12   1  /  2  页   跳转

請各位高高手幫幫忙

收藏
kanglt
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-03
  • 来自:
发表于: 2006-12-03 17:13 | 只看楼主 短消息 资料
字号: 1楼

請各位高高手幫幫忙

2000server電腦不連網正常,一上網WINLOGON.exe為99%,電腦基本處於死機狀態,煩啊!同時路由器不能正常工作,請各位幫忙給個觖決辦法,附進程

Logfile of HijackThis v1.99.1
Scan saved at 下午 04:58:59, on 2006/12/3
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\IBMHPASV.EXE
C:\WINNT\System32\llssrv.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\MegaTec\UPSilon 2000\Rupsmon.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\internat.exe
D:\Program Files\Netup\NetupDAS\netupdas.exe
C:\Program Files\MegaTec\UPSilon 2000\Monw32.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
d:\Program Files\Netup\NetupDAS\SYSDB\dbeng50.exe
C:\WINNT\system32\conime.exe
C:\Program Files\KV2006\KVSrvXP.exe
C:\Program Files\KV2006\UIHost.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINNT\system32\NaviHelper.dll (file missing)
O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} - C:\Program Files\KV2006\KVBHO.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\KV2006\KvShell.dll
O3 - Toolbar: @msdxmLC.dll,-1@1028,收音機[&R] - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 江民?毒工具? - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2006\KvShell.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [KvXP] "C:\Program Files\KV2006\KvXP.kxp" /ScanBoot /ScanSys
O8 - Extra context menu item: !搜一搜(&S) - res://C:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O9 - Extra button: Yahoo 1G電郵 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126938186593
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://jscert02.jihsun.com.tw/onsite/vspta3_1021.cab
O16 - DPF: {6FA2E8DF-473F-44FB-B8AA-69ED6EC00860} (HiScripting.clsFileSystem) - https://jscert02.jihsun.com.tw/onsite/HiScripting.CAB
O16 - DPF: {CF85459D-DFA7-4028-A065-3C6D1356DCC8} (CertInstall Control) - http://gd.chinavnet.com/CertInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B506195A-6F51-493F-979B-FDBD882F69DD}: NameServer = 192.168.0.1
O20 - Winlogon Notify: MicroCSC - C:\WINNT\SYSTEM32\sysdrv.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM Active PCI Alert Service (IBMHPS) - IBM Corporation - C:\WINNT\System32\IBMHPASV.EXE
O23 - Service: KVSrvXP - Jiangmin Co. Ltd - C:\Program Files\KV2006\KVSrvXP.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\MegaTec\UPSilon 2000\Rupsmon.exe

最后编辑2007-03-12 10:37:37
分享到:
gototop
 
我怕aaa病毒
头像
自信弱冠狮
  • 帖子:436
  • 注册: 2006-09-03
  • 来自:陕西洛川
发表于: 2006-12-03 17:24 | 短消息 资料
字号: 2楼

d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe什么东西啊
d:\Program Files\Netup\NetupDAS\SYSDB\dbeng50.exe没见过
再用360清下流氓,用完卸掉http:\\360safe.com\
gototop
 
海上有浪
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2006-12-02
  • 来自:
发表于: 2006-12-03 17:33 | 短消息 资料
字号: 3楼

大家如果电脑中毒了
现在也没什么了
周末可以免费杀毒了
是瑞星周末免费杀毒
那网站是:http://cn.zs.yahoo.com/virus.htm?f=D1_1
如果你们的电脑中毒了
不访试一 下
真不错哦
gototop
 
我怕aaa病毒
头像
自信弱冠狮
  • 帖子:436
  • 注册: 2006-09-03
  • 来自:陕西洛川
发表于: 2006-12-03 17:51 | 短消息 资料
字号: 4楼

没试过,最好别进,小心有毒
gototop
 
kanglt
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-03
  • 来自:
发表于: 2006-12-04 12:41 | 只看楼主 短消息 资料
字号: 5楼

d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe什么东西啊
d:\Program Files\Netup\NetupDAS\SYSDB\dbeng50.exe没见过
這幾個我認識不是病毒,請高手支持下,問題還是沒解決
gototop
 
6981313
头像
强壮不惑狮
  • 帖子:880
  • 注册: 2006-04-24
  • 来自:
发表于: 2006-12-04 13:03 | 短消息 资料
字号: 6楼

到http://free5.ys168.com/?jxsbb
下载sreng2.zip 0.4MB 系统扫描工具,解压,打开,运行,执行扫描,保存日志,将日志内容贴上来,注意不要改动,一次贴不完,分多次贴!扫描前关闭所有手工打开的软件和窗口!
gototop
 
kanglt
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-03
  • 来自:
发表于: 2006-12-04 19:00 | 只看楼主 短消息 资料
字号: 7楼

2006-12-04,18:30:04

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Advanced Server Service Pack 4 (Build 2195)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><C:\WINNT\system32\awgina.dll>  [Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [N/A]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MicroCSC]
    <WinlogonNotify: MicroCSC><sysdrv.dll>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\ss3dfo.scr>  [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Netup Distributed Application Server]
  <C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Netup Distributed Application Server.lnk --> D:\PROGRA~1\Netup\NetupDAS\netupdas.exe [N/A]><N>
[Rupsmon Daemon]
  <C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Rupsmon Daemon.lnk --> C:\PROGRA~1\MegaTec\UPSILO~1\Monw32.exe [N/A]><N>
[Service Manager]
  <C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Service Manager.lnk --> C:\PROGRA~1\MICROS~2\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
gototop
 
kanglt
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-03
  • 来自:
发表于: 2006-12-04 19:01 | 只看楼主 短消息 资料
字号: 8楼

Services
[pcAnywhere Host Service / awhost32]
  <C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[IBM Active PCI Alert Service / IBMHPS]
  <C:\WINNT\System32\IBMHPASV.EXE><IBM Corporation>
[Microsoft Search / MSSEARCH]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
  <d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Rupsmon / Rupsmon]
  <C:\Program Files\MegaTec\UPSilon 2000\Rupsmon.exe><Mega System Technologies, Inc.>
[SQLSERVERAGENT / SQLSERVERAGENT]
  <d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>

==================================
Drivers
[atirage3 / atirage3]
  <System32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[awlegacy / awlegacy]
  <\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST]
  <system32\drivers\aw_host5.sys><Symantec Corporation>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k]
  <System32\DRIVERS\b57w2k.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[邏輯磁碟管理員驅動程式 / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Gernuwa / Gernuwa]
  <C:\WINNT\SYSTEM32\DRIVERS\Gernuwa.SYS><Symantec Corporation>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IBMHPA / IBMHPA]
  <System32\DRIVERS\ibmhpa.sys><IBM Corporation>
[IBM Active PCI Filter Driver / IBMHPF]
  <\SystemRoot\System32\DRIVERS\ibmhpf.sys><IBM Corporation>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星?件有限公司>
[mProcRs / mProcRs]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[New0 / New0]
  <\??\C:\WINNT\system32\new.sys><N/A>
[IBM ServeRAID 4M/4Mx/4L/4Lx Device Driver / nfrd960]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[IBM ServeRAID 4M/4Mx/4L/4Lx Performance Driver / nfrdperf]
  <\SystemRoot\system32\drivers\nfrdperf.sys><IBM Corporation>
[直接平行連接埠連結驅動程式 / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[目的特殊的公用驅動程式 / spud]
  <\SystemRoot\System32\drivers\spud.sys><N/A>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[Symmpi / Symmpi]
  <\SystemRoot\System32\DRIVERS\symmpi.sys><LSI Logic>
[IBM ServeRAID Failover Driver / twintail]
  <\SystemRoot\system32\drivers\twintail.sys><IBM Corporation>
gototop
 
kanglt
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-03
  • 来自:
发表于: 2006-12-04 19:02 | 只看楼主 短消息 资料
字号: 9楼

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[NaviHelperObj Class]
  {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINNT\system32\NaviHelper.dll, N/A>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A>
[Yahoo 1G電郵]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[@msdxmLC.dll,-1@1028,收音機[&R]]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[VSPTA Class]
  {6F7864F9-DB33-11D3-8166-0060B0F885E6} <C:\WINNT\Downloaded Program Files\Ptav3.dll, >
[HiScripting.clsFileSystem]
  {6FA2E8DF-473F-44FB-B8AA-69ED6EC00860} <C:\WINNT\Downloaded Program Files\HiScripting.dll, HiTRUST>
[CertInstall Control]
  {CF85459D-DFA7-4028-A065-3C6D1356DCC8} <C:\WINNT\DOWNLO~1\CERTIN~1.OCX, onewave inc>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[!搜一搜(&S)]
  <res://C:\WINNT\DOWNLO~1\CnsMinEx.dll/1003, N/A>

==================================
Running Processes
[PID: 184][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 204][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 152][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\awgina.dll]  [Symantec Corporation, 10.0.1.370]
    [C:\WINNT\system32\sysdrv.dll]  [N/A, N/A]
[PID: 256][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 268][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 352][C:\WINNT\System32\termsrv.exe]  [Microsoft Corporation, 5.00.2195.6696]
[PID: 468][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
    [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 488][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 568][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 624][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\awmon.dll]  [Symantec Corporation, 9.2.1]
[PID: 688][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 728][C:\WINNT\System32\IBMHPASV.EXE]  [IBM Corporation, 5.1.1.1]
[PID: 764][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.7021]
[PID: 828][d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0760.00]
[PID: 820][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 472][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 1032][C:\Program Files\MegaTec\UPSilon 2000\Rupsmon.exe]  [Mega System Technologies, Inc., 2, 0, 278, 0]
[PID: 1072][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 1116][C:\WINNT\System32\lserver.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 1212][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1236][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1268][C:\WINNT\system32\Dfssvc.exe]  [Microsoft Corporation, 5.00.2195.6664]
[PID: 1304][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.8320.0]
[PID: 1468][d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe]  [Microsoft Corporation, 2000.080.0760.00]
[PID: 1660][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1672][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\KV2006\KVBHO.dll]  [Jiangmin Co.Ltd, 9.0.6.0113]
    [C:\Program Files\KV2006\KVAddrDb.dll]  [Jiangmin Co.Ltd, 9, 0, 0, 1018]
    [C:\Program Files\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 913]
    [C:\Program Files\KV2006\GUIExt.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 927]
    [C:\Program Files\KV2006\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
[PID: 1644][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 1892][C:\Program Files\MegaTec\UPSilon 2000\Monw32.exe]  [N/A, N/A]
[PID: 1908][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0760.00]
[PID: 1608][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
[PID: 576][D:\Program Files\Netup\NetupDAS\netupdas.exe]  [N/A, N/A]
    [D:\Program Files\Netup\NetupDAS\PBVM60.dll]  [Sybase Inc., 6.5.1.620]
    [D:\Program Files\Netup\NetupDAS\pbdwe60.dll]  [Sybase Inc., 6.5.00.444]
    [D:\Program Files\Netup\NetupDAS\pbODB60.dll]  [Sybase Inc., 6.5.1.620]
    [d:\Program Files\Netup\NetupDAS\SysDB\wod50t.dll]  [N/A, N/A]
    [d:\Program Files\Netup\NetupDAS\SysDB\dbl50t.dll]  [N/A, N/A]
    [d:\Program Files\Netup\NetupDAS\SysDB\wl50ent.dll]  [N/A, N/A]
    [D:\Program Files\Netup\NetupDAS\pbmss60.dll]  [Sybase Inc., 6.5.1.620]
[PID: 960][d:\Program Files\Netup\NetupDAS\SYSDB\dbeng50.exe]  [N/A, N/A]
    [d:\Program Files\Netup\NetupDAS\SYSDB\wl50ent.dll]  [N/A, N/A]
[PID: 2388][D:\Program Files\Netup\NetupDAS\upd_onhand.exe]  [N/A, N/A]
    [D:\Program Files\Netup\NetupDAS\PBVM60.dll]  [Sybase Inc., 6.5.1.620]
    [D:\Program Files\Netup\NetupDAS\pbmss60.dll]  [Sybase Inc., 6.5.1.620]
    [D:\Program Files\Netup\NetupDAS\pbdwe60.dll]  [Sybase Inc., 6.5.00.444]
[PID: 396][C:\WINNT\system32\cmd.exe]  [Microsoft Corporation, 5.00.2195.6995]
[PID: 2524][C:\WINNT\system32\mmc.exe]  [Microsoft Corporation, 5.00.2195.7102]
    [C:\WINNT\System32\dmutil.dll]  [VERITAS Software Corp., 2195.6605.297.3]
    [C:\WINNT\System32\dfrgsnap.dll]  [Executive Software International, Inc., 5.00.2195.6605]
    [C:\WINNT\system32\DfrgRes.dll]  [Executive Software International, Inc., 5.00.2150.1]
[PID: 2100][C:\Documents and Settings\Administrator\My Documents\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1      localhost

==================================
gototop
 
kanglt
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-03
  • 来自:
发表于: 2006-12-04 19:07 | 只看楼主 短消息 资料
字号: 10楼

謝謝各位高手,請幫幫忙,機器不插網線基本正常,一插上綱線幾分鐘電腦就死了CPU100%,同時整個網絡都不能上外網,現在已發現有5台穎似病例了,將其隔離後整個網絡又正常了,18.56.02的瑞星發現不了病毒,我快暈死了。。。。。。。
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT