4楼就是autorun的日志

这是新的autorun扫描日志


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ 00THotkeyTHotkey东芝公司c:\windows\system32\00thotkey.exe

+ Acrobat Assistant 7.0AcroTrayAdobe Systems Inc.c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe

+ ccAppCommon Client User SessionSymantec Corporationc:\program files\common files\symantec shared\ccapp.exe

+ SynTPEnhSynaptics TouchPad EnhancementsSynaptics, Inc.c:\program files\synaptics\syntp\syntpenh.exe

+ SynTPLprTouchPad Driver Helper ApplicationSynaptics, Inc.c:\program files\synaptics\syntp\syntplpr.exe

+ TFncKyTFncKyTOSHIBA CorporationC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

+ TFNF5TFnF5Toshiba Corp.c:\windows\system32\tfnf5.exe

+ TouchED触摸板 开/关 实用程序东芝公司c:\program files\toshiba\touched\touched.exe

+ Tpwrtray东芝省电东芝公司c:\windows\system32\tpwrtray.exe

+ vptraySymantec AntiVirusSymantec Corporationc:\program files\symantec antivirus\vptray.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ NVMLCFile not found: C:\WINDOWS\System32\ronvidiat.dll

+ WinMediaRoNVidiaRoNVidiac:\windows\system32\nvbworks.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ SysTray.ExysFile not found: C:\WINDOWS\system32\bnhkdkig.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Adobe.Acrobat.ContextMenuAdobe Acrobat Context MenuAdobe Systems Inc.c:\program files\adobe\acrobat 7.0\acrobat elements\contextmenu.dll

+ AutoCAD 数字签名图标覆盖处理程序AcSignIcon ModuleAutodeskc:\windows\system32\acsignicon.dll

+ Autodesk Drawing PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll

+ Autodesk DWF PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acdwfthmbprxy16.dll

+ CuteFTP Shell ExtensionGlobalSCAPE, Inc.c:\program files\globalscape\cuteftp zh\cuteshell.dll

+ Desktop ExplorerNVIDIA Desktop Explorer, Version 36.39 NVIDIA Corporationc:\windows\system32\nvshell.dll

+ Desktop Explorer MenuNVIDIA Desktop Explorer, Version 36.39 NVIDIA Corporationc:\windows\system32\nvshell.dll

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ GT IndicatorIndicatorCUGtranc:\program files\gtran\zte dialer\gtindicator.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ LDVP Shell ExtensionsSymantec AntiVirusSymantec Corporationc:\program files\common files\symantec shared\ssc\vpshell2.dll

+ pkcsetup.dllc:\windows\system32\pkcsetup.dll

+ robdyctl.dllc:\windows\system32\robdyctl.dll

+ Samsung YP-55Shell HookSamsung YP-55 Shell ExtensionSamsung, Inc.c:\windows\system32\yp55h.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realone player\rpshell.dll

+ TouchED触摸板 开/关 实用程序东芝公司c:\program files\toshiba\touched\touched.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ WinZipWinZip Shell Extension DLLWinZip Computing, Inc.c:\program files\winzip\wzshlstb.dll

+ WinZipWinZip Shell Extension DLLWinZip Computing, Inc.c:\program files\winzip\wzshlstb.dll

+ WinZipWinZip Shell Extension DLLWinZip Computing, Inc.c:\program files\winzip\wzshlstb.dll

+ WinZipWinZip Shell Extension DLLWinZip Computing, Inc.c:\program files\winzip\wzshlstb.dll

+ Yahoo! MailYMMAPI ModuleYahoo! Inc.c:\program files\yahoo!\common\ymmapi.dll

+ {506F4668-F13E-4AA1-BB04-B43203AB3CC0}c:\program files\microsoft office\visio11\visshe.dll

+ {D66DC78C-4F61-447F-942B-3FB6980118CF}c:\program files\microsoft office\visio11\visshe.dll

+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell ExtensionPDF Shell ExtensionAdobe Systems, Inc.c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softc:\program files\flashget\flashget.exe

Task Scheduler

+ Symantec NetDetect.jobSymantec NetDetectSymantec Corporationc:\program files\symantec\liveupdate\ndetect.exe

HKLM\System\CurrentControlSet\Services

+ C-DillaSrvC-Dilla RTS ServiceC-Dilla Ltdc:\windows\system32\drivers\cdantsrv.exe

+ ccEvtMgrSymantec 事件管理器Symantec Corporationc:\program files\common files\symantec shared\ccevtmgr.exe

+ ccSetMgrSymantec 设置管理器Symantec Corporationc:\program files\common files\symantec shared\ccsetmgr.exe

+ CVPNDCisco Systems VPN ClientCisco Systems, Inc.c:\program files\cisco systems\vpn client\cvpnd.exe

+ DefWatch监控和维护病毒定义。Symantec Corporationc:\program files\symantec antivirus\defwatch.exe

+ NVSvcNVIDIA Driver Helper Service, Version 36.39NVIDIA Corporationc:\windows\system32\nvsvc32.exe

+ Symantec AntiVirus提供 Symantec AntiVirus 的实时病毒扫描、报告和管理功能。Symantec Corporationc:\program files\symantec antivirus\rtvscan.exe

HKLM\System\CurrentControlSet\Services

+ ac97intcIntel(r) Integrated Controller Hub Audio DriverIntel Corporationc:\windows\system32\drivers\ac97intc.sys

+ atapic:\windows\system32\drivers\atapi.sys

+ C-DillaC-Dilla Windows NT RTSMacrovisionc:\windows\system32\drivers\cdant.sys

+ CA561Universal Serial Bus Camera DriverSPc:\windows\system32\drivers\spca561.sys

+ CVirtACisco Systems VPN AdapterCisco Systems, Inc.c:\windows\system32\drivers\cvirta.sys

+ CVPNDRVACisco Systems VPN Client IPSec DriverCisco Systems, Inc.c:\windows\system32\drivers\cvpndrva.sys

+ d346busPnP BIOS Extension c:\windows\system32\drivers\d346bus.sys

+ d346prtSCSI miniport c:\windows\system32\drivers\d346prt.sys

+ E100BNDIS 5 driverIntel Corporationc:\windows\system32\drivers\e100b325.sys

+ GEARAspiWDMCDRom Class Filter DriverGEAR Software Inc.c:\windows\system32\drivers\gearaspiwdm.sys

+ hwi4857USB Flash Memory Controller DriverCowon Systems, Inc.c:\windows\system32\drivers\hwi4857.sys

+ i386pc:\windows\system32\drivers\i386p.sys

+ kmsinputc:\windows\system32\drivers\kmsinput.sys

+ LHidFlt2Logitech HID Filter DriverLogitechc:\windows\system32\drivers\lhidflt2.sys

+ LHidUsbLogitech USB ReceiverLogitechc:\windows\system32\drivers\lhidusb.sys

+ LKbdFlt2Logitech Keyboard Filter DriverLogitechc:\windows\system32\drivers\lkbdflt2.sys

+ LMouFlt2Logitech Mouse Filter DriverLogitechc:\windows\system32\drivers\lmouflt2.sys

+ NAVENGAV EngineSymantec Corporationc:\program files\common files\symantec shared\virusdefs\20051130.006\naveng.sys

+ NAVEX15AV EngineSymantec Corporationc:\program files\common files\symantec shared\virusdefs\20051130.006\navex15.sys

+ NETMDUSBNet MD USB DriverSony Corporationc:\windows\system32\drivers\netmdusb.sys

+ NPFNPF Driver - TME extensionsPolitecnico di Torinoc:\windows\system32\drivers\npf.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys

+ pciSdTOSSDPCI.SYSTOSHIBAc:\windows\system32\drivers\tossdpci.sys

+ pfcPadus(R) ASPI ShellPadus, Inc.c:\windows\system32\drivers\pfc.sys

+ PortRSTBaromTec HMS30C6001 Reset DriverBarom Technologies Co., Ltd.c:\windows\system32\drivers\portrst.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\windows\system32\drivers\pxhelp20.sys

+ SAVRTAutoProtectSymantec Corporationc:\program files\symantec antivirus\savrt.sys

+ SAVRTPELSAVRTPELSymantec Corporationc:\program files\symantec antivirus\savrtpel.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ SERIALOXDotSurfer Serial Device Driver for Win2K (JULY 18, 2001) GTRAN Korea INC.c:\windows\system32\drivers\serialox.sys

+ SMCIRDASMC IrCC NDIS 5.0 IrDA FIR Device DriverSMCc:\windows\system32\drivers\smcirda.sys

+ sonypvs1Sony Digital ImagingSony Corporationc:\windows\system32\drivers\sonypvs1.sys

+ SparrowAdaptec AIC-6x60 series SCSI miniportAdaptec, Inc.c:\windows\system32\drivers\sparrow.sys

+ SymEventSymantec Event LibrarySymantec Corporationc:\program files\symantec\symevent.sys

+ SYMREDRVRedirector Filter DriverSymantec Corporationc:\windows\system32\drivers\symredrv.sys

+ SYMTDINetwork Dispatch DriverSymantec Corporationc:\windows\system32\drivers\symtdi.sys

+ SynTPSynaptics Touchpad DriverSynaptics, Inc.c:\windows\system32\drivers\syntp.sys

+ TOSHIBASoftModemSoftModem Device DriverLTc:\windows\system32\drivers\ltsm.sys

+ tsdhdSD Card Host Controller DriverTOSHIBA Corporationc:\windows\system32\drivers\tsdhd.sys

+ TVALDToshiba ACPI-Based Value Added Logical Device DriverToshiba Corporationc:\windows\system32\drivers\tvald.sys

+ TVALDXToshiba ACPI-Based Value Added Logical Device Extension DriverToshiba Corporationc:\windows\system32\drivers\tvaldx.sys

+ TVALGTOSHIBA Value Added Logical and General Purpose Device DriverTOSHIBA Corporationc:\windows\system32\drivers\tvalg.sys

+ vsdatantTrueVector Device DriverZone Labs Inc.c:\windows\system32\vsdatant.sys

+ WDM_YAMAHAAC97YAMAHA AC-XG WDMYAMAHA CORPORATIONc:\windows\system32\drivers\yacxgc.sys

+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

+ APIHookDll.dllFile not found: APIHookDll.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ msctl32.dllc:\windows\system32\msctl32.dll

+ NavLogonSymantec AntiVirus Logon NotificationSymantec Corporationc:\windows\system32\navlogon.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ Adobe PDF PortAcrobat ? PDF PortAdobe Systems Incorporated.c:\windows\system32\adobepdf.dll

+ HP LaserJet 5 Language MonitorWin32 Language Monitor for direct connect HP printersHewlett-Packardc:\windows\system32\hpdcmon.dll

别沉底了，自己顶一下吧！求助啊

请blackstone大侠帮忙啊！

谢谢blackstone,按照你的做法我已经清除了启动项及msctl32.dll文件，现在已停止向外发送邮件，但是目前cpu的占用率一直为100%，占用进程为svchost.exe，不知道是什么原因，在中毒之前没有发生过这种情况，能否帮助解决一下！非常感谢你的帮助

procexp无法停止该进程

系统提示：
error opening process:拒绝访问

该进程的扫描属性图像为：
图像传不上来，具体描述如下：
(not verify)microsoft coporation

command line:
c:\windows\system32\svchost.exe -k netsvcs

其他内容与blackstone提供的图片一致
不知道能否明白

顺便问一下，此论坛上传图片需要自己写代码吗？

扫描图像如下：