今天早上开机,公司十多台电脑的诺顿都发出警报有威胁都是后门病毒.部分机子出现蓝屏,错误代码为 C000021A .可以肯定是病毒的原因.请问该病毒要如何查杀?非常紧急.

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <XDeskShow2><C:\Program Files\鱼鱼软件\鱼鱼桌面秀2\XDeskShow2.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{A16CA976-4B8D-47FC-A9F4-651C17B636EC}><C:\WINDOWS\system32\msow32cn.dll>  [TEC Solutions Limited.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\windows\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><; "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe">  [Nero AG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Client Access Check Version><; "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN>  [N/A]
    <Client Access Express Welcome><; "C:\Program Files\IBM\Client Access\cwbwlwiz.exe">  [N/A]
    <Client Access Help Update><; "C:\Program Files\IBM\Client Access\cwbinhlp.exe">  [N/A]
    <Client Access Service><; "C:\Program Files\IBM\Client Access\cwbsvstr.exe">  [N/A]
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Intel Alert Handler / Intel Alert Handler][Stopped/Auto Start]
  <C:\WINDOWS\system32\ams_ii\hndlrsvc.exe><LANDesk Software Ltd.>
[Intel Alert Originator / Intel Alert Originator][Running/Auto Start]
  <C:\WINDOWS\system32\ams_ii\iao.exe><LANDesk Software Ltd.>
[Intel File Transfer / Intel File Transfer][Stopped/Auto Start]
  <C:\WINDOWS\system32\cba\xfr.exe><LANDesk Software Ltd.>
[Intel PDS / Intel PDS][Running/Auto Start]
  <C:\WINDOWS\system32\cba\pds.exe><LANDesk Software Ltd.>
[Symantec 系统中心搜索服务 / NSCTOP][Running/Auto Start]
  <C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE><Symantec Corporation>
[SavRoam / SavRoam][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Windows Explorer Helper / Winehplr][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\WinRdg32.exe><TEC Solutions Limited.>

==================================
驱动程序
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Network Packet Filter / IPNPF][Running/Manual Start]
  <system32\drivers\ipnpf.sys><Politecnico di Torino>
[MidiSyn / MidiSyn][Stopped/Manual Start]
  <system32\drivers\MidiSyn.sys><Analog Devices Inc>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070517.018\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070517.018\navex15.sys><Symantec Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Sensaura>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[GetURL Class]
  {74E6FD24-0206-4E47-997D-BA6B88C8489D} <C:\WINDOWS\system32\CatchURL.dll, TEC Solutions Limited.>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[CPC_PS 僐儞僩儘乕儖]
  {B30EBCB7-45EF-4B7E-97DA-FDD2C6A6CF29} <C:\WINDOWS\DOWNLO~1\pCPC_PS.ocx, >
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[CKAVReportCtrl Object]
  {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\windows\system32\BANKCE~1.DLL, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[GetURL Class]
  {74E6FD24-0206-4E47-997D-BA6B88C8489D} <C:\WINDOWS\system32\CatchURL.dll, TEC Solutions Limited.>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[CPC_PS 僐儞僩儘乕儖]
  {B30EBCB7-45EF-4B7E-97DA-FDD2C6A6CF29} <C:\WINDOWS\DOWNLO~1\pCPC_PS.ocx, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

正在运行的进程
[PID: 656][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][\??\C:\windows\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\WinWdg32.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\windows\system32\NavLogon.dll]  [Symantec Corporation, 10.0.1.1000]
[PID: 780][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\LSASRV.dll]  [N/A, N/A]
[PID: 952][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\winoa32.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\windows\system32\oblknet.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\windows\system32\ippcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\windows\system32\IPpacket.dll]  [Politecnico di Torino, 3, 0, 0, 20]
    [C:\windows\system32\orcsdll.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\windows\system32\orcshook.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\ipddraw.DLL]  [TEC Solutions Limited., 2, 84, 2718, 0]
[PID: 1000][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064][C:\windows\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1296][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.4.3]
[PID: 1348][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 103.5.4.3]
[PID: 1472][C:\windows\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\windows\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 20, 0, 0]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 1588][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 10.0.1.1000]
[PID: 1612][C:\WINDOWS\system32\cba\pds.exe]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\loc32vc0.dll]  [Intel, 3, 0, 0, 2]
[PID: 1680][C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE]  [Symantec Corporation, 10.0.1.1000]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\windows\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
[PID: 1884][C:\Program Files\Symantec AntiVirus\SavRoam.exe]  [symantec, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\windows\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
[PID: 1940][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1960][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1984][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 10.0.1.1000]
    [C:\windows\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.1.1000]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccDec.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 1.4.0.11]
    [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  [Symantec Corporation, 3.1.13a.0]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\vpmsece3.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 1,5,1,3]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070517.018\ccEraser.dll]  [Symantec Corporation, 107.2.1.6]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070517.018\ecmsvr32.dll]  [Symantec Corporation, 71.2.0.12]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070517.018\NAVEX32a.DLL]  [Symantec Corporation, 20071.2.0.18]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070517.018\NAVENG32.DLL]  [Symantec Corporation, 20071.2.0.18]
    [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 10.0.1.1000]

[PID: 2040][C:\WINDOWS\system32\ams_ii\iao.exe]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\loc32vc0.dll]  [Intel, 3, 0, 0, 2]
    [C:\windows\system32\AMSLIB.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\ams_ii\origreg.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
[PID: 2396][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\shlcn32.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\windows\system32\winimhs.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\windows\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\windows\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\msow32cn.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
[PID: 2560][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\windows\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
[PID: 2568][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 103.5.4.3]
    [C:\windows\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 103.5.4.3]
    [C:\windows\system32\SYMREDIR.DLL]  [Symantec Corporation, 5.5.2.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 2576][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\windows\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.1.1000]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\windows\system32\nts.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\cba.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\windows\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\msow32cn.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 2584][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\windows\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
[PID: 2188][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\CatchURL.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\Downloaded Program Files\OL2005.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll]  [Kaspersky Lab, 5.1.26.6]
    [C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavss.dll]  [Kaspersky Lab., 4, 0, 2, 28]
[PID: 3448][C:\windows\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 608][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\CatchURL.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 3016][F:\tools\SRE\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\windows\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\windows\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\windows\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]

==================================
文件关联
.TXT  Error. [C:\windows\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

哈哈哈...
我也是今天早上中的...奇怪...
我也两台办公室的电脑...同时中了...
郁闷啊...

我们公司几十台中啊
光是蓝屏就有8台了!!
我们部门的电话都爆了

同感...
我这的两台电脑都罢工了...
还好这台没感染...
感染的两台电脑现在已经不能成功启动了...
一台蓝屏...
和你的情况一样...
另一台启动到进度条后自动重启动...

怀疑是新的变种病毒。正在紧急处理中。顶起来，别沉了

我的情况和你完全一致...
郁闷...

我还有最后的办法...就是G了...
我做有GHOST的...
但后来又装了很多东西啊...
如果G的话很麻烦的了...
郁闷...
你是哪个地方的?
我在四川泸州...
电脑一台是非编用的...
另一台则是平时玩游戏挂机用的...嘿嘿...