瑞星卡卡安全论坛

2006-11-25,16:55:50

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
    <Cn99QDNS><C:\Program Files\cn99qdns\Cn99qdns.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <NiceMs><C:\Program Files\Internet Explorer\PLUGINS\temp.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <FTGateIcon><C:\Program Files\FTGate\FTGateIcon.exe>  [Floosietek Ltd]
    <DU Meter><C:\Program Files\DU Meter\DUMeter.exe>  [Hagel Technologies]
    <VxTaskbarMgr><C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe>  [(Verified)VERITAS Software Corporation]
    <YDTMain.exe><C:\PROGRA~1\YDT\YDTMain.exe>  [N/A]
    <RavTask><"C:\Program Files\Rising123\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <auto><c:\winnt\dellogo.bat>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <Wnipzisrv><C:\WINNT\WMIPZISRV.EXE /s wm>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务

服务
[Backup Exec Remote Agent for Windows Servers / BackupExecAgentAccelerator]
  <"C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe"><VERITAS Software Corporation>
[Backup Exec Agent Browser / BackupExecAgentBrowser]
  <"C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe"><VERITAS Software Corporation>
[Backup Exec Device & Media Service / BackupExecDeviceMediaService]
  <"C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe"><VERITAS Software Corporation>
[Backup Exec Job Engine / BackupExecJobEngine]
  <"C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe"><VERITAS Software Corporation>
[Backup Exec Naming Service / BackupExecNamingService]
  <"C:\Program Files\VERITAS\Backup Exec\NT\benser.exe"><VERITAS Software Corporation>
[Backup Exec Server / BackupExecRPCService]
  <"C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe"><VERITAS Software Corporation>
[HP Insight Event Notifier / CIMnotify]
  <C:\WINNT\System32\CIMntfy\cimntfy.exe><Hewlett-Packard Company>
[HP Insight NIC Agent / CpqNicMgmt]
  <C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe><Hewlett-Packard Company>
[Compaq Remote Monitor Service / CpqRcmc]
  <C:\WINNT\System32\CpqRcmc.exe><Compaq>
[Version Control Agent / cpqvcagent]
  <C:\Compaq\vcagent\vcagent.exe><Hewlett-Packard Company>
[HP Insight Web Agent / CpqWebMgmt]
  <C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe><HP Corporation>
[HP Insight Foundation Agent / CqMgHost]
  <C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe><Hewlett-Packard Company>
[HP Insight Server Agents / CqMgServ]
  <C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe><Hewlett-Packard Company>
[HP Insight Storage Agents / CqMgStor]
  <C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe><Hewlett-Packard Company>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ExecView Communication Module (ECM) / ECM Service]
  <C:\Program Files\VERITAS\Backup Exec\NT\ECM\ECM.exe><VERITAS Software Corporation>
[FTGate Mail Server / FTGate Mail Server]
  <C:\Program Files\FTGate\FTGateSrv.exe><Floosietek Ltd>
[Microsoft Exchange Event / MSExchangeES]
  <C:\Program Files\Exchsrvr\bin\events.exe><Microsoft Corporation>
[Microsoft Exchange Information Store / MSExchangeIS]
  <C:\Program Files\Exchsrvr\bin\store.exe><Microsoft Corporation>
[Microsoft Exchange MTA Stacks / MSExchangeMTA]
  <C:\Program Files\Exchsrvr\bin\emsmta.exe><Microsoft Corporation>
[Microsoft Exchange System Attendant / MSExchangeSA]
  <C:\Program Files\Exchsrvr\bin\mad.exe><Microsoft Corporation>
[Microsoft Exchange Site Replication Service / MSExchangeSRS]
  <C:\Program Files\Exchsrvr\bin\srsmain.exe><Microsoft Corporation>
[Microsoft Search / MSSEARCH]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQL$BKUPEXEC / MSSQL$BKUPEXEC]
  <C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -sBKUPEXEC><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising123\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\Rising123\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLAgent$BKUPEXEC / SQLAgent$BKUPEXEC]
  <C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -i BKUPEXEC><Microsoft Corporation>
[Surveyor / Surveyor]
  <C:\compaq\survey\Surveyor.EXE><Hewlett-Packard Development Group, L.P.>
[HP ProLiant System Shutdown Service / sysdown]
  <C:\WINNT\System32\sysdown.exe><Compaq Computer Corporation>
[TapeWare / TapeWare]
  <C:\Program Files\TapeWare\TWWINSDR.EXE><N/A>

驱动程序
[4mmdat--VRTS / 4mmdat--VRTS]
  <system32\DRIVERS\04mmdat.sys><VERITAS Software>
[adpu160m / adpu160m]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[atirage3 / atirage3]
  <System32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Network Management Protocol Driver / CNMPROT]
  <System32\DRIVERS\cnmprot.sys><N/A>
[HP ProLiant iLO Advanced System Management Controller / cpqasm2]
  <System32\DRIVERS\cpqasm2.sys><Compaq Computer Corporation>
[HP Integrated Lights-Out / CpqCiDrv]
  <System32\DRIVERS\CpqCiDrv.sys><Hewlett-Packard Company>
[CPQCISSE / CPQCISSE]
  <System32\DRIVERS\CPQCISSE.sys><Hewlett-Packard Company>
[cpqcissm / cpqcissm]
  <\SystemRoot\system32\drivers\cpqcissm.sys><Hewlett-Packard Company>
[HP Network Configuration Utility 7 / CPQTeam]
  <System32\DRIVERS\cpqteam.sys><N/A>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[EXIFS / EXIFS]
  <\??\C:\WINNT\System32\drivers\exifs.sys><Microsoft Corporation>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising123\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising123\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising123\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising123\Rav\HookSys.sys><Rising>
[HP 10/100TX PCI LAN Adapter NT Driver / HPTX]
  <System32\DRIVERS\hptxnt5.sys><Hewlett-Packard Company>
[LsiCsb6 / LsiCsb6]
  <\SystemRoot\system32\drivers\LsiCsb6.sys><LSI Logic Corporation.>
[MegaIDE / MegaIDE]
  <\SystemRoot\system32\drivers\MegaIDE.sys><LSI Logic Corporation>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising123\Rav\MEMSCAN.sys><瑞星软件有限公司>
[New0 / New0]
  <\??\C:\WINNT\System32\new.sys><N/A>
[Netgroup Packet Filter / NPF]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\UNC\li\c$\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[npkycryp / npkycryp]
  <\??\UNC\li\c$\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[HP NC7781 Gigabit Server Adapter / q57w2k]
  <System32\DRIVERS\q57w2k.sys><Hewlett-Packard Company>
[RSPPSYS / RSPPSYS]
  <\??\C:\PROGRAM FILES\RISING123\RAV\RSPPSYS.sys><Rising>
[SCSIChanger / SCSIChanger]
  <System32\DRIVERS\scsichng.sys><VERITAS Software>
[symc810 / symc810]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[symmpi / symmpi]
  <\SystemRoot\system32\drivers\symmpi.sys><LSI Logic>
[sym_hi / sym_hi]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><Symbios Inc.>
[HP ProLiant System Management Interface Driver / sysmgmt]
  <System32\DRIVERS\sysmgmt.sys><Compaq Computer Corporation>

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[V3ProX Control]
  {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} <C:\WINNT\DOWNLO~1\v3prox.ocx, Ahnlab, Inc.>
[JavaPlugin.Object]
  {7B19E477-0FF8-11d4-9914-005004D3B3DB} <C:\Program Files\JavaSoft\JRE\1.2\bin\npjava122_013.dll, JavaSoft / Sun Microsystems, Inc.>
[JavaBeansBridge.Object]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\JavaSoft\JRE\1.2\bin\npjava122_013.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <\\li\c$\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <\\li\c$\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <\\li\c$\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <\\li\c$\Program Files\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 228][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 252][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 276][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[PID: 304][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 316][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 408][C:\WINNT\System32\termsrv.exe]  [Microsoft Corporation, 5.00.2195.6696]
[PID: 532][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 576][C:\Program Files\Rising123\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 584][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 668][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL]  [Zenographics, Inc., 5.50.1811.0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDDM32.DLL]  [Zenographics, Inc., 5, 52, 1023, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZGDI32.dll]  [Zenographics, Inc., 5, 51, 628, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZTAG32.dll]  [Zenographics, Inc., 5, 50, 1725, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDDMUI.DLL]  [Zenographics, Inc., 5, 51, 1211, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZLANG.dll]  [Zenographics, Inc., 1, 2, 1414, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SR32.dll]  [Zenographics, Inc., 5, 54, 315, 0]
[PID: 748][C:\Program Files\Rising123\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\Rising123\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising123\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 204][C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\benetutl.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\beclass.dll]  [VERITAS Software Corporation, 9.0.4367]
[PID: 1032][C:\Program Files\VERITAS\Backup Exec\NT\benser.exe]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\beclass.dll]  [VERITAS Software Corporation, 9.0.4367]
[PID: 1012][C:\WINNT\system32\Dfssvc.exe]  [Microsoft Corporation, 5.00.2195.6664]
[PID: 1128][C:\Program Files\FTGate\FTGateSrv.exe]  [Floosietek Ltd, 1, 2, 0, 0]
    [C:\Program Files\FTGate\Core.dll]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\ScriptSupport.dll]  [N/A, N/A]
[PID: 1160][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.7021]
[PID: 1188][C:\Program Files\FTGate\FTGate.exe]  [N/A, N/A]
    [C:\Program Files\FTGate\Core.dll]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\ScriptSupport.dll]  [N/A, N/A]
    [C:\Program Files\FTGate\Executive.dll]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\sock.dll]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\Mailbox.dll]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\MsgStore.dll]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\DataStore.dll]  [N/A, N/A]
    [C:\Program Files\FTGate\edbnt.dll]  [Simple Software Solutions, Inc., 4, 1, 1, 1]
    [C:\Program Files\FTGate\script.dll]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\Schedule.dll]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\Spool.dll]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\WebServ.dll]  [N/A, N/A]
    [C:\Program Files\FTGate\ext.dll]  [N/A, N/A]
    [C:\Program Files\FTGate\edb1nt.dll]  [Simple Software Solutions, Inc., 4, 1, 1, 1]
    [C:\Program Files\FTGate\zavScan.avs]  [N/A, N/A]
    [C:\Program Files\FTGate\FTGMon.fxt]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\inifile.fxt]  [N/A, N/A]
    [C:\Program Files\FTGate\LdapEx.fxt]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\Replicator.fxt]  [N/A, N/A]
    [C:\Program Files\FTGate\ScriptLib.fxt]  [Floosietek, 1, 2, 0, 0]
    [C:\Program Files\FTGate\SigInsert.fxt]  [N/A, N/A]
[PID: 1228][C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0534.00]
[PID: 1256][C:\WINNT\system32\ntfrs.exe]  [Microsoft Corporation, 5.00.2195.6709]
[PID: 1340][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 1344][C:\WINNT\System32\locator.exe]  [Microsoft Corporation, 5.00.2195.6619]
[PID: 1368][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 1400][C:\compaq\survey\Surveyor.EXE]  [Hewlett-Packard Development Group, L.P., 2.56]
    [C:\compaq\survey\CpqHMMO.dll]  [HP, 5.91.0]
    [C:\compaq\survey\expat.dll]  [N/A, N/A]
    [C:\compaq\survey\mssngrus.dll]  [Hewlett-Packard Development Group, L.P., 2.56]
[PID: 1544][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1568][C:\WINNT\System32\wins.exe]  [Microsoft Corporation, 5.00.2195.7005]
[PID: 1580][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1636][C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\bestdutl.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\beclass.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\bemsdk.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\SigComp230.dll]  [N/A, 2.30.003]
    [C:\Program Files\VERITAS\Backup Exec\NT\pvltypes.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr_ZH.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\devtypes.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\PROGRA~1\VERITAS\BACKUP~1\NT\ipvlapi.dll]  [VERITAS Software Corporation, 9.0.4367]
[PID: 1664][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1708][C:\WINNT\System32\CpqRcmc.exe]  [Compaq, 5.0.2.0]
[PID: 1784][C:\WINNT\System32\tcpsvcs.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1848][C:\WINNT\System32\dns.exe]  [Microsoft Corporation, 5.00.2195.6715]
[PID: 1960][C:\WINNT\System32\ismserv.exe]  [Microsoft Corporation, 5.00.2195.6684]
[PID: 1996][C:\WINNT\System32\msdtc.exe]  [Microsoft Corporation, 1999.9.3421.3]
[PID: 2128][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.2919.1]
[PID: 2288][C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe]  [VERITAS Software Corporation, 9.0.4367]

[C:\Program Files\VERITAS\Backup Exec\NT\BeSQL.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\beclass.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\bemsdk.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\SigComp230.dll]  [N/A, 2.30.003]
    [C:\Program Files\VERITAS\Backup Exec\NT\CRPE32.dll]  [Seagate Software, Inc., 8.5.0.217]
    [C:\Program Files\VERITAS\Backup Exec\NT\bestdutl.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\vxace502.dll]  [N/A, 5.2]
    [C:\Program Files\VERITAS\Backup Exec\NT\msgq.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\InstOps.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\BeCatDrv.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\bebsdu.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\bedscomn.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\shuie.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\engine_ZH.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\PROGRA~1\VERITAS\BACKUP~1\NT\schedmgrur.dll]  [VERITAS Software Corporation, 1.00.053]
    [C:\PROGRA~1\VERITAS\BACKUP~1\NT\sfcwall30u.dll]  [Seagate Software, Inc., 3, 0, 17, ]
    [C:\PROGRA~1\VERITAS\BACKUP~1\NT\schedu.dll]  [VERITAS Software Corporation, 1.00.053]
    [C:\Program Files\VERITAS\Backup Exec\NT\NS300.DLL]  [VERITAS Software Corporation, 3.00.046]
    [C:\Program Files\VERITAS\Backup Exec\NT\xerces-c_1_3.dll]  [Apache Software Foundation, 1, 3, 0]
    [C:\Program Files\VERITAS\Backup Exec\NT\SIGMAPIMAIL300U.DLL]  [N/A, 3.00.018.0]
    [C:\Program Files\VERITAS\Backup Exec\NT\SIGVIMMAIL100.DLL]  [N/A, 1.00.019]
    [C:\Program Files\VERITAS\Backup Exec\NT\SIGPRINTNOTE100.DLL]  [VERITAS Software Corporation, 1.00.005]
    [C:\Program Files\VERITAS\Backup Exec\NT\PAGER300.DLL]  [N/A, 3.00.013]
    [C:\Program Files\VERITAS\Backup Exec\NT\SigFCL250U.dll]  [N/A, 2.50.021]
    [C:\Program Files\VERITAS\Backup Exec\NT\SMTPMAIL300.DLL]  [N/A, 3.00.009]
    [C:\WINNT\system32\mapi32.dll]  [Mozilla Foundation, 1.7: 2004061610]
    [C:\PROGRA~1\VERITAS\BACKUP~1\NT\ipvlapi.dll]  [VERITAS Software Corporation, 9.0.4367]
    [C:\Program Files\VERITAS\Backup Exec\NT\beerrors_ZH.dll]  [VERITAS Software Corporation, 9.0.4367]
[PID: 2576][C:\WINNT\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
[PID: 2588][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 2960][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 2768][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[PID: 672][C:\WINNT\system32\rdpclip.exe]  [Microsoft Corporation, 5.00.2174.1]
[PID: 800][C:\Program Files\FTGate\FTGateIcon.exe]  [Floosietek Ltd, 1, 2, 0, 0]
[PID: 2892][C:\Program Files\DU Meter\DUMeter.exe]  [Hagel Technologies, 3.07 Build 192]
    [C:\Program Files\DU Meter\DUData.dll]  [Hagel Technologies, 3.07 Build 192]
[PID: 1688][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
[PID: 2068][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 3044][C:\Program Files\cn99qdns\Cn99qdns.exe]  [, 2, 0, 0, 1]
[PID: 2720][C:\Program Files\Rising123\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising123\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 3192][C:\WINNT\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
[PID: 3004][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\Program Files\Internet Explorer\PLUGINS\sb.dll]  [N/A, N/A]
    [C:\Program Files\Rising123\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
[PID: 2360][C:\Program Files\FTGate\FTGateIcon.exe]  [Floosietek Ltd, 1, 2, 0, 0]
[PID: 344][C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe]  [VERITAS Software Corporation, 9.0.4367]
[PID: 2784][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 2744][C:\Program Files\cn99qdns\Cn99qdns.exe]  [, 2, 0, 0, 1]
[PID: 1880][C:\Documents and Settings\Administrator.SERVER.000\桌面\世界上最小的内存整理\内存整理程序清空全部内存.exe]  [N/A, N/A]
[PID: 3272][C:\Documents and Settings\Administrator.SERVER.000\桌面\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

学习中

我现在更新最新版的瑞星2006也查不到病毒了，但服务器有时还是老实假死机，就是网络堵塞，我把网线拔了，又正常了，大虾们帮我看看，我这几天被它整死了，先谢谢了

删除  C:\Program Files\Internet Explorer\PLUGINS\temp.exe

      C:\WINNT\System32\new.sys><N/A>

结束进程[PID: 3004][C:\WINNT\Explorer.EXE]
新建进程 C:\WINNT\Explorer.EXE
删除 C:\Program Files\Internet Explorer\PLUGINS\sb.dll]

     

    学习中

xuexi

还有没有要修改和删除其他的阿，期待更多的答案。谢谢