瑞星卡卡安全论坛

有人帮下忙吗，病毒清不了..sReg扫描的结果

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <17e><C:\DOCUME~1\Chinese\LOCALS~1\Temp\winlog0n.exe>  []
    <wzehb72fw><C:\DOCUME~1\Chinese\LOCALS~1\Temp\iexpl0re.exe>  []
    <RealUpdate><C:\DOCUME~1\Chinese\LOCALS~1\Temp\TIMPlatform.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <NAV CfgWiz><C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT">  [(Verified)Symantec Corporation]
    <Symantec NetDriver Monitor><C:\PROGRA~1\SYMNET~1\SNDMon.exe>  [(Verified)Symantec Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  []
    <testrun><C:\WINDOWS\testexe.exe>  []
    <winform><C:\WINDOWS\winform.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KASTask><C:\PROGRA~1\KOS\KASTask.EXE>  [Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{90BC520C-9175-470E-94B8-10FD869D170B}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.vxd>  []
    <{42A612A4-4334-4424-4234-42261A31A236}><C:\WINDOWS\system32\pdkpri.dll>  []
    <{B8a170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\program files\Common~1\System\..\System\..\System\isignup.sys>  []

服务
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[E8CF2CDC / E8CF2CDC][Stopped/Auto Start]
  <C:\WINDOWS\system32\899E5700.EXE -k><Microsoft Corporation>
[Fast Client / fast][Running/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Norton AntiVirus Auto Protect Service / navapsvc][Running/Auto Start]
  <"C:\Program Files\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[SAVScan / SAVScan][Running/Auto Start]
  <"C:\Program Files\Norton AntiVirus\SAVScan.exe"><Symantec Corporation>
[ScriptBlocking Service / SBService][Stopped/Auto Start]
  <C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[WinQJServiceNow / WinQJServiceNow][Stopped/Auto Start]
  <C:\DOCUME~1\Chinese\LOCALS~1\Temp\RAVQJ.EXE><N/A>
[Portable Media / WmdmPWD][Stopped/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Windows zdbv RunThem / zdbv][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\uywq\eiga.dll>< >
[Routing Protect Access / Mercha2][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE C:\WINDOWS\SYSTEM32\WBEM\LNOHK.DLL,Export 1087><Microsoft Corporation>
[Office Backup Engine / Tech][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\qozvz.dll><Microsoft Corporation>

驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[cfvwylwu / cfvwylwu][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cfvwylwu.sys><N/A>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070502.018\NAVENG.Sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070502.018\NavEx15.Sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\My Tools\QQ\CoralQQ_5.0_diy\CoralQQ_5.0_diy\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Norton AntiVirus\SAVRT.SYS><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[ATSpy / ATSpy][Running/Manual Start]
  <\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[cwikohdk / cwikohdk][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cwikohdk.sys><N/A>
[ipoyz / ipoyz][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ipoyz.sys><N/A>
[msqmx / msqmx][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msqmx.sys><N/A>

==================================
浏览器加载项
[Jpeg Class]
  {4970DA77-DB06-4EB9-AAB5-77AF0CC77310} <C:\WINDOWS\system32\6fa4.dll, TODO: <公司名>>
[CNavExtBho Class]
  {BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Norton AntiVirus]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司>
[Norton AntiVirus]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Jpeg Class]
  {4970DA77-DB06-4EB9-AAB5-77AF0CC77310} <C:\WINDOWS\system32\6fa4.dll, TODO: <公司名>>
[CNavExtBho Class]
  {BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>