我使用AU掃描的日誌HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Client Server Runtime Process c:\winnt\system32\csrs.exe
+ ntdll.dll c:\winnt\system32\csrs.exe
+ NvCplDaemon NVIDIA Taskbar Utility Library NVIDIA Corporation c:\winnt\system32\nvqtwk.dll
+ nwiz c:\winnt\system32\nwiz.exe
+ SoundMan Avance Sound Manager Avance Logic, Inc. C:\WINNT\soundman.exe
+ UpdateRun 找不到文件:C:\Program Files\Common Files\updat\Update.exe
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 找不到文件:
About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ opnnoop.dll c:\winnt\system32\opnnoop.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ cvpbk32.dll c:\winnt\system32\cvpbk32.dll
+ Desktop Explorer c:\winnt\system32\nvshell.dll
+ Display Panning CPL Extension 找不到文件:deskpan.dll
+ dkdlgs.dll c:\winnt\system32\dkdlgs.dll
+ dtmclien.dll 找不到文件:C:\WINNT\system32\dtmclien.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\winnt\system32\hticons.dll
+ ngdll.dll c:\winnt\system32\ngdll.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ Vision Vision c:\program files\mmsassist\mmsass~1.dll
+ {4FD1FD5D-434F-485D-A662-CEA32B3C8342} c:\winnt\system32\geefg.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @shdoclc.dll,-864 c:\winnt\web\related.htm
+ 启动迅雷 Thunder Networking Technologies,LTD c:\program files\thunder network\thunder\thunder.exe
HKLM\System\CurrentControlSet\Services
+ cmdService c:\winnt\q09ntu9o\command.exe
+ JMediaService Vision c:\program files\mmsassist\mmssver.dll
+ Network Monitor c:\program files\network monitor\netmon.exe
+ NVSvc NVIDIA Driver Helper Service, Version 27.50 NVIDIA Corporation c:\winnt\system32\nvsvc32.exe
+ stdupnet AdDm c:\winnt\system32\stdupnet.dll
+ Window Boot Services Window Boot Services c:\winnt\system32\lsiss.exe
+ Windows Man Service Microsoft Windows Man Service c:\winnt\winmgr.exe
HKLM\System\CurrentControlSet\Services
+ ALCXWDM Avance AC'97 Audio Driver (WDM) Avance Logic, Inc. c:\winnt\system32\drivers\alcxwdm.sys
+ dmio NT Disk Manager I/O Driver VERITAS Software Corp. c:\winnt\system32\drivers\dmio.sys
+ dmload NT Disk Manager Startup Driver VERITAS Software Corp. c:\winnt\system32\drivers\dmload.sys
+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. c:\program files\tencent\qq\npkcrypt.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 27.50 NVIDIA Corporation c:\winnt\system32\drivers\nv4_mini.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\winnt\system32\drivers\ptilink.sys
+ RMSPPPOE PPP over Ethernet Protocol NDIS Intermediate Driver Robert Schlabbach c:\winnt\system32\drivers\rmspppoe.sys
+ rtl8139 NDIS 5.0 driver Realtek Semiconductor Corporation c:\winnt\system32\drivers\rtl8139.sys
+ viaagp VIA NT AGP Filter VIA Technologies, Inc. c:\winnt\system32\drivers\viaagp1.sys
+ viaagp1 VIA NT AGP Filter VIA Technologies, Inc. c:\winnt\system32\drivers\viaagp1.sys
+ viafilter VIA USB Filter Driver VIA Technologies, Inc. c:\winnt\system32\drivers\viausb.sys
+ viaide VIA PCI IDE Bus Driver VIA Technologies, Inc. c:\winnt\system32\drivers\viaide.sys
+ VIAPFD VIA PFD driver VIA Technologies. Inc. c:\winnt\system32\drivers\viapfd.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ geefg c:\winnt\system32\geefg.dll
+ IPConfMSP c:\winnt\system32\j40s0ed7eh0.dll
+ opnnoop c:\winnt\system32\opnnoop.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ (无) 找不到文件:(无)
这个病毒很厉害啊,我重新装了系统又出现,瑞星杀不完,好象和一些程序绑定了一样。而且在C盘根目录下自动下载一些VB写的病毒程序DOC.EXE/drsmartload.EXE/Installer4.EXE/mc44a35.EXE...等等,删了又自动出现,并且有的时候突然出现自动关机的那种程序,并且上会就会出现无法在新窗口打开网页(并且不能复制),对了.把我主页自动改成了http://www.7255.com/
