史萊姆論壇 - 查看單個文章

psac · 2006-09-04, 05:52 PM

Q:

【求助】奇怪啊,Win32.HLLW.Gavir.17 殺不清

就是剛才OFFCE的問題,我使用Dr.Web CureIT殺了,重啟後再殺時發現又有文件感染了這個,再次使用Dr.Web CureIT殺一次,系統確認CURED,重啟過後再查又發現有文件感染
經常是winnt/rund132.exe等幾個exe文件,.
我再用System Repair Engineer,請高手再幫著看下
2006-09-01,16:24:37

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> []

==================================
啟動資料夾
[Adobe Gamma Loader]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H>
[Microsoft Office]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N>

==================================
服務
[DefWatch / DefWatch]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KAV2005\KPfwSvc.EXE"><N/A>
[Messenger / Messenger]
<\SystemRoot\D:\WINNT\system32\services.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A>
[MeadCo ScriptX]
{1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[D:\WINNT\system32\NavLogon.dll] <N/A><N/A>
[PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 408][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 432][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 460][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374>
[PID: 480][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 504][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14>
[PID: 620][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 652][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 728][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 940][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[D:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\Dll.dll] <N/A><N/A>
[PID: 964][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[PID: 308][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0>
[PID: 1164][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374>
[PID: 1180][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 808][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 1288][C:\jstax\jstax.exe] <N/A><N/A>
[C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620>
[PID: 304][C:\jstax\swdj.exe] <N/A><N/A>
[C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\pbSYC60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\libct.dll] <N/A><N/A>
[C:\jstax\libintl.dll] <N/A><N/A>
[C:\jstax\libcomn.dll] <N/A><N/A>
[C:\jstax\libtcl.dll] <N/A><N/A>
[C:\jstax\libcs.dll] <N/A><N/A>
[C:\jstax\nlmsnmp.dll] <N/A><N/A>
[C:\jstax\nlwnsck.dll] <N/A><N/A>
[PID: 684][D:\WINNT\WinRAR.exe] <N/A><N/A>
[PID: 340][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 540][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44>
[PID: 752][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080>
[C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0>
[PID: 1068][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000>
[D:\WINNT\system\WBX3245.dll] <N/A><N/A>
[D:\WINNT\system\WMW3245.dll] <N/A><N/A>
[D:\WINNT\system\WMSYS32.dll] <N/A><N/A>
[PID: 1332][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:
Symantec AntiVirus 能升級嗎？不認識這個病毒？

Win32.HLLW.Gavir.17 國內的殺毒軟件命名為「維金」病毒，感染EXE格式文件

請把Dr.Web CureIT的殺毒報告發上來，最後有哪幾個病毒清除不掉？

D:\WINNT\Dll.dll 這個文件應該有問題，請手動刪除

Q:

星期五我下班前再查了一次,沒發現病毒,可是今天中午又跳出提示rund132.exe出現錯誤,一查又中了,

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-09-04, 11:52:44 [LSFJ0008][Administrator]
Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records
[Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records
[Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records
[Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records
[Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records
[Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records
[Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records
[Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records
[Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records
[Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records
[Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records
[Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records
[Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records
[Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records
[Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records
[Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records
[Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records
[Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records
[Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records
[Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records
[Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records
[Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records
[Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records
[Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records
[Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records
[Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records
[Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records
[Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records
[Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records
[Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records
[Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records
[Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records
[Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records
[Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records
[Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records
[Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records
[Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records
[Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records
[Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records
[Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records
[Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records
[Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records
[Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records
[Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records
[Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records
[Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records
[Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records
[Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records
[Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records
[Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records
[Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records
[Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records
[Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records
[Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records
[Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records
[Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records
[Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records
[Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records
[Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records
[Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records
Total virus records: 138087
Key file: C:\工具\cureit\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] D:\WINNT\System32\smss.exe
[Scan path] D:\WINNT\system32\csrss.exe
[Scan path] D:\WINNT\system32\winlogon.exe
[Scan path] D:\WINNT\system32\services.exe
[Scan path] D:\WINNT\system32\lsass.exe
[Scan path] D:\WINNT\system32\svchost.exe
[Scan path] D:\WINNT\system32\spoolsv.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[Scan path] D:\WINNT\system32\MSTask.exe
[Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe
[Scan path] D:\WINNT\Explorer.EXE
[Scan path] D:\WINNT\system32\hkcmd.exe
[Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
[Scan path] D:\WINNT\system32\Internat.exe
[Scan path] D:\WINNT\system32\conime.exe
[Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE
[Scan path] D:\WINNT\magicset746onlinedown.exe
D:\WINNT\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - will be cured after reboot

[Scan path] D:\WINNT\system32\regsvc.exe
[Scan path] C:\工具\cureit\_start.exe
[Scan path] C:\工具\cureit\cureit.exe
[Scan path] D:\WINNT\system32\mobsync.exe
[Scan path] D:\WINNT\command\rundll32.exe
[Scan path] D:\WINNT\system32\mswdm.exe
D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved

[Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE
[Scan path] D:\WINNT\system32\mmsys.cpl
[Scan path] D:\WINNT\system32\icmui.dll
[Scan path] D:\WINNT\system32\rshx32.dll
[Scan path] D:\WINNT\system32\docprop.dll
[Scan path] D:\WINNT\system32\ntshrui.dll
[Scan path] D:\WINNT\system32\plustab.dll
[Scan path] D:\WINNT\system32\deskadp.dll
[Scan path] D:\WINNT\system32\deskmon.dll
[Scan path] D:\WINNT\system32\dssec.dll
[Scan path] D:\WINNT\system32\shscrap.dll
[Scan path] D:\WINNT\system32\diskcopy.dll
[Scan path] D:\WINNT\system32\ntlanui2.dll
[Scan path] D:\WINNT\system32\printui.dll
[Scan path] D:\WINNT\system32\dskquoui.dll
[Scan path] D:\WINNT\system32\syncui.dll
[Scan path] D:\WINNT\system32\hticons.dll
[Scan path] D:\WINNT\system32\fontext.dll
[Scan path] D:\WINNT\system32\deskperf.dll
[Scan path] D:\WINNT\system32\wshext.dll
[Scan path] D:\WINNT\system32\cryptext.dll
[Scan path] D:\WINNT\system32\NETSHELL.dll
[Scan path] D:\WINNT\system32\shdocvw.dll
[Scan path] D:\WINNT\system32\mstask.dll
[Scan path] D:\WINNT\system32\shell32.dll
[Scan path] D:\WINNT\system32\browseui.dll
[Scan path] D:\WINNT\system32\sendmail.dll
[Scan path] D:\WINNT\system32\occache.dll
[Scan path] D:\WINNT\system32\webcheck.dll
[Scan path] D:\WINNT\system32\thumbvw.dll
[Scan path] D:\WINNT\system32\appwiz.cpl
[Scan path] D:\WINNT\system32\dsfolder.dll
[Scan path] D:\WINNT\system32\dsquery.dll
[Scan path] D:\WINNT\system32\dsuiext.dll
[Scan path] D:\WINNT\system32\mydocs.dll
[Scan path] D:\WINNT\system32\cscui.dll
[Scan path] D:\WINNT\system32\mmcshext.dll
[Scan path] D:\WINNT\system32\cabview.dll
[Scan path] D:\WINNT\system32\dllcache\wabfind.dll
[Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
[Scan path] D:\WINNT\system32\cdfview.dll
[Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll
[Scan path] D:\Program Files\WinRAR\rarext.dll
[Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
[Scan path] D:\WINNT\system32\stobject.dll
[Scan path] D:\WINNT\system32\crypt32.dll
[Scan path] D:\WINNT\system32\cryptnet.dll
[Scan path] D:\WINNT\system32\cscdll.dll
[Scan path] D:\WINNT\system32\igfxsrvc.dll
[Scan path] D:\WINNT\system32\NavLogon.dll
[Scan path] D:\WINNT\system32\sclgntfy.dll
[Scan path] D:\WINNT\system32\WlNotify.dll
[Scan path] D:\WINNT\system32\wzcdlg.dll
[Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys
[Scan path] D:\WINNT\System32\drivers\afd.sys
[Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys
[Scan path] D:\WINNT\system32\DRIVERS\atapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\audstub.sys
[Scan path] d:\winnt\system32\svchost.exe
[Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys
[Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys
[Scan path] D:\WINNT\system32\cisvc.exe
[Scan path] D:\WINNT\system32\clipsrv.exe
[Scan path] D:\WINNT\system32\DRIVERS\disk.sys
[Scan path] d:\winnt\system32\dmadmin.exe
[Scan path] D:\WINNT\System32\drivers\dmboot.sys
[Scan path] D:\WINNT\System32\drivers\dmio.sys
[Scan path] D:\WINNT\System32\drivers\dmload.sys
[Scan path] D:\WINNT\system32\drivers\DMusic.sys
[Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys
[Scan path] D:\WINNT\system32\faxsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\fdc.sys
[Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys
[Scan path] D:\WINNT\system32\drivers\fltmgr.sys
[Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys
[Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys
[Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys
[Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys
[Scan path] D:\WINNT\system32\DRIVERS\intelide.sys
[Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys
[Scan path] D:\WINNT\System32\DRIVERS\irenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys
[Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys
[Scan path] D:\WINNT\system32\drivers\kmixer.sys
[Scan path] D:\WINNT\system32\drivers\kmsinput.sys
[Scan path] D:\WINNT\system32\mnmsrvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys
[Scan path] D:\WINNT\system32\DRIVERS\MPE.sys
[Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys
[Scan path] D:\WINNT\system32\msdtc.exe
[Scan path] d:\winnt\system32\msiexec.exe
[Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys
[Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys
[Scan path] D:\WINNT\system32\drivers\MSPQM.sys
[Scan path] D:\WINNT\system32\drivers\MSTEE.sys
[Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbios.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbt.sys
[Scan path] D:\WINNT\system32\netdde.exe
[Scan path] D:\WINNT\system32\drivers\netdtect.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys
[Scan path] D:\WINNT\system32\DRIVERS\parallel.sys
[Scan path] D:\WINNT\system32\DRIVERS\parport.sys
[Scan path] D:\WINNT\system32\DRIVERS\pci.sys
[Scan path] D:\WINNT\system32\DRIVERS\pciide.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys
[Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspti.sys
[Scan path] D:\WINNT\system32\drivers\RCA.sys
[Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys
[Scan path] D:\WINNT\system32\DRIVERS\redbook.sys
[Scan path] D:\WINNT\system32\locator.exe
[Scan path] d:\winnt\system32\rsvp.exe
[Scan path] D:\WINNT\System32\SCardSvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\serenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\serial.sys
[Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys
[Scan path] D:\WINNT\system32\drivers\smwdm.sys
[Scan path] D:\WINNT\system32\DRIVERS\srv.sys
[Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys
[Scan path] D:\WINNT\system32\DRIVERS\swenum.sys
[Scan path] D:\WINNT\system32\drivers\swmidi.sys
[Scan path] D:\Program Files\Symantec\SYMEVENT.SYS
[Scan path] D:\WINNT\system32\drivers\sysaudio.sys
[Scan path] D:\WINNT\system32\smlogsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys
[Scan path] D:\WINNT\system32\tlntsvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys
[Scan path] D:\WINNT\system32\DRIVERS\update.sys
[Scan path] D:\WINNT\System32\ups.exe
[Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys
[Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS
[Scan path] D:\WINNT\System32\UtilMan.exe
[Scan path] D:\WINNT\System32\drivers\vga.sys
[Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys
[Scan path] D:\WINNT\system32\drivers\wdmaud.sys
[Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS
[Scan path] D:\WINNT\system32\drivers\ialmsbw.sys
[Scan path] D:\WINNT\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 185
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 361 Kb/s
Scan time: 00:01:25
-----------------------------------------------------------------------------

[Scan path] C:\
C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured

[Scan path] D:\
D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot
D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\magicset746onlinedown.exe.delete_on_reboot infected with Win32.HLLW.Gavir.17 - will be cured after reboot
D:\WINNT\system32\config\software.LOG - read error
D:\WINNT\system32\config\default.LOG - read error
D:\WINNT\system32\config\SECURITY - read error
D:\WINNT\system32\config\SECURITY.LOG - read error
D:\WINNT\system32\config\SYSTEM.ALT - read error
D:\WINNT\system32\config\SAM - read error
D:\WINNT\system32\config\SAM.LOG - read error
D:\WINNT\system32\config\SYSTEM - read error
D:\WINNT\system32\config\SOFTWARE - read error
D:\WINNT\system32\config\DEFAULT - read error
D:\Documents and Settings\Administrator\NTUSER.DAT - read error
D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
>D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J6WRJTKD\icast[1].txtD:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STIBCDUN\mhxy[1].exe infected with Trojan.PWS.Gamania - incurable - moved
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\WinRAR\WinRAR.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Microsoft Office\Office\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Microsoft Office\Office\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 123413
Infected objects found: 37
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 34
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 663 Kb/s
Scan time: 01:41:25
-----------------------------------------------------------------------------
2006-09-04,13:45:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Tray><D:\WINNT\command\rundll32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINNT\system32\userinit.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> []

==================================
啟動資料夾
[Adobe Gamma Loader]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H>
[Microsoft Office]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N>

==================================
服務
[DefWatch / DefWatch]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KAV2005\KPfwSvc.EXE"><N/A>
[Messenger / Messenger]
<\SystemRoot\D:\WINNT\system32\services.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A>
[MeadCo ScriptX]
{1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[D:\WINNT\system32\NavLogon.dll] <N/A><N/A>
[PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 404][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 428][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 456][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374>
[PID: 476][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 508][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14>
[D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\DecSDK.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ID.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2UUE.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2AMG.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ARJ.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2CAB.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2EXE.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2GZIP.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2HQX.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LHA.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LZ.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2MIME.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2SS.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2RTF.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TAR.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TNEF.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ZIP.dll] <Symantec Corporation><3.02.07.19>
[PID: 624][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 656][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 720][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 868][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[PID: 412][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[PID: 1104][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0>
[PID: 1144][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374>
[PID: 1168][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 1284][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 536][D:\WINNT\magicset746onlinedown.exe] <N/A><N/A>
[PID: 1236][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 1384][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44>
[PID: 1356][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080>
[C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0>
[D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] <N/A><N/A>
[PID: 1348][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000>
[D:\WINNT\system\WBX3245.dll] <N/A><N/A>
[D:\WINNT\system\WMW3245.dll] <N/A><N/A>
[D:\WINNT\system\WMSYS32.dll] <N/A><N/A>
[PID: 1480][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:

<Tray><D:\WINNT\command\rundll32.exe> [] 刪除此啟動項

D:\WINNT\command\rundll32.exe 刪除這個文件

請樓主檢查一下，局域網內其他電腦是否也中了這個毒？ Win32.HLLW.Gavir.17 Viking病毒會通過網路傳播的

Windows 2000系統沒有自帶防火牆，因此對網路上面的病毒沒有防禦能力

建議裝一個防火牆軟件，如ZoneAlarm 6.0 Free 版。同時用殺毒軟件清理本機上的病毒

2006-09-04, 05:52 PM	#24 (permalink)
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	Q: 【求助】奇怪啊,Win32.HLLW.Gavir.17 殺不清就是剛才OFFCE的問題,我使用Dr.Web CureIT殺了,重啟後再殺時發現又有文件感染了這個,再次使用Dr.Web CureIT殺一次,系統確認CURED,重啟過後再查又發現有文件感染經常是winnt/rund132.exe等幾個exe文件,. 我再用System Repair Engineer,請高手再幫著看下 2006-09-01,16:24:37 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能以下內容被選中：所有的啟動專案（包括註冊表、啟動資料夾、服務等）瀏覽器載入項正在執行的工作行程（包括工作行程模塊訊息）文件關聯啟動專案註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><Internat.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation] <Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> [] ================================== 啟動資料夾 [Adobe Gamma Loader] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H> [Microsoft Office] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N> ================================== 服務 [DefWatch / DefWatch] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [Logical Disk Manager Administrative Service / dmadmin] <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Kingsoft Personal Firewall Service / KPfwSvc] <"D:\KAV2005\KPfwSvc.EXE"><N/A> [Messenger / Messenger] <\SystemRoot\D:\WINNT\system32\services.exe><N/A> [Symantec AntiVirus Client / Norton AntiVirus Server] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A> [MeadCo ScriptX] {1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\qq\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [D:\WINNT\system32\NavLogon.dll] <N/A><N/A> [PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [PID: 408][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 432][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 460][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374> [PID: 480][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 504][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14> [PID: 620][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [PID: 652][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 728][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 940][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [D:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374> [D:\WINNT\Dll.dll] <N/A><N/A> [PID: 964][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [PID: 308][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0> [PID: 1164][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374> [PID: 1180][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 808][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 1288][C:\jstax\jstax.exe] <N/A><N/A> [C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620> [PID: 304][C:\jstax\swdj.exe] <N/A><N/A> [C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\pbSYC60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\libct.dll] <N/A><N/A> [C:\jstax\libintl.dll] <N/A><N/A> [C:\jstax\libcomn.dll] <N/A><N/A> [C:\jstax\libtcl.dll] <N/A><N/A> [C:\jstax\libcs.dll] <N/A><N/A> [C:\jstax\nlmsnmp.dll] <N/A><N/A> [C:\jstax\nlwnsck.dll] <N/A><N/A> [PID: 684][D:\WINNT\WinRAR.exe] <N/A><N/A> [PID: 340][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 540][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44> [PID: 752][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080> [C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0> [PID: 1068][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106> [D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000> [D:\WINNT\system\WBX3245.dll] <N/A><N/A> [D:\WINNT\system\WMW3245.dll] <N/A><N/A> [D:\WINNT\system\WMSYS32.dll] <N/A><N/A> [PID: 1332][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["D:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: Symantec AntiVirus 能升級嗎？不認識這個病毒？ Win32.HLLW.Gavir.17 國內的殺毒軟件命名為「維金」病毒，感染EXE格式文件請把Dr.Web CureIT的殺毒報告發上來，最後有哪幾個病毒清除不掉？ D:\WINNT\Dll.dll 這個文件應該有問題，請手動刪除 Q: 星期五我下班前再查了一次,沒發現病毒,可是今天中午又跳出提示rund132.exe出現錯誤,一查又中了, ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2006-09-04, 11:52:44 [LSFJ0008][Administrator] Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4 ============================================================================= Engine version: 4.33 (4.33.4.07270) Engine API version: 2.01 [Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records [Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records [Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records [Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records [Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records [Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records [Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records [Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records [Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records [Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records [Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records [Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records [Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records [Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records [Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records [Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records [Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records [Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records [Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records [Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records [Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records [Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records [Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records [Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records [Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records [Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records [Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records [Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records [Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records [Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records [Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records [Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records [Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records [Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records [Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records [Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records [Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records [Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records [Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records [Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records [Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records [Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records [Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records [Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records [Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records [Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records [Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records [Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records [Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records [Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records [Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records [Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records [Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records [Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records [Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records [Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records [Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records [Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records [Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records [Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records Total virus records: 138087 Key file: C:\工具\cureit\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] D:\WINNT\System32\smss.exe [Scan path] D:\WINNT\system32\csrss.exe [Scan path] D:\WINNT\system32\winlogon.exe [Scan path] D:\WINNT\system32\services.exe [Scan path] D:\WINNT\system32\lsass.exe [Scan path] D:\WINNT\system32\svchost.exe [Scan path] D:\WINNT\system32\spoolsv.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [Scan path] D:\WINNT\system32\MSTask.exe [Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe [Scan path] D:\WINNT\Explorer.EXE [Scan path] D:\WINNT\system32\hkcmd.exe [Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [Scan path] D:\WINNT\system32\Internat.exe [Scan path] D:\WINNT\system32\conime.exe [Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE [Scan path] D:\WINNT\magicset746onlinedown.exe D:\WINNT\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - will be cured after reboot [Scan path] D:\WINNT\system32\regsvc.exe [Scan path] C:\工具\cureit\_start.exe [Scan path] C:\工具\cureit\cureit.exe [Scan path] D:\WINNT\system32\mobsync.exe [Scan path] D:\WINNT\command\rundll32.exe [Scan path] D:\WINNT\system32\mswdm.exe D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved [Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe [Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE [Scan path] D:\WINNT\system32\mmsys.cpl [Scan path] D:\WINNT\system32\icmui.dll [Scan path] D:\WINNT\system32\rshx32.dll [Scan path] D:\WINNT\system32\docprop.dll [Scan path] D:\WINNT\system32\ntshrui.dll [Scan path] D:\WINNT\system32\plustab.dll [Scan path] D:\WINNT\system32\deskadp.dll [Scan path] D:\WINNT\system32\deskmon.dll [Scan path] D:\WINNT\system32\dssec.dll [Scan path] D:\WINNT\system32\shscrap.dll [Scan path] D:\WINNT\system32\diskcopy.dll [Scan path] D:\WINNT\system32\ntlanui2.dll [Scan path] D:\WINNT\system32\printui.dll [Scan path] D:\WINNT\system32\dskquoui.dll [Scan path] D:\WINNT\system32\syncui.dll [Scan path] D:\WINNT\system32\hticons.dll [Scan path] D:\WINNT\system32\fontext.dll [Scan path] D:\WINNT\system32\deskperf.dll [Scan path] D:\WINNT\system32\wshext.dll [Scan path] D:\WINNT\system32\cryptext.dll [Scan path] D:\WINNT\system32\NETSHELL.dll [Scan path] D:\WINNT\system32\shdocvw.dll [Scan path] D:\WINNT\system32\mstask.dll [Scan path] D:\WINNT\system32\shell32.dll [Scan path] D:\WINNT\system32\browseui.dll [Scan path] D:\WINNT\system32\sendmail.dll [Scan path] D:\WINNT\system32\occache.dll [Scan path] D:\WINNT\system32\webcheck.dll [Scan path] D:\WINNT\system32\thumbvw.dll [Scan path] D:\WINNT\system32\appwiz.cpl [Scan path] D:\WINNT\system32\dsfolder.dll [Scan path] D:\WINNT\system32\dsquery.dll [Scan path] D:\WINNT\system32\dsuiext.dll [Scan path] D:\WINNT\system32\mydocs.dll [Scan path] D:\WINNT\system32\cscui.dll [Scan path] D:\WINNT\system32\mmcshext.dll [Scan path] D:\WINNT\system32\cabview.dll [Scan path] D:\WINNT\system32\dllcache\wabfind.dll [Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [Scan path] D:\WINNT\system32\cdfview.dll [Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll [Scan path] D:\Program Files\WinRAR\rarext.dll [Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL [Scan path] D:\WINNT\system32\stobject.dll [Scan path] D:\WINNT\system32\crypt32.dll [Scan path] D:\WINNT\system32\cryptnet.dll [Scan path] D:\WINNT\system32\cscdll.dll [Scan path] D:\WINNT\system32\igfxsrvc.dll [Scan path] D:\WINNT\system32\NavLogon.dll [Scan path] D:\WINNT\system32\sclgntfy.dll [Scan path] D:\WINNT\system32\WlNotify.dll [Scan path] D:\WINNT\system32\wzcdlg.dll [Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys [Scan path] D:\WINNT\System32\drivers\afd.sys [Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys [Scan path] D:\WINNT\system32\DRIVERS\atapi.sys [Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys [Scan path] D:\WINNT\system32\DRIVERS\audstub.sys [Scan path] d:\winnt\system32\svchost.exe [Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys [Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys [Scan path] D:\WINNT\system32\cisvc.exe [Scan path] D:\WINNT\system32\clipsrv.exe [Scan path] D:\WINNT\system32\DRIVERS\disk.sys [Scan path] d:\winnt\system32\dmadmin.exe [Scan path] D:\WINNT\System32\drivers\dmboot.sys [Scan path] D:\WINNT\System32\drivers\dmio.sys [Scan path] D:\WINNT\System32\drivers\dmload.sys [Scan path] D:\WINNT\system32\drivers\DMusic.sys [Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys [Scan path] D:\WINNT\system32\faxsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\fdc.sys [Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys [Scan path] D:\WINNT\system32\drivers\fltmgr.sys [Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys [Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys [Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys [Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys [Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys [Scan path] D:\WINNT\system32\DRIVERS\intelide.sys [Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys [Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys [Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys [Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys [Scan path] D:\WINNT\System32\DRIVERS\irenum.sys [Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys [Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys [Scan path] D:\WINNT\system32\drivers\kmixer.sys [Scan path] D:\WINNT\system32\drivers\kmsinput.sys [Scan path] D:\WINNT\system32\mnmsrvc.exe [Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys [Scan path] D:\WINNT\system32\DRIVERS\MPE.sys [Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys [Scan path] D:\WINNT\system32\msdtc.exe [Scan path] d:\winnt\system32\msiexec.exe [Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys [Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys [Scan path] D:\WINNT\system32\drivers\MSPQM.sys [Scan path] D:\WINNT\system32\drivers\MSTEE.sys [Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys [Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys [Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys [Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys [Scan path] D:\WINNT\system32\DRIVERS\netbios.sys [Scan path] D:\WINNT\system32\DRIVERS\netbt.sys [Scan path] D:\WINNT\system32\netdde.exe [Scan path] D:\WINNT\system32\drivers\netdtect.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys [Scan path] D:\WINNT\system32\DRIVERS\parallel.sys [Scan path] D:\WINNT\system32\DRIVERS\parport.sys [Scan path] D:\WINNT\system32\DRIVERS\pci.sys [Scan path] D:\WINNT\system32\DRIVERS\pciide.sys [Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys [Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys [Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys [Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys [Scan path] D:\WINNT\system32\DRIVERS\raspti.sys [Scan path] D:\WINNT\system32\drivers\RCA.sys [Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys [Scan path] D:\WINNT\system32\DRIVERS\redbook.sys [Scan path] D:\WINNT\system32\locator.exe [Scan path] d:\winnt\system32\rsvp.exe [Scan path] D:\WINNT\System32\SCardSvr.exe [Scan path] D:\WINNT\system32\DRIVERS\serenum.sys [Scan path] D:\WINNT\system32\DRIVERS\serial.sys [Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys [Scan path] D:\WINNT\system32\drivers\smwdm.sys [Scan path] D:\WINNT\system32\DRIVERS\srv.sys [Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys [Scan path] D:\WINNT\system32\DRIVERS\swenum.sys [Scan path] D:\WINNT\system32\drivers\swmidi.sys [Scan path] D:\Program Files\Symantec\SYMEVENT.SYS [Scan path] D:\WINNT\system32\drivers\sysaudio.sys [Scan path] D:\WINNT\system32\smlogsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys [Scan path] D:\WINNT\system32\tlntsvr.exe [Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys [Scan path] D:\WINNT\system32\DRIVERS\update.sys [Scan path] D:\WINNT\System32\ups.exe [Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys [Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS [Scan path] D:\WINNT\System32\UtilMan.exe [Scan path] D:\WINNT\System32\drivers\vga.sys [Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys [Scan path] D:\WINNT\system32\drivers\wdmaud.sys [Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS [Scan path] D:\WINNT\system32\drivers\ialmsbw.sys [Scan path] D:\WINNT\system32\ntsd.exe ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 185 Infected objects found: 2 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 361 Kb/s Scan time: 00:01:25 ----------------------------------------------------------------------------- [Scan path] C:\ C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured [Scan path] D:\ D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\magicset746onlinedown.exe.delete_on_reboot infected with Win32.HLLW.Gavir.17 - will be cured after reboot D:\WINNT\system32\config\software.LOG - read error D:\WINNT\system32\config\default.LOG - read error D:\WINNT\system32\config\SECURITY - read error D:\WINNT\system32\config\SECURITY.LOG - read error D:\WINNT\system32\config\SYSTEM.ALT - read error D:\WINNT\system32\config\SAM - read error D:\WINNT\system32\config\SAM.LOG - read error D:\WINNT\system32\config\SYSTEM - read error D:\WINNT\system32\config\SOFTWARE - read error D:\WINNT\system32\config\DEFAULT - read error D:\Documents and Settings\Administrator\NTUSER.DAT - read error D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error >D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J6WRJTKD\icast[1].txtD:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STIBCDUN\mhxy[1].exe infected with Trojan.PWS.Gamania - incurable - moved D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\WinRAR\WinRAR.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Microsoft Office\Office\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Microsoft Office\Office\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 123413 Infected objects found: 37 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 34 Objects deleted: 0 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 663 Kb/s Scan time: 01:41:25 ----------------------------------------------------------------------------- 2006-09-04,13:45:20 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能以下內容被選中：所有的啟動專案（包括註冊表、啟動資料夾、服務等）瀏覽器載入項正在執行的工作行程（包括工作行程模塊訊息）文件關聯啟動專案註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><Internat.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation] <Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <Tray><D:\WINNT\command\rundll32.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><D:\WINNT\system32\userinit.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> [] ================================== 啟動資料夾 [Adobe Gamma Loader] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H> [Microsoft Office] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N> ================================== 服務 [DefWatch / DefWatch] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [Logical Disk Manager Administrative Service / dmadmin] <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Kingsoft Personal Firewall Service / KPfwSvc] <"D:\KAV2005\KPfwSvc.EXE"><N/A> [Messenger / Messenger] <\SystemRoot\D:\WINNT\system32\services.exe><N/A> [Symantec AntiVirus Client / Norton AntiVirus Server] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A> [MeadCo ScriptX] {1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\qq\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [D:\WINNT\system32\NavLogon.dll] <N/A><N/A> [PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [PID: 404][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 428][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 456][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374> [PID: 476][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 508][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14> [D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\DecSDK.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ID.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2UUE.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2AMG.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ARJ.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2CAB.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2EXE.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2GZIP.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2HQX.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LHA.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LZ.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2MIME.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2SS.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2RTF.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TAR.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TNEF.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ZIP.dll] <Symantec Corporation><3.02.07.19> [PID: 624][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [PID: 656][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 720][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 868][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [PID: 412][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [PID: 1104][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0> [PID: 1144][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374> [PID: 1168][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 1284][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 536][D:\WINNT\magicset746onlinedown.exe] <N/A><N/A> [PID: 1236][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 1384][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44> [PID: 1356][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080> [C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0> [D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] <N/A><N/A> [PID: 1348][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106> [D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000> [D:\WINNT\system\WBX3245.dll] <N/A><N/A> [D:\WINNT\system\WMW3245.dll] <N/A><N/A> [D:\WINNT\system\WMSYS32.dll] <N/A><N/A> [PID: 1480][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: <Tray><D:\WINNT\command\rundll32.exe> [] 刪除此啟動項 D:\WINNT\command\rundll32.exe 刪除這個文件請樓主檢查一下，局域網內其他電腦是否也中了這個毒？ Win32.HLLW.Gavir.17 Viking病毒會通過網路傳播的 Windows 2000系統沒有自帶防火牆，因此對網路上面的病毒沒有防禦能力建議裝一個防火牆軟件，如ZoneAlarm 6.0 Free 版。同時用殺毒軟件清理本機上的病毒此帖於 2006-09-05 02:53 AM 被 psac 編輯.
	__________________
	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次