\WINDOW~1\Commenu.dll]  [Fygsoft and Microsoft, 3.0.0.63]
[PID: 1360][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,1847]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1847]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1847]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1847]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,1847]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1847]
[PID: 1380][C:\WINDOWS\system32\SafeSignCertReg.exe]  [A.E.T. Europe B.V., 2.0.0.2]
[PID: 1420][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1568][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1840][C:\Documents and Settings\Admin\桌面\新建文件夹 (2)\autoruns.exe]  [Sysinternals - www.sysinternals.com, 8.61]
[PID: 608][D:\MYIE2\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 6, 42]
    [D:\MYIE2\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [d:\SQLSER~1\MSSQL\BINN\SQLCTR80.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\2052\MSMAPI32.DLL]  [Microsoft Corporation, 11.0.5601]
    [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.6360]
    [D:\MYIE2\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 5.00.2000.3]
[PID: 392][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1928][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][C:\Documents and Settings\Admin\桌面\新建文件夹 (2)\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\NpOpenStore.dll]  [N/A, ]
    [C:\WINDOWS\system32\NPCard.dll]  [N/A, ]
    [C:\WINDOWS\system32\RsaFun.dll]  [N/A, ]
    [C:\WINDOWS\system32\GPKPCSC.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng （就是你扫日志的软件）
启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)

<gemstrmw><C:\WINDOWS\system32\gemstrmw.exe /r> [Gemplus]
<{131AB311-16F1-F13B-1E43-11A24B51AFD1}><C:\WINDOWS\system32\gdipri.dll> []
“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：

Logical Disk Manager / dmserver
Windows Accounts Driver / RemoteStorage
System Event Notification / SENS


双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后删除
C:\WINDOWS\system32\SVCH0ST.EXE(中间是数字0）
%SystemRoot%\System32\ujktrblc.dll

<gemstrmw><C:\WINDOWS\system32\gemstrmw.exe /r> [Gemplus]
<{131AB311-16F1-F13B-1E43-11A24B51AFD1}><C:\WINDOWS\system32\gdipri.dll> []
SystemRoot%\System32\afnaijgp.d1l
[C:\WINDOWS\system32\NpOpenStore.dll] [N/A, ]
[C:\WINDOWS\system32\NPCard.dll] [N/A, ]
[C:\WINDOWS\system32\RsaFun.dll] [N/A, ]
[C:\WINDOWS\system32\GPKPCSC.dll] [N/A, ]