dngz.net
启动文件夹 N/A ================================== 服务 [卡巴斯基反病毒6.0 / AVP][Running/Auto Start] <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r><Kaspersky Lab> [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start] <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <D:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"d:\Program Files\WinPcap\rpcapd.exe" -d -f "d:\Program Files\WinPcap\rpcapd.ini"><NetGroup - Politecnico di Torino> [wins(WINS) / wins][Stopped/Auto Start] <"C:\WINNT\system32\winscntrl.exe"><N/A> [WMDM PMSP Service / WMDM PMSP Service][Stopped/Disabled] <C:\WINNT\system32\mspmspsv.exe><Microsoft Corporation> [Network Conning / Netwok][Stopped/Auto Start] <C:\WINNT\system32\Service.exe><Microsoft Corporation> ================================== 驱动程序 [amdk5 / amdk5][Running/Auto Start] <\?\C:\WINNT\system32\drivers\amdk5.sys><N/A> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [Kercap3.6 Server / Blcapdrv][Stopped/Manual Start] <system32\DRIVERS\blcapdrv.sys><N/A> [c12846472 / c12846472][Stopped/Boot Start] <\SystemRoot\System32\drivers\c12846472.sys><N/A> [dgdhhafc / dgdhhafc][Stopped/Boot Start] 本文来自(www.dngz.net) <\SystemRoot\system32\drivers\dgdhhafc.sys><N/A> [dmboot / dmboot][Stopped/Disabled] <System32\drivers\dmboot.sys><VERITAS Software Corp.> [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.> [HookUrl / HookUrl][Running/Auto Start] <\?\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [i81x / i81x][Running/Manual Start] <system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation> [kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab> [klif / klif][Running/System Start] <\?\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab> [LanPort / LanPort][Stopped/Auto Start] <\?\C:\WINNT\system32\drivers\LanPort.sys><N/A> [mProcRs / mProcRs][Running/Auto Start] <\?\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.> [NIC Express Virtual Miniport / NICExpressMP][Stopped/Manual Start] <system32\DRIVERS\NICXEth.sys><FalconStor Software, Inc.> [NetGroup Packet Filter Driver / NPF][Stopped/Manual Start] <system32\drivers\npf.sys><Politecnico di Torino> [npkcrypt / npkcrypt][Stopped/Auto Start] <\?\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A> [p2pfilter / p2pfilter][Stopped/Manual Start] <\?\D:\program files\grabsun\netsense\p2pfilter.sys><N/A> [parcls / parcls][Running/Auto Start] <\?\C:\WINNT\system32\drivers\parcls.sys><N/A> [PnpWmkDrv / PnpWmkDrv][Running/System Start] <\?\C:\WINNT\system32\drivers\PnpWmkDrv.sys><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> dngz.net版权所有 [RsFwDrv / RsFwDrv][Running/Auto Start] <\?\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Running/Manual Start] <system32\DRIVERS\RTL8029.SYS><REALTEK Semiconductor Corp.> [SNIFFER Protocol Driver / Sniffer][Running/Auto Start] <system32\DRIVERS\sniffer.sys><N/A> [TDDI / TDDI][Running/Auto Start] <\?\C:\WINNT\system32\drivers\tddi.sys><SafeNet China Ltd.> [TSP / TSP][Stopped/Manual Start] <\?\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab> [WmNdisDrv / WmNdisDrv][Stopped/Manual Start] <System32\Drivers\WmNdisDrv.sys><N/A> [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> ================================== 浏览器加载项 N/A ================================== 正在运行的进程 [PID: 184][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 208][\?\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 204][\?\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6970] [C:\WINNT\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299] [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 256][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700] [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [PID: 268][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902] [PID: 444][D:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30] [D:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3] [D:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2] ; [D:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9] [D:\Program Files\Rising\Rfw\MonDrv.dll] [rs, 1, 0, 0, 4] [D:\Program Files\Rising\Rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5] [D:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [PID: 520][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [PID: 576][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059] [PID: 628][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [PID: 768][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6920] [PID: 820][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100] [PID: 664][C:\WINNT\system32\Service.exe] [Microsoft Corporation, 3.02] [PID: 1000][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690] [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] [C:\WINNT\system32\PvSec.dll] [, 5, 1, 100, 2500] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304] [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299] [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299] [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299] 本文来自 www.dngz.net [PID: 1196][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000] [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 1224][D:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56] [D:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28] [D:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [D:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11] [D:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [D:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 736][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A] [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 1280][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.557\SREng.EXE] [Smallfrogs Studio, 2.3.13.690] [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 452][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}][/code]www.dngz.net
每次启动后,就有几分钟时间可以打开任何文件,可是等卡巴检测到这个病毒后,把它删除了就又不能打开任何文件了,不过之前打开过的文件是可以继续用的,如果关掉就不能再打开了!提示找不到路径! 怎么办啊!
帮帮忙! 谢谢 每次都是这样! 发现病毒后就不能打开任何文件,我之所以能打开网页,还是在我没有发发现病毒之前打开的, 刚才又发现在这个病毒了,现在又打开了! 我现在先在安全模式下用: AVG杀一下毒,不知道行不行! 麻烦各位告诉一下这病毒的特征,谢谢了!
刚刚杀出来一个! Adware ncast和Adware boran (彩信通)病毒!Adware ncast感染的文件是: C:\WINDOWS\system32\userinit.dll 我可以直接把userinit文件给删除了吗?!这个文件有什么用! 对了,我在我的日志里面看到了,有驱动程序: C:\WINNT\system32\drivers\amdk5.sys 这个是不是就是那个not-a-virus:AdWare.Win32.Ncast.m的驱动啊!我已经把这个启动给取消了! 其它的我看不出来了!
我倒·Windows 2000 Server Service Pack 4 (Build 2195)!你的2000服务器系统怎么装的卡巴斯基啊?再说卡巴斯基对个人版比较好使!对服务器没使过!感觉nod32对付服务器杀毒方面比较好!建议用nod32!卡巴杀不掉!用专杀看看有没有!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WebSecurity><C:\WINNT\system32\PvSec.dll> [] 以上注册表项目删除,并删除PvSec.dll; 这两个服务也删除,方法参看本版用户写的SREng使用说明: [wins(WINS) / wins][Stopped/Auto Start] <"C:\WINNT\system32\winscntrl.exe"><N/A> [Network Conning / Netwok][Stopped/Auto Start] <C:\WINNT\system32\Service.exe><Microsoft Corporation> 以下驱动再仔细查查,估计都不是什么好东西,可用Icesword删除,包括其注册表项目: [c12846472 / c12846472][Stopped/Boot Start] <\SystemRoot\System32\drivers\c12846472.sys><N/A> [dgdhhafc / dgdhhafc][Stopped/Boot Start] <\SystemRoot\system32\drivers\dgdhhafc.sys><N/A> [parcls / parcls][Running/Auto Start] www.dngz.net <\?\C:\WINNT\system32\drivers\parcls.sys><N/A> 结束进程删除文件及其注册表项目[PID: 664][C:\WINNT\system32\Service.exe] [Microsoft Corporation, 3.02]
谢谢,我试试,我明天再来报到哈!