杀毒p1gzft0，cskcqt05，kgsfcghl91

杀出来一堆病毒，其中 cskcqt05，kgsfcghl91比较难搞。卡巴(不是我的电脑中毒，所以不是Avast) 报kgsfcghl91但一杀电脑就充启。
这两个病毒都是以驱动型式加载，重启到安全模式也没有办法使用杀毒软件或其他工具删除。不过，好像cskcqt05这个病毒可以用SREng在禁用掉，但禁不掉kgsfcghl91。

我也不知道这都是什么病毒，网上搜不到任何东西，使用工具一通乱杀，最后总算搞定。使用的工具有SREng, Autoruns 和 ProcessExplorer，别忘了安全模式哦。


建议的删除方法：到注册表里搜索所有 cskcqt05 和 kgsfcghl91，把搜到的所有项统统删除。如果删不掉，请在该项上点右键，在权限里把所有权限都加上。然后重启电脑，把病毒体统统干掉：
C:/windows/system32/p1gzft0.dll  //木马
C:/windows/system32/cskcqt05.dll  //木马
C:/windows/system32/cskcqt05.dllmmc.pkm
C:/windows/system32/drivers/cskcqt05.sys   //木马
C:/windows/system32/drivers/kgsfcghl91.sys   //木马

另外，还在C:/Windows/目录下发现了一堆病毒和可疑文件：
C:/windows/30000.exe //木马
C:/windows/flashcnn.exe
C:/windows/my_70201.exe
C:/windows/my_70302.exe //木马
C:/windows/mysetup1021.exe  //广告软体
C:/windows/setup306.exe  //CNNIC的东东
C:/windows/setup307.exe  //CNNIC的东东
C:/windows/setupol0165.exe

这是kgsfcghl91的注册表里的东西：

Windows Registry Editor Version  5.00

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY_KGSFCGHL91 ]
" NextInstance " = dword: 00000001

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY_KGSFCGHL91 �0 ]
" Service " = " kgsfcghl91 "
" Legacy " = dword: 00000001
" ConfigFlags " = dword: 00000000
" Class " = " LegacyDriver "
" ClassGUID " = " {8ECC055D-047F-11D1-A537-0000F8753ED1} "
" DeviceDesc " = " kgsfcghl91 "
" Capabilities " = dword: 00000000
" Driver " = " {8ECC055D-047F-11D1-A537-0000F8753ED1}/0033 "

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY_KGSFCGHL91 �0LogConf ]

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY_KGSFCGHL91 �0Control ]
" ActiveService " = " kgsfcghl91 "

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/kgsfcghl91 ]
" Type " = dword: 00000001
" Start " = dword: 00000000
" ErrorControl " = dword: 00000001
" ImagePath " = hex( 2 ): 53 , 00 , 79 , 00 , 73 , 00 , 74 , 00 , 65 , 00 , 6d , 00 , 33 , 00 , 32 , 00 , 5c , 00 , 44 , 00 ,
   52 , 00 , 49 , 00 , 56 , 00 , 45 , 00 , 52 , 00 , 53 , 00 , 5c , 00 , 6b , 00 , 67 , 00 , 73 , 00 , 66 , 00 , 63 , 00 , 67 ,
   00 , 68 , 00 , 6c , 00 , 39 , 00 , 31 , 00 , 2e , 00 , 73 , 00 , 79 , 00 , 73 , 00 , 00 , 00
" DisplayName " = " kgsfcghl91 "
" Group " = " System Bus Extender "
" AutorunsDisabled " = dword: 00000000

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/kgsfcghl91/ Security ]
" Security " = hex: 01 , 00 , 14 , 80 , 90 , 00 , 00 , 00 , 9c , 00 , 00 , 00 , 14 , 00 , 00 , 00 , 30 , 00 , 00 , 00 , 02 ,
   00 , 1c , 00 , 01 , 00 , 00 , 00 , 02 , 80 , 14 , 00 , ff , 01 , 0f , 00 , 01 , 01 , 00 , 00 , 00 , 00 , 00 , 01 , 00 , 00 ,
   00 , 00 , 02 , 00 , 60 , 00 , 04 , 00 , 00 , 00 , 00 , 00 , 14 , 00 , fd , 01 , 02 , 00 , 01 , 01 , 00 , 00 , 00 , 00 , 00 ,
   05 , 12 , 00 , 00 , 00 , 00 , 00 , 18 , 00 , ff , 01 , 0f , 00 , 01 , 02 , 00 , 00 , 00 , 00 , 00 , 05 , 20 , 00 , 00 , 00 ,
   20 , 02 , 00 , 00 , 00 , 00 , 14 , 00 , 8d , 01 , 02 , 00 , 01 , 01 , 00 , 00 , 00 , 00 , 00 , 05 , 0b , 00 , 00 , 00 , 00 ,
   00 , 18 , 00 , fd , 01 , 02 , 00 , 01 , 02 , 00 , 00 , 00 , 00 , 00 , 05 , 20 , 00 , 00 , 00 , 23 , 02 , 00 , 00 , 01 , 01 ,
   00 , 00 , 00 , 00 , 00 , 05 , 12 , 00 , 00 , 00 , 01 , 01 , 00 , 00 , 00 , 00 , 00 , 05 , 12 , 00 , 00 , 00

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/kgsfcghl91/ Enum ]
" 0 " = " Root/LEGACY_KGSFCGHL91/0000 "
" Count " = dword: 00000001
" NextInstance " = dword: 00000001

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet002/Enum/Root/LEGACY_KGSFCGHL91 ]
" NextInstance " = dword: 00000001

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet002/Enum/Root/LEGACY_KGSFCGHL91 �0 ]
" Service " = " kgsfcghl91 "
" Legacy " = dword: 00000001
" ConfigFlags " = dword: 00000000
" Class " = " LegacyDriver "
" ClassGUID " = " {8ECC055D-047F-11D1-A537-0000F8753ED1} "
" DeviceDesc " = " kgsfcghl91 "
" Capabilities " = dword: 00000000
" Driver " = " {8ECC055D-047F-11D1-A537-0000F8753ED1}/0033 "

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet002/Enum/Root/LEGACY_KGSFCGHL91 �0LogConf ]

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet002/Services/kgsfcghl91 ]
" Type " = dword: 00000001
" Start " = dword: 00000000
" ErrorControl " = dword: 00000001
" ImagePath " = hex( 2 ): 53 , 00 , 79 , 00 , 73 , 00 , 74 , 00 , 65 , 00 , 6d , 00 , 33 , 00 , 32 , 00 , 5c , 00 , 44 , 00 ,
   52 , 00 , 49 , 00 , 56 , 00 , 45 , 00 , 52 , 00 , 53 , 00 , 5c , 00 , 6b , 00 , 67 , 00 , 73 , 00 , 66 , 00 , 63 , 00 , 67 ,
   00 , 68 , 00 , 6c , 00 , 39 , 00 , 31 , 00 , 2e , 00 , 73 , 00 , 79 , 00 , 73 , 00 , 00 , 00
" DisplayName " = " kgsfcghl91 "
" Group " = " System Bus Extender "
" AutorunsDisabled " = dword: 00000000

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet002/Services/kgsfcghl91/ Security ]
" Security " = hex: 01 , 00 , 14 , 80 , 90 , 00 , 00 , 00 , 9c , 00 , 00 , 00 , 14 , 00 , 00 , 00 , 30 , 00 , 00 , 00 , 02 ,
   00 , 1c , 00 , 01 , 00 , 00 , 00 , 02 , 80 , 14 , 00 , ff , 01 , 0f , 00 , 01 , 01 , 00 , 00 , 00 , 00 , 00 , 01 , 00 , 00 ,
   00 , 00 , 02 , 00 , 60 , 00 , 04 , 00 , 00 , 00 , 00 , 00 , 14 , 00 , fd , 01 , 02 , 00 , 01 , 01 , 00 , 00 , 00 , 00 , 00 ,
   05 , 12 , 00 , 00 , 00 , 00 , 00 , 18 , 00 , ff , 01 , 0f , 00 , 01 , 02 , 00 , 00 , 00 , 00 , 00 , 05 , 20 , 00 , 00 , 00 ,
   20 , 02 , 00 , 00 , 00 , 00 , 14 , 00 , 8d , 01 , 02 , 00 , 01 , 01 , 00 , 00 , 00 , 00 , 00 , 05 , 0b , 00 , 00 , 00 , 00 ,
   00 , 18 , 00 , fd , 01 , 02 , 00 , 01 , 02 , 00 , 00 , 00 , 00 , 00 , 05 , 20 , 00 , 00 , 00 , 23 , 02 , 00 , 00 , 01 , 01 ,
   00 , 00 , 00 , 00 , 00 , 05 , 12 , 00 , 00 , 00 , 01 , 01 , 00 , 00 , 00 , 00 , 00 , 05 , 12 , 00 , 00 , 00

[ HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/kgsfcghl91 ]
" ImagePath " = hex( 2 ): 53 , 00 , 79 , 00 , 73 , 00 , 74 , 00 , 65 , 00 , 6d , 00 , 33 , 00 , 32 , 00 , 5c , 00 , 44 , 00 ,
   52 , 00 , 49 , 00 , 56 , 00 , 45 , 00 , 52 , 00 , 53 , 00 , 5c , 00 , 6b , 00 , 67 , 00 , 73 , 00 , 66 , 00 , 63 , 00 , 67 ,
   00 , 68 , 00 , 6c , 00 , 39 , 00 , 31 , 00 , 2e , 00 , 73 , 00 , 79 , 00 , 73 , 00 , 00 , 00
" Type " = dword: 00000001
" ErrorControl " = dword: 00000001
" DisplayName " = " kgsfcghl91 "
" Group " = " System Bus Extender "
" Start " = dword: 00000000

这是CSKCQT05的注册表文件，这是已经干掉此病毒后搜索CSKCQT05得到的，实际应该比这多，可能和上面的一样：

Windows Registry Editor Version  5.00

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY_CSKCQT05 ]
" NextInstance " = dword: 00000001

[ HKEY_LOCAL_MACHINE/SYSTEM/ControlSet002/EnumRoot/LEGACY_CSKCQT05 ]
" NextInstance " = dword: 00000001

注：这个不完整，参照上面 KGSFCGHL91 的，或直接搜索吧，把搜到的东东全干掉。

如果您发现了上面的不足，或者更好的解决方法，在下先谢谢了。
一通乱杀，不怎么专业，整理的也欠佳，多多反馈，谢谢。

参考：
反病毒利器Autoruns和ProcessExplorer - 本人推荐使用的查毒杀毒辅助工具