瑞星卡卡安全论坛

win2000高级服务器版 装有SQL7.0 和oralce9i,由于昨晚晚通宵开机给人家录数据,到今天早上来一上班发现.兰屏了.强制性关机后.
1.提示有一个或多个服务或驱动程序启动错误.开机速度明显慢了许多.
2.进入系统后提示防火悄无法启动(瑞星2005个人版的).
3.不能打开office文档,一打开不提示:不能使用对象链接和相入.然后就自动关闭.
4.进入管理项目后在许多项目中提示RPC服务不可用.在系统日志中最多的是7001错误.
5.能复制不能粘贴.不能移动文件
6.网上邻居属性是空白的了,控制面板分了两栏,右边约点2/3,图标都到了左边
7.用马上更新的瑞星2005查不到任何病毒
8.用sfc命令修复系统文件重启还是无效
9.怀疑是三波,但是系统已经打上了SP4补丁且一直保持系统更新.
10.sql数据库启动不了
11........
目前只发现了这么多的问题,不知道高手们能不能从这些现象中判断我的电脑出了什么问题,并请帮帮忙给个解决的方案,在此先谢谢大家了.真的是很急.

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼

wait 马上,谢谢

老是说上传文件类型不对,不知道什么的能上传.txt jpg rar的好像都不能上传

我QQ是27624335.要不我QQ上传给你可以不?

直接把log的内容贴上来就可以了

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ CmaudioCmiCnfg DLLC-Media Corporationc:\winnt\system\cmicnfg.cpl

+ CnsMin3721北京三七二一科技有限公司c:\winnt\downloaded program files\conflict.1\cnsmin.dll

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwmain.exe

+ SiSPowerDynamic link library for setting Power SchemeSilicon Integrated Systems Corporationc:\winnt\system32\sispower.dll

+ snpstd3CameraMonitor ApplicationSonixc:\winnt\vsnpstd3.exe

+ thunder_mini三代科技 版权所有 (C) 2004 - 2005深圳市三代科技开发有限公司c:\program files\maxthon\thundermini\thundermini.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ Adobe Gamma Loader.lnkAdobe Gamma LoaderAdobe Systems, Inc.c:\program files\common files\adobe\calibration\adobe gamma loader.exe

+ Utility Tray.lnkSiS Compatible Super VGA Tray ApplicationSilicon Integrated Systems Corporationc:\winnt\system32\sistray.exe

HKLM\System\CurrentControlSet\Services

+ OracleOraHome90AgentOracle Intelligent Agent ExecutableOracle Corporatione:\oracle\ora90\bin\agntsrvc.exe

+ OracleOraHome90TNSListenere:\oracle\ora90\bin\tnslsnr.exe

+ OracleServiceORCLOracle RDBMS Kernel ExecutableOracle Corporatione:\oracle\ora90\bin\oracle.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\winnt\downloaded program files\conflict.1\cnshook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\winnt\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ bho Class万能五笔接口程序深圳世强软件开发部c:\program files\common files\wnwb\wnwbio.dll

+ CnsHook Class3721 CNS Module北京三七二一科技有限公司c:\winnt\downloaded program files\conflict.1\cnshook.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司e:\program files\tencent\qq\qqiehelper.dll

+ ThunderIEHelper Classxunleibho BHOc:\winnt\system32\xunleibho_v8.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ update万能五笔接口程序深圳世强软件开发部c:\program files\common files\wnwb\wnwbio.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1

+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 手机短信File not found: http://sms.3721.com/ie/index.htm?pid=401748_1006

+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多File not found: http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138

+ 雅虎助手File not found: http://cn.zs.yahoo.com/?source=Cns

http://forum.ikaka.com/topic.asp?board=28&artid=6979213
用1楼的HJ工具扫个日志发出来看看！

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 14:21:40, on 2005-11-22
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\MSSQL7\binn\sqlservr.exe
E:\oracle\ora90\bin\agntsrvc.exe
E:\oracle\ora90\BIN\TNSLSNR.exe
e:\oracle\ora90\bin\ORACLE.EXE
C:\WINNT\system32\cmd.exe
E:\oracle\ora90\bin\dbsnmp.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\Dfssvc.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINNT\system32\RunDll32.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINNT\vsnpstd3.exe
C:\Program Files\Maxthon\Thundermini\ThunderMini.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\sistray.exe
C:\WINNT\system32\stisvc.exe
C:\MSSQL7\Binn\sqlmangr.exe
E:\Program Files\Tencent\QQ\QQ.exe
C:\Documents and Settings\Administrator\桌面\hijackthis1.97_qoo\HijackThis.exe

R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v8.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CONFLICT.1\CnsHook.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [snpstd3] C:\WINNT\vsnpstd3.exe
O4 - HKLM\..\Run: [XDeskShow] C:\PROGRAM FILES\
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [thunder_mini] C:\Program Files\Maxthon\Thundermini\ThunderMini.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.pol
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: !搜一搜 - res://C:\WINNT\DOWNLO~1\CONFLICT.1\CnsMinEx.dll/1003
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Maxthon\Thundermini\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O11 - Options group: [!CNS] 
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {339C1EE2-1029-46B8-81F1-360217F26FC4} (VGAPlayer Control) - file://G:\
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A0A4F52-DFB4-4CE2-BFC7-AF6C52F905A1}: NameServer = 61.187.98.3,61.187.98.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{9A0A4F52-DFB4-4CE2-BFC7-AF6C52F905A1}: NameServer = 61.187.98.3,61.187.98.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{9A0A4F52-DFB4-4CE2-BFC7-AF6C52F905A1}: NameServer = 61.187.98.3,61.187.98.6
O17 - HKLM\System\CS3\Services\Tcpip\..\{9A0A4F52-DFB4-4CE2-BFC7-AF6C52F905A1}: NameServer = 61.187.98.3,61.187.98.6

高手们能看的出什么不?有什么需要我第一时间就会发上来.只要你能帮我解决这个问题啊.谢谢啦!

不要沉啊.我可是一直在线等啊!

换1。99版的HJ扫个日志看看！~

O4 - HKLM\..\Run: [snpstd3] C:\WINNT\vsnpstd3.exe
这个楼主知道是个啥么？