瑞星卡卡安全论坛

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe C:\WINDOWS\svchost.exe>  [Microsoft Corporation.]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{A16CA976-4B8D-47FC-A9F4-651C17B636EC}><C:\WINDOWS\system32\msow32cn.dll>  [TEC Solutions Limited.]
    <{0EA12C16-CDEF-6AC1-236E-CD3FE82F5213}><C:\Program Files\Internet Explorer\msvcrt.dll>  [Microsoft Corporation]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys>  [N/A]
    <{05AD2E16-C6EF-6AC1-136A-CE3FD8EF5613}><C:\Program Files\Internet Explorer\msvcrt.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <dasa><; C:\DOCUME~1\1314\LOCALS~1\Temp\daso.exe>  [N/A]
    <fysa><; C:\DOCUME~1\1314\LOCALS~1\Temp\fyso.exe>  [N/A]
    <igfxhkcmd><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <igfxpers><; C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Intel Corporation]
    <igfxtray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <IMEKRMIG6.1><; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <jtsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\jtso.exe>  [N/A]
    <mhsa><; C:\DOCUME~1\107_2\LOCALS~1\Temp\mhso.exe>  [N/A]
    <monitor_server><; C:\Program Files\bbb.exe>  [N/A]
    <MsIMMs32><; C:\WINDOWS\MsIMMs32.exe>  [N/A]
    <MSPY2002><; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <qjsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\qjso.exe>  [N/A]
    <rxsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\rxso.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [N/A]
    <tlsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\tlso.exe>  [N/A]
    <vptray><; C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <wdsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\wdso.exe>  [N/A]
    <wgsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\wgso.exe>  [N/A]
    <wlsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\wlso.exe>  [N/A]
    <wmsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\wmso.exe>  [N/A]
    <wosa><; C:\DOCUME~1\1314\LOCALS~1\Temp\woso.exe>  [N/A]
    <ztsa><; C:\DOCUME~1\107_2\LOCALS~1\Temp\ztso.exe>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[9CEADA24 / 9CEADA24][Stopped/Auto Start]
  <C:\WINDOWS\system32\9D6A1DB4.EXE -k><Microsoft Corporation>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[EpsonBidirectionalService / EpsonBidirectionalService][Running/Auto Start]
  <C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Intel(R) Matrix Storage Event Monitor / IAANTMon][Running/Auto Start]
  <C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe><Intel Corporation>
[Remote Help & Control Service backup / netbackup][Stopped/Auto Start]
  <C:\WINDOWS\system32\netbackup.exe><N/A>
[Remote Help & Control Service / netcontrol][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netservice-->C:\WINDOWS\system32\syst.dll><N/A>
[SavRoam / SavRoam][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Windows XP / Windows MSN Messenger][Stopped/Auto Start]
  <C:\WINDOWS\system32\MSN><N/A>
[Windows Explorer Helper / Winehplr][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\WinRdg32.exe><TEC Solutions Limited.>
[Transaction Provisioning Service / zedcy][Running/Auto Start]
  <C:\WINDOWS\system32\server3.exe><N/A>

驱动程序
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><N/A>
[cdnprot / cdnprot][Running/System Start]
  <system32\drivers\cdnprot.sys><CNNIC>
[cdntran / cdntran][Running/Auto Start]
  <system32\drivers\cdntran.sys><CNNIC>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.SYS><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel AHCI Controller / iastor][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[Network Packet Filter / IPNPF][Running/Boot Start]
  <\SystemRoot\system32\drivers\ipnpf.sys><Politecnico di Torino>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070614.017\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070614.017\navex15.sys><Symantec Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\drivers\UIUSys.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[CNNIC_IDN]
  {35980F6E-A137-4E50-953D-813BB8556899} <C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll, N/A>
[]
  {D7515C61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\Common Files\Relive.dll, Microsoft Corporation>
[]
  {E3616E66-C13B-2628-2CDF-EDABCFA235E1} <C:\Program Files\Common Files\Relive.dll, Microsoft Corporation>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[XDownload Class]
  {165D83D3-359C-4783-9BF0-6FA6DC42A3F1} <C:\WINDOWS\Downloaded Program Files\SSDownload.dll, 北京世纪超星>
[BoBoControl Class]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\Documents and Settings\107_2\My Documents\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[CNNIC_IDN]
  {35980F6E-A137-4E50-953D-813BB8556899} <C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[]
  {D7515C61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\Common Files\Relive.dll, Microsoft Corporation>
[]
  {E3616E66-C13B-2628-2CDF-EDABCFA235E1} <C:\Program Files\Common Files\Relive.dll, Microsoft Corporation>
[BoBoControl Class]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\Documents and Settings\107_2\My Documents\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, N/A>
[&Google Search]
  <res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html, N/A>
[Backward &Links]
  <res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html, N/A>
[Cac&hed Snapshot of Page]
  <res://C:\Program Files\Google\googletoolbar.dll/cmcache.html, N/A>
[Si&milar Pages]
  <res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html, N/A>
[Translate into English]
  <res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

正在运行的进程
[PID: 1080][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1152][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\WinWdg32.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
[PID: 1200][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1372][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winoa32.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\WINDOWS\system32\oblknet.dll]  [TEC Solutions Limited., 2, 84, 3221, 0]
    [C:\WINDOWS\system32\ippcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\IPpacket.dll]  [Politecnico di Torino, 3, 0, 0, 20]
    [C:\WINDOWS\system32\orcsdll.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINDOWS\system32\orcshook.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\WINDOWS\system32\ipddraw.DLL]  [TEC Solutions Limited., 2, 84, 2718, 0]
[PID: 1448][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1536][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1660][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1692][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1904][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dwmonnt.dll]  [Fuji Xerox, 4.0.0.11]
    [C:\WINDOWS\system32\E_SL2367.DLL]  [SEIKO EPSON CORPORATION, 2, 27, 0, 0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dwpp.dll]  [Fuji Xerox, 4.0.5.104 [ENG]]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 260][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msow32cn.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\Program Files\Internet Explorer\msvcrt.dll]  [Microsoft Corporation, 1. 0. 0. 1]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\shlcn32.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\WINDOWS\system32\winimhs.dll]  [TEC Solutions Limited, 2, 84, 3207, 0]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 3207, 0]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\Program Files\Common Files\Relive.dll]  [Microsoft Corporation, 1. 0. 0. 1]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4410]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4410]
[PID: 416][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.4.3]
[PID: 624][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 10.0.1.1000]

[PID: 652][C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\eEBUtil.dll]  [SEIKO EPSON CORPORATION, 1, 0, 0, 0]
    [C:\Program Files\Common Files\EPSON\EBAPI\eEBRSVC.dll]  [SEIKO EPSON CORPORATION, 1, 0, 0, 0]
[PID: 712][C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe]  [Intel Corporation, 5.1.0.1022]
[PID: 844][C:\Program Files\Symantec AntiVirus\SavRoam.exe]  [symantec, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1064][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1120][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.1.1000]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccDec.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 1.4.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070614.017\ccEraser.dll]  [Symantec Corporation, 107.2.1.6]
    [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  [Symantec Corporation, 3.1.13a.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070614.017\ecmsvr32.dll]  [Symantec Corporation, 71.2.0.12]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070614.017\NAVEX32a.DLL]  [Symantec Corporation, 20071.2.0.18]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070614.017\NAVENG32.DLL]  [Symantec Corporation, 20071.2.0.18]
    [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\vpmsece3.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 1,5,1,3]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 10.0.1.1000]
[PID: 1392][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1484][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1516][C:\WINDOWS\system32\server3.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1556][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 103.5.4.3]
[PID: 2412][C:\WINDOWS\svchost.exe]  [Microsoft Corporation., 1.00]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 3207, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 2484][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 3207, 0]
[PID: 2508][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3444][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3888][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\syst.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 3740][D:\新建文件夹\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 3207, 0]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4421, 0]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================


[/CODE]

删除注册表启动项
<shell><Explorer.exe C:\WINDOWS\svchost.exe> [Microsoft Corporation.]
<dasa><; C:\DOCUME~1\1314\LOCALS~1\Temp\daso.exe> [N/A]
<fysa><; C:\DOCUME~1\1314\LOCALS~1\Temp\fyso.exe> [N/A]
<jtsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\jtso.exe> [N/A]
<mhsa><; C:\DOCUME~1\107_2\LOCALS~1\Temp\mhso.exe> [N/A]
<monitor_server><; C:\Program Files\bbb.exe> [N/A]
<MsIMMs32><; C:\WINDOWS\MsIMMs32.exe> [N/A]
<qjsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\qjso.exe> [N/A]
<rxsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\rxso.exe> [N/A]
<tlsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\tlso.exe> [N/A]
<tlsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\tlso.exe> [N/A]
<vptray><; C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<wdsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\wdso.exe> [N/A]
<wgsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\wgso.exe> [N/A]
<wlsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\wlso.exe> [N/A]
<wmsa><; C:\DOCUME~1\1314\LOCALS~1\Temp\wmso.exe> [N/A]
<wosa><; C:\DOCUME~1\1314\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><; C:\DOCUME~1\107_2\LOCALS~1\Temp\ztso.exe> [N/A]
服务
[9CEADA24 / 9CEADA24][Stopped/Auto Start]
<C:\WINDOWS\system32\9D6A1DB4.EXE -k><Microsoft Corporation>
[Remote Help & Control Service / netcontrol][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netservice-->C:\WINDOWS\system32\syst.dll><N/A
[Transaction Provisioning Service / zedcy][Running/Auto Start]
<C:\WINDOWS\system32\server3.exe><N/A>
这个怀疑

[Remote Help & Control Service backup / netbackup][Stopped/Auto Start]
<C:\WINDOWS\system32\netbackup.exe><N/A>
驱动
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
学的不够  如果有漏掉的请高手补上

自己补充
清空C:\DOCUME~1\107_2\LOCALS~1\Temp

好!谢谢HOST兄

不行啊~~删了以后,还是会自动弹出“恭喜你中奖了……”的对话框，确定以后就会连接到非法网站上。

你确定全删了么,自己再扫下对照下