瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】服务器上中毒..高手帮忙 紧急求救!

12   2  /  2  页   跳转

【求助】服务器上中毒..高手帮忙 紧急求救!

收藏
aabbcc112233
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-30 00:40 | 显示全部 短消息 资料
字号: 11楼

[PID: 3528][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 3548][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 3636][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 2644][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 2724][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 2964][C:\WINDOWS\system32\rdpclip.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 3048][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 3076][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 2200][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 3064][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 3804][C:\WINDOWS\system32\mmc.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1660][c:\windows\system32\inetsrv\w3wp.exe]  <Microsoft Corporation><6.0.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\49at.com\dll\eyzg.dll]  <易影中国网络技术有限公司 ><7.00>
[PID: 4016][c:\windows\system32\inetsrv\w3wp.exe]  <Microsoft Corporation><6.0.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [\\?\D:\PHP_Setup_for_IIS\PHP4\sapi\php4isapi.dll]  <N/A><N/A>
    [d:\PHP_Setup_for_IIS\PHP4\php4ts.dll]  <The PHP Group><4.4.2.2>
    [d:\PHP_Setup_for_IIS\PHP4\lib\ZendExtensionManager.dll]  <N/A><N/A>
    [d:\PHP_Setup_for_IIS\PHP4\extensions\php_gd2.dll]  <N/A><N/A>
    [d:\PHP_Setup_for_IIS\PHP4\extensions\php_mbstring.dll]  <N/A><N/A>
    [d:\PHP_Setup_for_IIS\PHP4\extensions\php_pgsql.dll]  <N/A><N/A>
    [d:\PHP_Setup_for_IIS\PHP4\extensions\php_sockets.dll]  <N/A><N/A>
    [d:\PHP_Setup_for_IIS\PHP4\lib\Optimizer-2.6.0\php-4.4.x\ZendOptimizer.dll]  <N/A><N/A>
[PID: 2948][F:\xuwuping\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [%WINDIR%\System32\CScript.exe //nologo "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
aabbcc112233
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-30 00:57 | 显示全部 短消息 资料
字号: 12楼

日志已经上了
请高手帮忙看看
gototop
 
aabbcc112233
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-30 01:18 | 显示全部 短消息 资料
字号: 13楼

有谁能够帮问看看
刚才
开始→运行→输入services.msc,打开“服务”→查找 Windows Management Instrumentation→双击→启动类型→禁止→停止→应用→确定。禁止Windows Management Instrumentation这个服务

重起后连接不是服务器
有高手帮忙
谢谢
gototop
 
aabbcc112233
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-30 01:21 | 显示全部 短消息 资料
字号: 14楼

紧急求救
现在服务器上所以的东西都打不开
gototop
 
aabbcc112233
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-30 01:41 | 显示全部 短消息 资料
字号: 15楼

请高手帮看一下
现在有解决的办法吗
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT