公司内网爆发大规模的logo1.exe病毒,郁闷的重装完后,打完补丁,还是会重新出现病毒.其他盘的exe文件全删除了也不行.郁闷了
只好求助大家来给一个好的解决方法,中毒的电脑太多了,重装很麻烦啊.

下面是我自己电脑的一份扫描日志,大家帮我看下....感激不尽......

[CODE]

2007-02-09,09:55:08

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
  所有的启动项目（包括注册表、启动文件夹、服务等）
  浏览器加载项
  正在运行的进程（包括进程模块信息）
  文件关联
  Winsock 提供者
  Autorun.inf
  HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ServUTrayIcon><C:\Program Files\Serv-U\ServUTray.exe> [Cat Soft]
  <ravtask><; C:\Progra~1\Eset\rund1132.exe> [N/A]
  <ctfmon.exe><C:\windows\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <vptray><; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe> [Symantec Corporation]
  <eKeyDaemon><; "C:\Program Files\UNION Technology\优益桌面安全套件 V2.5.12-UT\eKeyDaemon.exe"> [广州科友科技股份有限公司]
  <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe> [(Verified)Microsoft Corporation]
  <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
  <UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><F:\tools\杀毒\反木马程序\shellexecutehook.dll> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
  <WinlogonNotify: NavLogon><C:\WINDOWS\System32\NavLogon.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
  <WinlogonNotify: PCANotify><PCANotify.dll> [Symantec Corporation]

==================================
启动文件夹
[自动升级程序]
<C:\Documents and Settings\tp\「开始」菜单\程序\启动\自动升级程序.lnk --> C:\sunsoft\DISTRI~1\UPDATE~2.EXE []><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[DefWatch / DefWatch][Running/Auto Start]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard][Running/Auto Start]
<F:\tools\杀毒\反木马程序\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server][Running/Auto Start]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[Serv-U FTP 服务器 / Serv-U][Running/Auto Start]
<C:\Program Files\Serv-U\ServUDaemon.exe><N/A>
[VRVWatchServer / VRVWatchServer][Running/Auto Start]
<"C:\WINDOWS\system32\WatchClient.exe" -service><BXY>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[NAVAP / NAVAP][Running/Manual Start]
<\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL][Running/Auto Start]
<\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\NAVEX15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\腾讯QQ2005正式版 飘云IP简装版\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SNIFFER Protocol Driver / Sniffer][Running/Auto Start]
<system32\DRIVERS\sniffer.sys><N/A>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<System32\DRIVERS\tcpip.sys><Microsoft Corporation>
[UNION Technology Virtual SmartCard / utvsc][Running/Manual Start]
<system32\DRIVERS\utvsc.sys><Union Technology>
[VRVFW / VRVFW][Running/Boot Start]
<\SystemRoot\system32\VrvFw.sys><北信源>
[WmNdisDrv / WmNdisDrv][Stopped/Manual Start]
<System32\Drivers\WmNdisDrv.sys><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v10.dll, Thunder Networking Technologies,LTD>
[FlashFXP Helper for Internet Explorer]
{E5A1691B-D188-4419-AD02-90002030B8EE} <C:\PROGRA~1\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[LKS Framer Control Object]
{00460182-9E5E-11D5-B7C8-B8269041DD57} <C:\WINDOWS\Downloaded Program Files\lksframer.ocx, Landray(SZ) Management Consulting Support System CO.,LTD >
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v10.dll, Thunder Networking Technologies,LTD>
[LKS Framer Control Object]
{00460182-9E5E-11D5-B7C8-B8269041DD57} <C:\WINDOWS\Downloaded Program Files\lksframer.ocx, Landray(SZ) Management Consulting Support System CO.,LTD >
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\windows\system32\Msjava.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\windows\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[FlashFXP Helper for Internet Explorer]
{E5A1691B-D188-4419-AD02-90002030B8EE} <C:\PROGRA~1\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\腾讯QQ2005正式版 飘云IP简装版\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\腾讯QQ2005正式版 飘云IP简装版\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\腾讯QQ2005正式版 飘云IP简装版\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\腾讯QQ2005正式版 飘云IP简装版\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\windows\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\windows\system32\PCANotify.dll] [Symantec Corporation, 11.5.0.121]
  [C:\WINDOWS\System32\NavLogon.dll] [N/A, N/A]
[PID: 564][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\windows\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116][C:\windows\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1164][C:\windows\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1376][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
  [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
  [C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 8]
  [F:\tools\杀毒\反木马程序\shellexecutehook.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
  [C:\windows\system32\JPWB.IME] [长江软件工作室, 4.00.950]
  [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 0, 6, 2]
  [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
  [F:\tools\杀毒\常用反病毒安全工具\unlocker v1[1].8.5\UnlockerCOM.dll] [N/A, N/A]
  [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 8.1.0.821]
  [F:\tools\杀毒\反木马程序\context.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 1504][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]
[PID: 1540][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] [Symantec Corporation, 8.1.0.821]
[PID: 1572][F:\tools\杀毒\反木马程序\guard.exe] [Anti-Malware Development a.s., 4, 0, 0, 172]
  [F:\tools\杀毒\反木马程序\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 1584][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[PID: 1596][C:\Program Files\Serv-U\ServUTray.exe] [Cat Soft, 6.1.0.1]
[PID: 1604][C:\windows\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1672][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] [Symantec Corporation, 8.1.0.821]
  [C:\windows\system32\CBA.DLL] [Intel? Corporation, 6.12.0.105 E]
  [C:\windows\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.105 E]
  [C:\windows\system32\NTS.dll] [Intel? Corporation, 6.12.0.105 E]
  [C:\windows\system32\PDS.DLL] [Intel? Corporation, 6.12.0.105 E]
  [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] [Symantec Corporation, 8.1.0.821]
  [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] [Symantec/Peter Norton Group, 1, 0, 0, 1]
  [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] [Symantec Corporation, 8.1.0.821]
  [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] [Symantec Corp., 4.2.0.7]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\NAVEX32a.DLL] [Symantec Corporation, 20071.1.1.10]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\NAVENG32.DLL] [Symantec Corporation, 20071.1.1.10]
  [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] [Symantec Corporation, 9.1.0.26]
  [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll] [Symantec Corporation, 8.1.0.821]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] [Symantec Corporation, 8.1.0.821]
[PID: 1768][C:\Program Files\Serv-U\ServUDaemon.exe] [N/A, N/A]
[PID: 1884][C:\WINDOWS\system32\WatchClient.exe] [BXY, 5, 9, 20, 1]
[PID: 1900][C:\windows\system32\VrvEdp_m.exe] [N/A, 6, 0, 10, 25]
[PID: 2040][C:\windows\system32\vrvrf_c.exe] [N/A, N/A]
  [C:\windows\system32\vrvfw_c.dll] [, 1, 0, 0, 2]
  [C:\windows\system32\vrvrun_c.dll] [, 1, 0, 0, 1]
[PID: 1936][C:\windows\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3016][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
  [C:\WINDOWS\system32\xunleibho_v10.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 46]
  [C:\PROGRA~1\FlashFXP\IEFlash.dll] [IniCom Networks, Inc., 3.0.0.1015]
[PID: 1388][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
  [C:\WINDOWS\system32\xunleibho_v10.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 46]
  [C:\PROGRA~1\FlashFXP\IEFlash.dll] [IniCom Networks, Inc., 3.0.0.1015]
  [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
  [C:\windows\system32\JPWB.IME] [长江软件工作室, 4.00.950]
[PID: 948][C:\windows\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3400][F:\tools\杀毒\常用反病毒安全工具\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
  [F:\tools\杀毒\常用反病毒安全工具\sreng2\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件

==================================
API HOOK
N/A

==================================


[/CODE]

维金病毒啊，搜专杀吧。到安全版去看看

从你的表述应该是viking病毒。你可以在网上下在专杀工具
然后从你的日志中可以看出有病毒在调用rundll32.exe 而且伪装成微软的项目。
建议首先关闭系统还原及清空windows临时文件。
修复以下项目：
启动项目
注册表
<ravtask><; C:\Progra~1\Eset\rund1132.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\System32\NavLogon.dll> [N/A]
启动文件夹
[自动升级程序]
<C:\Documents and Settings\tp\「开始」菜单\程序\启动\自动升级程序.lnk --> C:\sunsoft\DISTRI~1\UPDATE~2.EXE []><N
服务
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
驱动服务
[WmNdisDrv / WmNdisDrv][Stopped/Manual Start]
<System32\Drivers\WmNdisDrv.sys><N/A>

威金病毒的经常产生logo1_

下载威金病毒专杀试试

“威金”蠕虫专杀工具下载地址
http://www.jiangmin.com/download/download.htm

可以用这个专杀工具清除的。这个既可以清除威金，又可以清除熊猫，也可以在线升级

谢谢大家的帮忙,这个病毒好麻烦啊......