[CODE]
2009-11-06,09:38:34
System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AtiPTA><Atiptaxx.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll>  [(Verified)Microsoft Windows 2000 Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><stobject.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    <WinlogonNotify: wzcnotif><wzcdlg.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <自定义浏览器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
    <EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{735B2C59-7C9F-44CD-93C4-A1D9660F9F17}]
    <N/A><C:\WINNT\windower.exe>  [Jiangmin Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [File is missing]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]
==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
==================================
服务
[360ver.dll / 360ver.dll][Running/Auto Start]
  <C:\WINNT\system32\qrkbin.exe><360安全中心>
[360安全卫士系统漏洞安全更新 / 360安全卫士系统漏洞安全更新][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k "360安全卫士系统漏洞安全更新"-->C:\WINNT\system32\efcebf.dll><Microsoft Corporation>
[360安全卫士系统防御模块 / 360安全卫士系统防御模块][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k "360安全卫士系统防御模块"-->C:\WINNT\system32\bb11f4.dll><Microsoft Corporation>
[360安全卫士自我保护组件 / 360安全卫士自我保护组件][Running/Auto Start]
  <C:\WINNT\System32\svchost.exe -k "360安全卫士自我保护组件"-->C:\WINNT\system32\11a9b59.dll><Microsoft Corporation>
[360杀毒全盘文件实时监控 / 360杀毒全盘文件实时监控][Running/Auto Start]
  <C:\WINNT\system32\nvscv.exe><360安全中心>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <d:\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Nationalgub Instruments Domain Service / Nationalxjs][Stopped/Auto Start]
  <C:\WINNT\system32\eumseg.exe><(File is missing)>
[office升级补丁 / office升级补丁][Running/Auto Start]
  <C:\WINNT\system32\lassq.exe><360安全中心>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
  <d:\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Mnnection Sharser / tcways][Running/Auto Start]
  <C:\WINNT\System32\svchost.exe -k krnlsrvc-->C:\WINNT\system32\RlmktrC.dll><@ Microsoft Corporation. All rights reserved.>
[Windowskxxgh Help System / WinHelpkxxgh][Stopped/Manual Start]
  <C:\WINNT\system32\WinHelpkkxxgh.exe><Beijing Rising Information Technology Co., Ltd.>
[VNC Server Version 4 / WinVNC4][Running/Manual Start]
  <"C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service><RealVNC Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[ati2mpad / ati2mpad][Running/Manual Start]
  <system32\DRIVERS\ati2mpad.sys><ATI Technologies Inc.>
[atirage3 / atirage3][Stopped/Manual Start]
  <system32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start]
  <system32\DRIVERS\e1000nt5.sys><Intel Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, (Signed) Microsoft Corporation>
==================================
正在运行的进程
[PID: 172][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 216][\??\C:\WINNT\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6898]
[PID: 244][C:\WINNT\system32\services.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 256][C:\WINNT\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6902]
[PID: 448][C:\WINNT\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 476][C:\WINNT\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6659]
[PID: 504][C:\WINNT\system32\msdtc.exe]  [(Verified) Microsoft Corporation, 1999.9.3421.3]
[PID: 628][C:\WINNT\system32\qrkbin.exe]  [360安全中心, 1, 0, 0, 1053]
[PID: 648][C:\WINNT\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
    [c:\winnt\system32\11a9b59.dll]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\WINNT\system32\nvscv.exe]  [360安全中心, 1, 0, 0, 1053]
[PID: 676][C:\WINNT\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 720][C:\WINNT\System32\llssrv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6697]
[PID: 752][d:\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\xpsqlbot.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 844][C:\WINNT\system32\lassq.exe]  [360安全中心, 1, 0, 0, 1053]
[PID: 872][C:\WINNT\system32\regsvc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6701]
[PID: 352][C:\WINNT\system32\MSTask.exe]  [(Verified) Microsoft Corporation, 4.71.2195.6704]
[PID: 928][C:\WINNT\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
    [c:\winnt\system32\rlmktrc.dll]  [@ Microsoft Corporation. All rights reserved., 5.1.2600.2180]
[PID: 992][C:\WINNT\system32\Dfssvc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6664]
[PID: 1012][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.5512.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.5512.0]
[PID: 1040][C:\WINNT\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 1156][C:\WINNT\Explorer.EXE]  [(Verified) Microsoft Corporation, 5.00.3700.6690]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1184][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
[PID: 1220][C:\WINNT\system32\Atiptaxx.exe]  [ATI Technologies, Inc., 6.13.2523]
    [C:\WINNT\system32\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.13.2523]
    [C:\WINNT\system32\atipdsxx.dll]  [ATI Technologies, Inc., 6.13.2523]
[PID: 1248][C:\WINNT\system32\internat.exe]  [(Verified) Microsoft Corporation, 5.00.2920.0000]
[PID: 1260][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1384][d:\MICROS~1\MSSQL\binn\sqlagent.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\SEMMAP.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\Resources\2052\SEMMAP.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\Resources\2052\sqlagent.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL\binn\SQLAGENT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1192][C:\WINNT\system32\mmc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\dmutil.dll]  [VERITAS Software Corp., 2195.6605.297.3]
    [C:\WINNT\system32\dfrgsnap.dll]  [Executive Software International, Inc., 5.00.2195.6605]
    [C:\WINNT\system32\DfrgRes.dll]  [Executive Software International, Inc., 5.00.2150.1]
[PID: 1240][C:\WINNT\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6655]
[PID: 1488][C:\Program Files\RealVNC\VNC4\WinVNC4.exe]  [RealVNC Ltd., 版本 4.0]
    [C:\Program Files\RealVNC\VNC4\wm_hooks.dll]  [RealVNC Ltd., 4.0]
[PID: 1388][C:\WINNT\system32\cmd.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6824]
[PID: 580][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
[PID: 1520][C:\WINNT\regedit.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6707]
[PID: 1392][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 364][C:\Documents and Settings\Administrator\桌面\sreng2\SREc5e366b1.EXE]  [Smallfrogs Studio, 2.8.1.1279]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
==================================

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 752, D:\MICROS~1\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 844, C:\WINNT\SYSTEM32\LASSQ.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1012, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1260, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1384, D:\MICROS~1\MSSQL\BINN\SQLAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1488, C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1392, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
(Surrogate)支持包及增强型区位输入法安全更新，2001 年 6 月 20 日
Microsoft .NET Framework 版本 1.1，简体中文版
DirectX 9.0c 最终用户运行时
KB842773,  用于后台智能传输服务 (BITS) 2.0 和 WinHTTP 5.1 的更新程序 (KB842773)
KB893803,  Microsoft Windows 安装程序 3.1
KB870669,  ADODB.stream 关键更新程序 (KB870669)
KB901214,  Windows 2000 安全更新程序 (KB901214) MS05-036
KB893756,  Windows 2000 安全更新程序 (KB893756) MS05-040
KB899591,  Windows 2000 安全更新程序 (KB899591) MS05-041
KB899587,  Windows 2000 安全更新程序 (KB899587) MS05-042
KB896423,  Windows 2000 安全更新程序 (KB896423) MS05-043
KB905414,  Windows 2000 安全更新程序 (KB905414) MS05-045
KB899589,  Windows 2000 安全更新程序 (KB899589) MS05-046
KB901017,  Windows 2000 安全更新程序 (KB901017) MS05-048
KB896422,  Windows 2000 安全更新程序 (KB896422) MS05-027
KB896358,  Windows 2000 安全更新程序 (KB896358) MS05-026
KB900725,  Windows 2000 安全更新程序 (KB900725) MS05-049
KB905749,  Windows 2000 安全更新程序 (KB905749) MS05-047
KB905495,  用于 Windows 2000 的 Internet Explorer 6 Service Pack 1 安全更新程序 (KB905495) MS05-044
KB911564,  Windows Media Player 插件安全更新程序 (KB911564) MS06-006
KB908531,  Windows 2000 安全更新程序 (KB908531) MS06-015
KB829019,  Microsoft .NET Framework 2.0： x86 (KB829019)
KB913580,  Windows 2000 安全更新程序 (KB913580) MS06-018
KB911280,  Windows 2000 安全更新程序 (KB911280) MS06-025
KB914388,  Windows 2000 安全更新程序 (KB914388) MS06-036
KB917008,  Windows 2000 安全更新程序 (KB917008) MS06-044
KB920670,  Windows 2000 安全更新程序 (KB920670) MS06-050
KB920683,  Windows 2000 安全更新程序 (KB920683) MS06-041
KB921398,  Windows 2000 安全更新程序 (KB921398) MS06-045
KB921398,  根证书更新程序
KB923191,  Windows 2000 安全更新程序 (KB923191) MS06-057
KB923980,  Windows 2000 安全更新程序 (KB923980) MS06-066
KB924270,  Windows 2000 安全更新程序 (KB924270) MS06-070
KB928843,  Windows 2000 安全更新程序 (KB928843) MS07-008
KB924667,  Windows 2000 安全更新程序 (KB924667) MS07-012
KB918118,  Windows 2000 安全更新程序 (KB918118) MS07-013
KB926436,  Windows 2000 安全更新程序 (KB926436) MS07-011
KB925902,  Windows 2000 安全更新程序 (KB925902) MS07-017
KB920213,  Windows 2000 安全更新程序 (KB920213) MS06-068
KB935839,  Windows 2000 安全更新程序 (KB935839) MS07-035
KB925398,  Windows Media Player 6.4 安全更新程序 (KB925398) MS06-078
KB926122,  Windows 2000 安全更新程序 (KB926122) MS07-039
KB938827,  Windows 2000 安全更新程序 (KB938827) MS07-051
KB891861,  Windows 2000 Service Pack 4 更新汇总 1 (KB891861)
KB923810,  Windows 2000 安全更新程序 (KB923810) MS07-055
KB941569,  Windows 2000 安全更新程序 (KB941569) MS07-068
KB937894,  Windows 2000 安全更新程序 (KB937894) MS07-065
KB943485,  Windows 2000 安全更新程序 (KB943485) MS08-002
KB943055,  Windows 2000 安全更新程序 (KB943055) MS08-008
KB945553,  Windows 2000 安全更新程序 (KB945553) MS08-020
KB944338,  Windows 2000 安全更新程序 (KB944338) MS08-022
KB950749,  Windows 2000 安全更新程序 (KB950749) MS08-028
KB951748,  Windows 2000 安全更新程序 (KB951748) MS08-037
KB950974,  Windows 2000 安全更新程序 (KB950974) MS08-049
KB952954,  Windows 2000 安全更新程序 (KB952954) MS08-046
KB958644,  Windows 2000 安全更新程序 (KB958644) MS08-067
KB955069,  Windows 2000 安全更新程序 (KB955069) MS08-069
KB957097,  Windows 2000 安全更新程序 (KB957097) MS08-068
KB954600,  Windows 2000 安全更新程序 (KB954600) MS08-076
KB956802,  Windows 2000 安全更新程序 (KB956802) MS08-071
KB952069,  Windows 2000 安全更新程序 (KB952069) MS08-076
KB958687,  Windows 2000 安全更新程序 (KB958687) MS09-001
KB960225,  Windows 2000 安全更新程序 (KB960225) MS09-007
KB967715,  Windows 2000 更新程序 (KB967715)
KB909520,  Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520)
KB960803,  Windows 2000 安全更新程序 (KB960803) MS09-013
KB959426,  Windows 2000 安全更新程序 (KB959426) MS09-015
KB923561,  Windows 2000 安全更新程序 (KB923561) MS09-010
KB952004,  Windows 2000 安全更新程序 (KB952004) MS09-012
KB961501,  Windows 2000 安全更新程序 (KB961501) MS09-022
KB968537,  Windows 2000 安全更新程序 (KB968537) MS09-025
KB970238,  Windows 2000 安全更新程序 (KB970238) MS09-026
KB971633,  DirectX 9 for Windows 2000 安全更新程序 (KB971633) MS09-028
KB961371,  Windows 2000 安全更新程序 (KB961371) MS09-029
KB971557,  Windows 2000 安全更新程序 (KB971557) MS09-038
KB973540,  用于 Windows 2000 的 Windows Media Player 9 安全更新程序 (KB973540) MS09-037
KB973869,  Windows 2000 安全更新程序 (KB973869) MS09-037
KB958470,  Windows 2000 安全更新程序 (KB958470) MS09-044
KB973507,  Windows 2000 安全更新程序 (KB973507) MS09-037
KB960859,  Windows 2000 安全更新程序 (KB960859) MS09-042
KB973354,  用于 Windows 2000 的 Outlook Express 6.0 安全更新程序 (KB973354) MS09-037
KB956844,  Windows 2000 安全更新程序 (KB956844) MS09-046
KB971961,  Windows 2000 安全更新程序 (KB971961) MS09-045
KB968816,  用于 Windows 2000 的 Windows Media Format Runtime 9 的安全更新程序 (KB968816) MS09-047
KB974455,  Internet Explorer 6 Service Pack 1 累积安全更新程序 (KB974455) MS09-054
KB973525,  用于 Windows 2000 的 ActiveX Killbit 累积安全更新程序 (KB973525) MS09-055
KB954155,  用于 Windows 2000 的 Windows Media Format Runtime 9 的安全更新程序 (KB954155) MS09-051
KB974112,  Windows 2000 安全更新程序 (KB974112) MS09-052
KB958869,  用于 Windows 2000 的 Internet Explorer 6 安全更新程序 (KB958869) MS09-062
KB969059,  Windows 2000 安全更新程序 (KB969059) MS09-057
KB971486,  Windows 2000 安全更新程序 (KB971486) MS09-058
KB974571,  Windows 2000 安全更新程序 (KB974571) MS09-056
KB890830,  Windows 恶意软件删除工具 - 2009 年 10 月 (KB890830)

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

[c:\winnt\system32\rlmktrc.dll]  [@ Microsoft Corporation. All rights reserved., 5.1.2600.2180]
----------------------------------------------------------------------------------------
~~什么东东？你的漏洞好多呀~~

刚装旧版2000,还没升级系统.系统装有sqlserver，但是我装上eav，客户就无法访问数据库，删掉就行了！可是不能没有杀毒软件啊！

[c:\winnt\system32\rlmktrc.dll]  [@ Microsoft Corporation. All rights reserved., 5.1.2600.2180]
----------------------------------------------------------------------------------------
~~什么东东？

我也不清楚，网上也找不到！

~~上传到这里：http://www.virscan.org/  看有多少家能查出来~~

免费杀软———超级巡警，杀毒很绚丽，但加载杀毒引擎很慢，刚开机一分多内，cpu使用率很高~~
敢裸机-------------贝壳木马专杀
360杀毒---------也归免费开机加载也很危险，而且，软件自身稳定性很差