压缩包中的"1frm.sys"存在于"C:\WINNT\SYSTEM32\DRIVERS\"下，创建时间和修改时间都是2003年(病毒的创建时间也可能是旧的是吗)，可随系统加载，注册表中"HKLM\SYSTEM\CurrentControlSet\Services"下有关"1frm.sys"的驱动定义，但在services.msc服务管理中看不到此服务。能暂时删除注册表中与"1frm.sys"相关的定义（压缩包中1、2、3三个reg），重启后还是会重新写注册表。

瑞星最新版或卡巴6.0最新版均提示重启后删除，但重启后不能删除，在安全模式下杀毒同样不能删除，使用瑞星、unlocker、icesword等各种粉碎文件的工具均不能删除。

同时报有病毒的文件"6rgis41.dll"在"C:\WINNT\SYSTEM32\"下，创建时间也是很旧的，2003年，不能删除，但重启后瑞星仍然报有病毒，卡巴不再报此文件是病毒。
请帮忙检测一下这两个文件怎么从系统中删除？到底是不是病毒？

也没有感觉到对系统的危害，其他服务还比较正常。

操作系统是Windows 2000 Server

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)

下载 System Repair Engineer，
http://download.kztechs.com/files/sreng2.zip
1 解压缩sreng2.zip
2 运行SREngPS.EXE
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

建议你扫个日志上来，至少我觉得提供的信息较少，最好将病毒样本给他们传一份，我也想看看结论，好学习一下

下载 System Repair Engineer，
http://download.kztechs.com/files/sreng2.zip
1 解压缩sreng2.zip
2 运行SREngPS.EXE
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

病毒样本在1楼附件里面。这个是别人的服务器，比较乱啊。下面是日志：
[CODE]

2007-09-26,11:35:03

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe">  [(Verified)Kaspersky Lab]
    <AntiARPStandalone><C:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Display Device Driver><msnmsgr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D06FBBD-702B-E0EA-1BDF-8221F498D74A}]
    <N/A><C:\WINNT\system32\winhlp.exe s>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [N/A]

==================================
启动文件夹
[DBENGINE]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\DBENGINE.EXE -->  [N/A]><N>
[TCPRECV]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\TCPRECV.EXE -->  [N/A]><N>
[快捷方式 ezproxy.exe]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式 ezproxy.exe.lnk --> F:\ezproxy\ezproxy.exe [Useful Utilities, LLC]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[卡巴斯基反病毒6.0 Windows服务器 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe" -r><Kaspersky Lab>
[BlipBook / BlipSrv][Stopped/Disabled]
  <C:\WINNT\system32\BlipSrv.exe /start><N/A>
[Systems Management Event Manager / dcevt32][Running/Auto Start]
  <C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe><Dell Inc.>
[Systems Management Data Manager / dcstor32][Running/Auto Start]
  <C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe><Dell Inc.>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Helix Server / Helix Server][Running/Auto Start]
  <f:\vod\helix\Bin\rmserver.exe><RealNetworks, Inc.>
[KBaseServer / KBaseServer][Stopped/Disabled]
  <D:\TPI45\Server\KBaseServer.exe><N/A>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Auto Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[OM Common Services / omsad][Running/Auto Start]
  <C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe><Dell Inc.>
[Remote Administrator Service / r_server][Stopped/Disabled]
  <"C:\WINNT\system32\server.exe" /service><N/A>
[Secure Port Server / Server Administrator][Running/Auto Start]
  <C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe><Dell Computer Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Stomcat / Stomcat][Running/Auto Start]
  <E:\shusheng\Jxwz\tomcat\conf\jk\jk_nt_service.exe Stomcat><N/A>
[tomcat / tomcat][Stopped/Manual Start]
  <E:\shusheng\Jxwz\tomcat1\conf\jk\jk_nt_service.exe tomcat><N/A>
[TRS4.0 / TRS40SERVICE][Running/Auto Start]
  <E:\SHUSHENG\TRS4\TRSHOME\bin\T40SERVICE.EXE -resident><N/A>

==================================
驱动程序
[1fr / 1frm][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\1frm.sys><N/A>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
  <system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[ati2mpad / ati2mpad][Running/Manual Start]
  <System32\DRIVERS\ati2mpad.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <System32\DRIVERS\b57w2k.sys><Broadcom Corporation>
[cocpyinf / cocpyinf][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cocpyinf.dll><Windows (R) 2000 DDK provider>
[Systems management base driver / dcdbas][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\dcdbas32.sys><Dell Inc.>
[Systems management IPMI driver / dcdipm][Running/Manual Start]
  <System32\DRIVERS\dcdipm32.sys><Dell Inc.>
[Systems management TVM driver / dcdtvm][Running/Manual Start]
  <System32\DRIVERS\dcdtvm32.sys><Dell Inc.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO/1000 Adapter Driver / E1000][Running/Manual Start]
  <System32\DRIVERS\e1000nt5.sys><Intel Corporation>
[Lavalys EVEREST Kernel Driver / EverestDriver][Stopped/Manual Start]
  <\??\D:\drivers\EVERESTultimate280\kerneld.wnt><N/A>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><N/A>
[klif / klif][Running/System Start]
  <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[nedrv / nedrv][Running/Auto Start]
  <\SystemRoot\system32\drivers\nedrv.sys><Moxa Technologies Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[rockusb / rockusb][Running/Manual Start]
  <system32\DRIVERS\rockusb.sys><FeiTian New Tech Inc>
[SENSE3 / SENSE3][Running/Auto Start]
  <system32\drivers\sense3.sys><Beijing Senselock>
[symmpi / symmpi][Running/Boot Start]
  <\SystemRoot\system32\drivers\symmpi.sys><LSI Logic>
[TDDI / TDDI][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\tddi.sys><SafeNet China Ltd.>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[Rainbow China UDA Driver / UDA][Stopped/Manual Start]
  <System32\Drivers\rcudawdm.sys><Rainbow China Co,. Ltd.>
[%USBLOCKServDesc% / USBLOCK][Stopped/Manual Start]
  <System32\Drivers\usblock.sys><Beijing Senselock>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
  <system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>
[PORTACCESSOR / PORTACCESSOR][Running/Manual Start]
  <\??\C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\PORTACCESSOR.sys><Dell Computer Corporation.>

==================================
浏览器加载项
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[pdfMachine]
  {56CF4856-ECB4-4e46-A897-A378821F97B9} <C:\WINNT\system32\bgstb.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 192 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 216 / SYSTEM][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 212 / SYSTEM][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.690]
[PID: 268 / SYSTEM][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 280 / SYSTEM][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 376 / SYSTEM][C:\WINNT\System32\termsrv.exe]  [Microsoft Corporation, 5.00.2195.6696]
[PID: 488 / SYSTEM][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 528 / SYSTEM][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\bgspmnt.dll]  [N/A, ]
[PID: 568 / SYSTEM][C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\shared\bin\dcsupt32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dcisep32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\dataeng\bin\dcsgen32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\dataeng\bin\dcsmil32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dcship32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
[PID: 584 / SYSTEM][C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\shared\bin\dcsupt32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dcadpt32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dccoop32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dclra32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dcosp32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dcsecp32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dctvm32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\WINNT\system32\dchbas32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\WINNT\system32\dchtvm32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dcwfm32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\dataeng\bin\dcsmil32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
[PID: 608 / SYSTEM][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 624 / SYSTEM][f:\vod\helix\Bin\rmserver.exe]  [RealNetworks, Inc., 9.0.5.1159]
    [C:\WINNT\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [f:\vod\helix\Plugins\admi3260.dll]  [RealNetworks, Inc., 6.0.2.2444]
    [f:\vod\helix\Plugins\adta3260.dll]  [RealNetworks, Inc., 6.0.7.3227]
    [f:\vod\helix\Plugins\allo3260.dll]  [RealNetworks, Inc., 6.0.2.2510]
    [f:\vod\helix\Plugins\arch3260.dll]  [RealNetworks, Inc., 6.0.2.1]
    [f:\vod\helix\Plugins\asfw3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\asnc3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\asxp3260.dll]  [RealNetworks, Inc., 6.0.2.1]
    [f:\vod\helix\Plugins\audp3260.dll]  [RealNetworks, Inc., 6.0.7.3895]
    [f:\vod\helix\Plugins\auth3260.dll]  [RealNetworks, Inc., 6.0.7.3840]
    [f:\vod\helix\Plugins\basc3260.dll]  [RealNetworks, Inc., 6.0.7.3840]
    [f:\vod\helix\Plugins\bdst3260.dll]  [RealNetworks, Inc., 6.0.7.2503]
    [f:\vod\helix\Plugins\brcv3260.dll]  [RealNetworks, Inc., 6.0.7.2510]
    [f:\vod\helix\Plugins\cdad3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\cdis3290.dll]  [N/A, ]
    [f:\vod\helix\Plugins\cssp3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\dbmg3260.dll]  [RealNetworks, Inc., 6.0.0.3089]
    [f:\vod\helix\Plugins\dbwr3260.dll]  [RealNetworks, Inc., 6.0.0.3078]
    [f:\vod\helix\Plugins\dlic3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\encf3260.dll]  [RealNetworks, Inc., 6.0.2.2407]
    [f:\vod\helix\Plugins\enco3260.dll]  [RealNetworks, Inc., 6.0.2.2431]
    [f:\vod\helix\Plugins\http3260.dll]  [RealNetworks, Inc., 6.0.7.3977]
    [f:\vod\helix\Plugins\imgf3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\incl3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\isph3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\liv33260.dll]  [RealNetworks, Inc., 6.0.2.2432]
    [f:\vod\helix\Plugins\logp3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\meif3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\meip3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\miip3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\mp3f3260.dll]  [RealNetworks, Inc., 6.0.9.2880]
    [f:\vod\helix\Plugins\mpgf3260.dll]  [RealNetworks, Inc., 6.0.7.3046]
    [f:\vod\helix\Plugins\ntau3260.dll]  [RealNetworks, Inc., 6.0.7.1073]
    [f:\vod\helix\Plugins\ntlo3260.dll]  [Progressive Networks, Inc., 6.0.2.2433]
    [f:\vod\helix\Plugins\perf3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\plus3260.dll]  [RealNetworks, Inc., 6.0.7.3225]
    [f:\vod\helix\Plugins\pply3260.dll]  [RealNetworks, Inc., 6.0.7.3279]
    [f:\vod\helix\Plugins\ppva3260.dll]  [RealNetworks, Inc., 6.0.2.2511]
    [f:\vod\helix\Plugins\ppvb3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\ppvo3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\pxad3260.dll]  [RealNetworks, Inc., 6.0.4.3503]
    [f:\vod\helix\Plugins\qtbc3260.dll]  [RealNetworks, Inc., 6.0.2.2392]
    [f:\vod\helix\Plugins\qtff3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\ramp3260.dll]  [RealNetworks, Inc., 6.0.2.1]
    [f:\vod\helix\Plugins\redb3260.dll]  [RealNetworks, Inc., 6.0.2.1308]
    [f:\vod\helix\Plugins\rmff3260.dll]  [RealNetworks, Inc., 6.0.9.1548]
    [f:\vod\helix\Plugins\rn5a3260.dll]  [RealNetworks, Inc., 6.0.7.3840]
    [f:\vod\helix\Plugins\rnca3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\rtff3260.dll]  [RealNetworks, Inc., 6.0.7.3595]
    [f:\vod\helix\Plugins\sdpp3260.dll]  [RealNetworks, Inc., 6.0.7.4077]
    [f:\vod\helix\Plugins\shel3260.dll]  [RealNetworks, Inc., 6.0.3.3237]
    [f:\vod\helix\Plugins\smlf3260.dll]  [RealNetworks, Inc., 6.0.7.3398]
    [f:\vod\helix\Plugins\smlg3260.dll]  [RealNetworks, Inc., 6.0.7.3213]
    [f:\vod\helix\Plugins\smon3260.dll]  [RealNetworks, Inc., 6.0.2.1]
    [f:\vod\helix\Plugins\smpl3260.dll]  [RealNetworks, Inc., 6.0.7.4095]
    [f:\vod\helix\Plugins\swff3260.dll]  [RealNetworks, Inc., 6.0.8.3302]
    [f:\vod\helix\Plugins\tagf3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\tmpl3260.dll]  [RealNetworks, Inc., 6.0.7.2379]
    [f:\vod\helix\Plugins\vidf3260.dll]  [N/A, ]
    [f:\vod\helix\Plugins\vivf3260.dll]  [Vivo Software, Inc., 1, 0, 0, 1]
    [f:\vod\helix\Plugins\vsrc3260.dll]  [RealNetworks, Inc., 6.0.7.3199]
    [f:\vod\helix\Plugins\wmmc3260.dll]  [RealNetworks, Inc., 6.0.2.400]
    [f:\vod\helix\Plugins\wmsr3260.dll]  [RealNetworks, Inc., 6.0.0.1161]
    [f:\vod\helix\Plugins\xmlc3260.dll]  [RealNetworks, Inc., 6.0.2.1169]

[PID: 684 / SYSTEM][C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0534.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Common Files\System\OLE DB\sqloledb.dll]  [Microsoft Corporation, 2000.081.9054.00]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.71.9054.0 built by: Lab06_N(_sqlbld)]
    [C:\Program Files\Common Files\System\OLE DB\MSDATL3.dll]  [Microsoft Corporation, 2.71.9030.0 built by: Lab06_N(dagbuild)]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\xpsqlbot.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\xpstar.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.081.9054.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0728.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\xpstar.RLL]  [Microsoft Corporation, 2000.080.0760.00]
[PID: 824 / SYSTEM][C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe]  [Dell Inc., 1.9.0]
    [C:\Program Files\Dell\OpenManage\oma\bin\dsupt32.dll]  [Dell Inc., 1.0.1]
    [C:\Program Files\Dell\OpenManage\oma\bin\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Dell\OpenManage\oma\bin\omsas32.dll]  [Dell Inc., 1.9.0]
    [C:\Program Files\Dell\OpenManage\oma\bin\dnet32.dll]  [Dell Inc., 1.0.1]
    [C:\Program Files\Dell\OpenManage\oma\bin\dweb32.dll]  [Dell Inc., 1.0.1]
    [C:\Program Files\Dell\OpenManage\oma\bin\devent32.dll]  [Dell Inc., 1.9.0]
    [C:\Program Files\Dell\OpenManage\oma\bin\omacs32.dll]  [Dell Inc., 1.0.1]
[PID: 1044 / SYSTEM][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 1076 / SYSTEM][C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe]  [Dell Computer Corporation, 1, 0, 0,1]
    [C:\Program Files\Dell\OpenManage\jre\bin\client\jvm.dll]  [N/A, ]
    [C:\Program Files\Dell\OpenManage\jre\bin\hpi.dll]  [N/A, ]
    [C:\Program Files\Dell\OpenManage\jre\bin\verify.dll]  [N/A, ]
    [C:\Program Files\Dell\OpenManage\jre\bin\java.dll]  [N/A, ]
    [C:\Program Files\Dell\OpenManage\jre\bin\zip.dll]  [N/A, ]
    [C:\Program Files\Dell\OpenManage\oma\bin\omajdb32.dll]  [Dell Inc., 1.9.0]
    [C:\Program Files\Dell\OpenManage\oma\bin\omacs32.dll]  [Dell Inc., 1.0.1]
    [C:\Program Files\Dell\OpenManage\oma\bin\omadb32.dll]  [Dell Inc., 1.9.0]
    [C:\Program Files\Dell\OpenManage\oma\bin\csda32.dll]  [Dell Inc., 1.9.0]
    [C:\Program Files\Dell\OpenManage\uninstall\dcomdb.dll]  [Dell Computer Corporation., 3, 8, 0, 3800]
    [C:\Program Files\Dell\OpenManage\oma\bin\hipda32.dll]  [Dell Inc., 1.9.0]
    [C:\Program Files\Dell\OpenManage\omsa\bin\dcship32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\shared\bin\dcsupt32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\dataeng\bin\dcsgen32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\dataeng\bin\dcsmil32.dll]  [Dell Inc., 5.2.0 (BLD_4401)]
    [C:\Program Files\Dell\OpenManage\jre\bin\net.dll]  [N/A, ]
    [C:\Program Files\Dell\OpenManage\oldiags\bin\DiagCtrlInterface.dll]  [Dell Inc., 3.1.0.156_1]
    [C:\Program Files\Dell\OpenManage\oldiags\bin\DiagCtrl.dll]  [Dell Computer Corporation., 1.0.0.33_1]
    [C:\Program Files\Dell\OpenManage\oldiags\bin\DiagFramework.dll]  [Dell Computer Corporation., 1.0.0.33_1]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\AdpRaidDevDiag.dll]  [Dell Inc., 3.9.0.0_32]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\BCMmodem.dll]  [Broadcom Corporation, 3.0.0.72_3.5.22.3]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\BRCMnetwork.dll]  [Dell Computer Corporation., 3.0.0.72_13]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\IdeDevDiag.dll]  [Dell Inc., 3.9.0.0_32]
    [C:\Program Files\Dell\OpenManage\oldiags\bin\WmiInfo.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\Intel.dll]  [Intel Corporation, 3, 0, 0, 72_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\LSIDevDiag.dll]  [Dell Inc., 3.9.0.0_32]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\ScsiDevDiag.dll]  [Dell Inc., 3.9.0.0_32]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\cddvddiag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\cmosdiag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\floppydiag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\memorydiag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\modemdiag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\networkdiag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\parallelportdiag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\pcidiag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\racdiag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\rootnodediag.dll]  [Dell Inc., 3.1.0.141_1]
    [C:\PROGRA~1\Dell\OPENMA~1\oldiags\packages\serialportdiag.dll]  [Dell Inc., 3.1.0.141_1]
[PID: 1096 / SYSTEM][C:\WINNT\System32\tcpsvcs.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1136 / SYSTEM][E:\shusheng\Jxwz\tomcat\conf\jk\jk_nt_service.exe]  [N/A, ]
[PID: 1152 / SYSTEM][E:\shusheng\jdk1.4.1\bin\java.exe]  [N/A, ]
    [E:\shusheng\jdk1.4.1\jre\bin\client\jvm.dll]  [N/A, ]
    [E:\shusheng\jdk1.4.1\jre\bin\hpi.dll]  [N/A, ]
    [E:\shusheng\jdk1.4.1\jre\bin\verify.dll]  [N/A, ]
    [E:\shusheng\jdk1.4.1\jre\bin\java.dll]  [N/A, ]
    [E:\shusheng\jdk1.4.1\jre\bin\zip.dll]  [N/A, ]
    [E:\shusheng\jdk1.4.1\jre\bin\net.dll]  [N/A, ]
[PID: 1160 / SYSTEM][E:\SHUSHENG\TRS4\TRSHOME\bin\T40SERVICE.EXE]  [N/A, ]
[PID: 1180 / SYSTEM][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\bgspdui.dll]  [Broadgun Software Pty. Ltd., 10.9 built by: WinDDK]
[PID: 1192 / SYSTEM][E:\SHUSHENG\TRS4\TRSHOME\bin\t40server.exe]  [N/A, ]
    [E:\SHUSHENG\TRS4\TRSHOME\bin\t40kit32.dll]  [N/A, ]
    [E:\SHUSHENG\TRS4\TRSHOME\bin\t40netd.dll]  [N/A, ]
    [E:\SHUSHENG\TRS4\TRSHOME\bin\t40kernel.dll]  [N/A, ]
    [E:\SHUSHENG\TRS4\TRSHOME\bin\t40shell.dll]  [N/A, ]

[PID: 1228 / SYSTEM][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1256 / SYSTEM][C:\WINNT\System32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.71.9054.0 built by: Lab06_N(_sqlbld)]
    [C:\Program Files\Common Files\System\OLE DB\MSDATL3.dll]  [Microsoft Corporation, 2.71.9030.0 built by: Lab06_N(dagbuild)]
    [C:\Certificate_user.dll]  [超星, 1, 0, 0, 1]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
[PID: 1276 / SYSTEM][C:\WINNT\System32\msdtc.exe]  [Microsoft Corporation, 1999.9.3421.3]
[PID: 1400 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.8320.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.8320.0]
[PID: 1652 / SYSTEM][C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.081.9054.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0728.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SEMMAP.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\SEMMAP.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\sqlagent.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLAGENT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\System32\sqlsrv32.dll]  [Microsoft Corporation, 2000.081.9054.00]
    [C:\WINNT\System32\sqlsrv32.rll]  [Microsoft Corporation, 2000.081.9001.00]
    [C:\WINNT\system32\DBNETLIB.DLL]  [Microsoft Corporation, 2000.081.9054]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.0760.00]
[PID: 2280 / SYSTEM][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
[PID: 2492 / Administrator][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\6rgis41.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\ShellEx.dll]  [Kaspersky Lab, 6.0.2.690]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
[PID: 2576 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
[PID: 2608 / Administrator][C:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe]  [N/A, ]
    [C:\Program Files\AntiARP Stand-alone Edition\XANTIARP.DLL]  [N/A, ]
[PID: 2756 / Administrator][F:\ezproxy\ezproxy.exe]  [Useful Utilities, LLC, 4.0h GA (2007-07-11)]
[PID: 2776 / Administrator][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
[PID: 2064 / Administrator][F:\ezproxy\ezproxy.exe]  [Useful Utilities, LLC, 4.0h GA (2007-07-11)]
[PID: 436 / IWAM_DELL-1600SC][C:\WINNT\system32\dllhost.exe]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\System32\pdm.dll]  [Microsoft Corporation, 6.00.8424]
    [C:\WINNT\System32\msdbg.dll]  [Microsoft Corporation, 6.00.8424]
[PID: 1472 / SYSTEM][C:\WINNT\system32\dllhost.exe]  [Microsoft Corporation, 5.00.2195.6692]
[PID: 2408 / Administrator][C:\WINNT\System32\mdm.exe]  [Microsoft Corporation, 6.00.8424]
    [C:\WINNT\System32\msdbg.dll]  [Microsoft Corporation, 6.00.8424]
[PID: 2360 / Administrator][E:\software\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [E:\software\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINNT\system32\MSISIP.DLL]  [Microsoft Corporation, 3.1.4000.1823]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [UltraEdit.ini]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. [UltraEdit.js]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 584, C:\PROGRAM FILES\DELL\OPENMANAGE\DATAENG\BIN\DCSTOR32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 624, F:\VOD\HELIX\BIN\RMSERVER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 684, C:\PROGRA~1\MICROS~3\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 824, C:\PROGRAM FILES\DELL\OPENMANAGE\OMA\BIN\OMSAD32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1076, C:\PROGRAM FILES\DELL\OPENMANAGE\IWS\BIN\WIN32\OMAWS32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1136, E:\SHUSHENG\JXWZ\TOMCAT\CONF\JK\JK_NT_SERVICE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1152, E:\SHUSHENG\JDK1.4.1\BIN\JAVA.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1160, E:\SHUSHENG\TRS4\TRSHOME\BIN\T40SERVICE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1192, E:\SHUSHENG\TRS4\TRSHOME\BIN\T40SERVER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1400, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1652, C:\PROGRA~1\MICROS~3\MSSQL\BINN\SQLAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2576, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2608, C:\PROGRAM FILES\ANTIARP STAND-ALONE EDITION\ANTIARP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2608, C:\PROGRAM FILES\ANTIARP STAND-ALONE EDITION\ANTIARP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2756, F:\EZPROXY\EZPROXY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2064, F:\EZPROXY\EZPROXY.EXE]

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================


[/CODE]