各位：
  小弟的服务器最近总是向外发送大量数据包，请帮忙分析一下是什么原因导致的，谢谢！
HijackThis_815汉化版扫描日志 V1.99.1
保存于      12:01:55, 日期 2006-11-24
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\msdtc.exe
F:\CMailServer\CMailServer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Iparmor\Iparmor.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\KDCOM\KDSVRMGR.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\conime.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\ntfrs.exe
g:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
F:\tools\HijackThis1991zww.exe

O4 - 启动项HKLM\\Run: [CMailServer] F:\CMailServer\CMailServer.exe
O4 - 启动项HKLM\\Run: [Super Rabbit Desktop Set] C:\Program Files\Super Rabbit\MagicSet\DS.EXE /Load
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zelong.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C0E2BA4-7A12-496C-B322-807C6C8EB16A}: NameServer = 1.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zelong.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C0E2BA4-7A12-496C-B322-807C6C8EB16A}: NameServer = 1.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zelong.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C0E2BA4-7A12-496C-B322-807C6C8EB16A}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: apihookdll.dll
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - NT 服务: KDDelegateService - KINGDEE - C:\Program Files\Kingdee\K3ERP\KDDelegateService.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -log "*:EventLog:0" -log Connections:EventLog:100 -service (file missing)

运行Hijackthis，把下面的选中打上钩，修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\dllhost.exe这个自己查一下

可能中了 arp

神兄，是不是删除DLLHOST.exe这个文件就可以了呢，谢谢你。

谢谢二楼的版主，中了ARP应该怎么解决呢，我刚才在网上查了一下，说种了ARP后进程中有个DAT文件，我的没有哦

我认为与C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
进程有关。应该给SQL数据库打补丁就能解决。