HijackThis_zww汉化版扫描日志 V1.99.1
保存于      11:05:50, 日期 2007-3-8
操作系统：  Windows 2000 RC 1.1 (WinNT 5.00.2195)
浏览器：    Internet Explorer v5.00 (5.00.2920.0000)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\IBMHPASV.EXE
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Atiptaxx.exe
C:\Program Files\Sygate\SHN\Sygate.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\System32\internat.exe
E:\Lotus\Domino\nserver.exe
C:\WINNT\System32\conime.exe
E:\Lotus\Domino\nReplica.EXE
E:\Lotus\Domino\nUpdate.EXE
E:\Lotus\Domino\nAmgr.EXE
E:\Lotus\Domino\namgr.EXE
E:\Lotus\Domino\nAdminP.EXE
E:\Lotus\Domino\nCalConn.EXE
E:\Lotus\Domino\nEvent.EXE
E:\Lotus\Domino\nSched.EXE
E:\Lotus\Domino\nStats.EXE
E:\Lotus\Domino\nHTTP.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Sygate\SHN\sgserv.exe
E:\Lotus\Domino\nIMAP.EXE
E:\Lotus\Domino\nPOP3.EXE
E:\Lotus\Domino\nLDAP.EXE
E:\Lotus\Domino\nNNTP.EXE
E:\Lotus\Domino\nDECS.EXE
E:\Lotus\Domino\nmaps.EXE
E:\Lotus\Domino\nSMTP.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\mdm.exe
C:\Documents and Settings\Administrator\桌面\HijackThis1[1].99.1\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [AtiPTA] Atiptaxx.exe
O4 - 启动项HKLM\\Run: [SyGateManager] C:\Program Files\Sygate\SHN\Sygate.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: Lotus Domino Server.lnk = E:\Lotus\Domino\nserver.exe
O4 - Startup: 快捷方式 SyGate.lnk = C:\Program Files\Sygate\SHN\SyGate.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{44A0E73F-9C6B-4E93-904B-87CC32938368}: NameServer = 202.102.3.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E30F1A-181A-4D70-ADC7-22A2D7954474}: NameServer = 202.102.3.141,202.102.3.144
O20 - Winlogon Notify: System Safety Monitor - C:\WINNT\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: IBM Active PCI Alert Service (IBMHPS) - IBM Corporation - C:\WINNT\System32\IBMHPASV.EXE
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: SyGateService (SaService) - Sygate technologies Inc. - C:\Program Files\Sygate\SHN\sgserv.exe

哪个大虾帮我看看正版瑞星装了 ，已经杀了雨薇在线病毒

啊哦,咋还有这病毒呢,没打补丁吧?
win2k...开始/运行 shutdown -a 或者出对话框的时候快速打开右下角;日期与时间,把年份调到2006年,就变成还有365day关机了.
然后下补丁,http://www.microsoft.com/china/technet/security/bulletin/MS04-011.mspx

冲击波 什么的补丁早就上了啊

999救命阿

有 没有 人帮我看 看啊