HijackThis_zww汉化版扫描日志 V1.99.1
保存于      19:09:18, 日期 2006-9-14
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\bacon\LOCALS~1\Temp\Rar$EX00.140\HijackThis1991zww.exe

F2 - REG:system.ini: Shell=Explorer.exe ntio.exe
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [Start] Start.exe
O4 - HKCU\..\Run: [Start] Start.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 将选定的内容转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 将选定的内容转换到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 将选定的链接转换到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: 将链接目标转换到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为 Adobe PDF  - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选项为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换选项为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换链接目标为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换链接目标为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jqjm.com
O17 - HKLM\Software\..\Telephony: DomainName = jqjm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B5C74CE-7C10-45AD-8AF7-B6F5B947875F}: NameServer = 61.177.7.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jqjm.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B5C74CE-7C10-45AD-8AF7-B6F5B947875F}: NameServer = 61.177.7.1
O23 - NT 服务: ASP.NET 状态服务 (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: Windows DDOSServer (DDOSServer) - Unknown owner - C:\WINDOWS\system32\DBS.exe
O23 - NT 服务: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - NT 服务: Windows Explorer Helper (Winehplr) - TEC Solutions Limited. - C:\Program Files\Common Files\system\winrdg32.exe
O23 - NT 服务: Update Service For Windows (winupdate) - Unknown owner - C:\WINDOWS\winupdate.exe (file missing)

控制面板－－管理工具－－服务－－查找--
Windows DDOSServer
Network Logon
Windows Explorer Helper
Update Service For Windows --启动类型－-设置为已禁止--服务类型－－设置为停止--禁止这四个服务

运行Hijackthis，把下面的选中打上钩，修复
F2 - REG:system.ini: Shell=Explorer.exe ntio.exe
O4 - 启动项HKLM\\Run: [Start] Start.exe
O4 - HKCU\..\Run: [Start] Start.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jqjm.com
O17 - HKLM\Software\..\Telephony: DomainName = jqjm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jqjm.com
O23 - NT 服务: Windows DDOSServer (DDOSServer) - Unknown owner - C:\WINDOWS\system32\DBS.exe
O23 - NT 服务: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - NT 服务: Windows Explorer Helper (Winehplr) - TEC Solutions Limited. - C:\Program Files\Common Files\system\winrdg32.exe
O23 - NT 服务: Update Service For Windows (winupdate) - Unknown owner - C:\WINDOWS\winupdate.exe (file missing)


O23 - NT 服务: ASP.NET 状态服务 (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
这一项请确认一下，如果你也不认识，可以用上面的方法禁止这个服务

请按要求修复，你不去修复我也没办法，

查找：ntio.exe，，Start.exe删除

【回复“秋日里的蓝天”的帖子】


2006-09-14,19:18:24

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Start><Start.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Start><Start.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe ntio.exe>  []
    <Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[ASP.NET 状态服务 / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe><N/A>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Windows DDOSServer / DDOSServer]
  <C:\WINDOWS\system32\DBS.exe -NetSata><N/A>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Windows Explorer Helper / Winehplr]
  <C:\Program Files\Common Files\system\winrdg32.exe><TEC Solutions Limited.>
[Update Service For Windows / winupdate]
  <C:\WINDOWS\winupdate.exe><N/A>

==================================
浏览器加载项
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, Yahoo!>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, Yahoo!>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, Yahoo!>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[将选定的链接转换到现有的 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[将链接目标转换到现有的 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换到现有的 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为 Adobe PDF ]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 620][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 792][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\WinWdg32.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
[PID: 836][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 848][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1020][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\winoa32.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\WINDOWS\system32\thooks.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\WINDOWS\system32\oblknet.dll]  <TEC Solutions Limited.><2, 84, 2718, 0>
    [C:\WINDOWS\system32\ippcap.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\WINDOWS\system32\IPpacket.dll]  <Politecnico di Torino><3, 0, 0, 20>
    [C:\WINDOWS\system32\orcsdll.dll]  <TEC Solutions Limited.><2, 84, 2718, 0>
    [C:\WINDOWS\system32\orcshook.dll]  <TEC Solutions Limited.><2, 84, 2718, 0>
    [C:\WINDOWS\system32\winhafn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
[PID: 1072][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1136][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1216][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1280][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1564][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  <Symantec Corporation><103.5.4.3>
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  <Symantec Corporation><103.5.4.3>
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><103.5.4.3>
[PID: 1644][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  <Symantec Corporation><10.0.1.1000>
[PID: 1896][C:\Program Files\Symantec AntiVirus\SavRoam.exe]  <symantec><10.0.1.1000>
    [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll]  <Symantec Corporation><10.0.1.1000>
    [C:\WINDOWS\system32\CBA.DLL]  <LANDesk Software Ltd.><6.12.0.137 E>
    [C:\WINDOWS\system32\MsgSys.dll]  <LANDesk Software Ltd.><6.12.0.137 E>
    [C:\WINDOWS\system32\NTS.dll]  <LANDesk Software Ltd.><6.12.0.137 E>
    [C:\WINDOWS\system32\PDS.DLL]  <LANDesk Software Ltd.><6.12.0.137 E>
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  <Symantec Corporation><10.0.1.1000>
[PID: 2008][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  <Symantec Corporation><103.5.4.3>
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  <Symantec Corporation><103.5.4.3>
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><103.5.4.3>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL]  <Symantec Corporation><1,5,1,3>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  <Symantec Corporation><1,5,1,3>
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  <Symantec Corporation><103.5.4.3>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  <Symantec Corporation><103.5.4.3>
[PID: 508][C:\WINDOWS\Explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [C:\WINDOWS\system32\6.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINDOWS\system32\winhafn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhason.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhashn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\thooks.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\WINDOWS\system32\ansi.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\igfxpph.dll]  <Intel Corporation><3.0.0.3943>
    [C:\WINDOWS\system32\hccutils.DLL]  <Intel Corporation><3.0.0.3943>
    [C:\WINDOWS\system32\igfxres.dll]  <Intel Corporation><3.0.0.3943>
    [C:\WINDOWS\system32\igfxsrvc.dll]  <Intel Corporation><3.0.0.3943>
    [C:\WINDOWS\system32\igfxdev.dll]  <Intel Corporation><3.0.0.3943>
    [C:\WINDOWS\system32\shlcn32.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\WINDOWS\system32\winimhs.dll]  <TEC Solutions Limited><2, 84, 2718, 0>
    [C:\WINDOWS\system32\winimhc.dll]  <TEC Solutions Limited><2, 84, 2718, 0>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 7, 1024>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  <N/A><1, 0, 1, 1014>
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  <Adobe Systems Inc.><7.0.5.2005092300\0>
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  <Adobe Systems Inc.><7.0.5.2005092300\0>
    [C:\Program Files\Unlocker\UnlockerCOM.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><10.0.1.1000>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  <><2, 0, 3, 1028>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
[PID: 4196][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 4600][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>

[C:\WINDOWS\system32\winimhc.dll]  <TEC Solutions Limited><2, 84, 2718, 0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll]  <Yahoo!><2, 1, 9, 1049>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]  <Yahoo><1, 0, 1, 1004>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll]  <Yahoo><1, 0, 2, 1003>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  <><1, 1, 4, 1006>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  <Yahoo! China><1, 1, 3, 1035>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll]  <Yahoo! China><1, 0, 1, 1015>
    [C:\WINDOWS\system32\6.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll]  <Yahoo.><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 7, 1024>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\WINDOWS\system32\winhafn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhason.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhashn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\thooks.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  <Macromedia, Inc.><6,0,79,0>
[PID: 4648][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe]  < ><2, 0, 0, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 7, 1024>
    [C:\WINDOWS\system32\winimhc.dll]  <TEC Solutions Limited><2, 84, 2718, 0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  <><2, 0, 3, 1028>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\system32\winhafn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhason.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhashn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\thooks.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
    [C:\WINDOWS\system32\6.dll]  <N/A><N/A>
[PID: 5552][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 7, 1024>
    [C:\WINDOWS\system32\winimhc.dll]  <TEC Solutions Limited><2, 84, 2718, 0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\WINDOWS\system32\winhafn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhason.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhashn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\thooks.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
    [C:\WINDOWS\system32\6.dll]  <N/A><N/A>
[PID: 5792][C:\WINDOWS\system32\taskmgr.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 7, 1024>
    [C:\WINDOWS\system32\winimhc.dll]  <TEC Solutions Limited><2, 84, 2718, 0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\winhafn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhason.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhashn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\thooks.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
    [C:\WINDOWS\system32\6.dll]  <N/A><N/A>
[PID: 168][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 7, 1024>
    [C:\WINDOWS\system32\winimhc.dll]  <TEC Solutions Limited><2, 84, 2718, 0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\WINDOWS\system32\winhafn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhason.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhashn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\thooks.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
    [C:\WINDOWS\system32\6.dll]  <N/A><N/A>
[PID: 4180][C:\DOCUME~1\bacon\LOCALS~1\Temp\Rar$EX00.813\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 7, 1024>
    [C:\WINDOWS\system32\winimhc.dll]  <TEC Solutions Limited><2, 84, 2718, 0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\winhafn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhason.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\winhashn.dll]  <TEC Solutions Limited.><1, 0, 7, 19>
    [C:\WINDOWS\system32\thooks.dll]  <TEC Solutions Limited.><2, 84, 2719, 0>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
    [C:\WINDOWS\system32\6.dll]  <N/A><N/A>
[PID: 6116][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll]  <Yahoo!><2, 1, 9, 1049>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]  <Yahoo><1, 0, 1, 1004>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll]  <Yahoo><1, 0, 2, 1003>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  <><1, 1, 4, 1006>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  <Yahoo! China><1, 1, 3, 1035>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll]  <Yahoo! China><1, 0, 1, 1015>
    [C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll]  <Yahoo.><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Windows DDOSServer
Update Service For Windows
ASP.NET 状态服务 /　　 这个服务你选确定一下
，选择“删除服务”
点“设置”选择“否”

运行SREng2,使用“启动项目”－－注册表－－选中以下的项删除
Start.exe
Start.exe


安全模式下，运行SREng2,使用“启动项目”－－注册表－－选择要修改的项
Explorer.exe ntio.exe
，点“编辑”在“值”里删除ntio.exe

显示隐藏文件删除
查找ntio.exe　　Start.exe
C:\WINDOWS\system32\DBS.exe
C:\WINDOWS\winupdate.exe
C:\WINDOWS\system32\6.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat]

把杀毒软件升级到最新，到安全模式下使用杀毒软件

蓝天,他这个病毒和我的是一样的差不多,你把教我的方法告诉他应该可以清理掉,我下了,88

我杀不掉啊，一杀那个start.exe就会变成如下图红色部份字体，值也改不掉。
烦啊......

重启后（开机后）按F8进入安全模式下

运行SREng2,使用“启动项目”－－注册表－－选择要修改的项
Explorer.exe ntio.exe
，点“编辑”在“值”里删除ntio.exe

运行SREng2,使用“启动项目”－－注册表－－选中以下的项删除
><Start.exe

双击我的电脑－－单击“工具”－“文件夹选项”菜单项－“单击查看”选项卡，取消“
隐藏受保护的操作系统文件”前的对勾，在隐藏文件及文件夹中“显示所有文件和文件夹”
选项，然后单击确定按钮
查找><Start.exe及ntio.exe删除

楼主可以看一下这篇贴子，跟你一样的病毒
http://forum.ikaka.com/topic.asp?board=67&artid=8170279

修复后请重新扫描上来

Start.exe
ntio.exe

这两个东东如果能找到，烦发到twtxk@126.com