CODE:
2008-11-07,14:41:35

System Repair Engineer 2.7.0.1210
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows Server 2003 "R2" Enterprise Edition Service Pack 2 (Build 3790) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <Persistence><; C:\WINDOWS\system32\igfxpers.exe>  [Intel Corporation]
    <RTHDCPL><; RTHDCPL.EXE>  [Realtek Semiconductor Corp.]
    <HBService32><System.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <DUBA_TOOLS><E:\DubaTool_AutoTroj_Killer14.COM /C>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\xajkzwup.dll>  [File is missing]
    <{70B0129E-726E-4789-A7C0-5DDC33241E94}><70B0129E.dll>  [N/A]
    <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll>  [N/A]
    <{58FF3024-8A83-4B1A-88E9-302F47646EEE}><58FF3024.dll>  [N/A]
    <{F2CBFAC4-6FF9-4DE9-BCB1-0F2FA2AA0B4C}><F2CBFAC4.dll>  [N/A]
    <{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll>  [N/A]
    <{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}><5934EA2B.dll>  [N/A]
    <{3F21AA0C-2A9E-4BE9-9083-9E58AB41BA01}><3F21AA0C.dll>  [N/A]
    <{59964D2B-044A-40AE-8837-0ED9EE8BDA08}><59964D2B.dll>  [N/A]
    <{D7C79813-9233-4AE0-832C-99B2E8019673}><D7C79813.dll>  [N/A]
    <{43ACDCC5-9009-4AF4-B80A-93BC656EF298}><43ACDCC5.dll>  [N/A]
    <{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll>  [N/A]
    <{E3367679-4775-4244-A62E-4CFE58FC850B}><E3367679.dll>  [N/A]
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\quyyqasb.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <xajkzwup.dll><C:\WINDOWS\system32\xajkzwup.dll>  [File is missing]
    <quyyqasb.dll><C:\WINDOWS\system32\quyyqasb.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
    <WinlogonNotify: DfLogon><LogonDll.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\INF\unregmp2.exe /HideWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENADMIN_BASE_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENUSER_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
N/A

==================================
服务
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[DF5Serv / DF5Serv][Running/Auto Start]
  <C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe><Faronics Corporation>
[锐起CGO服务 / GSGIoService][Running/Auto Start]
  <C:\Program Files\Richtech\Rtcgosrv\GSGIOSRV.EXE><RichTech>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k rpcss-->%SystemRoot%\system32\rpcss.dll><N/A>

==================================
驱动程序
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[GSGFDISK / GSGFDISK][Stopped/Manual Start]
  <\??\C:\Program Files\Richtech\Rtcgosrv\GSGFDISK.SYS><RichTech>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IGALIVE / IGALIVE][Running/Auto Start]
  <\??\C:\Program Files\IGALIVE\IGALIVE.sys><N/A>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[RTDLXEXP / RTDLXEXP][Stopped/Manual Start]
  <\??\C:\Program Files\Richtech\DlxpServ\RTDLXEXP.SYS><N/A>
[RTGSGEXP / RTGSGEXP][Running/Manual Start]
  <\??\C:\Program Files\Richtech\Rtcgosrv\RTGSGEXP.SYS><RichTech>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[TQAT_Hooker By FZH / TQAT][Stopped/Manual Start]
  <\??\H:\网络游戏\QQ魔域\TQAT\tqat.sys><N/A>
[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\HBKernel32.sys><N/A>
[aliimz / aliimz][Stopped/Manual Start]
  <System32\Drivers\aliimz.sys><N/A>
[ca99d57 / ca99d57][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ca99d57.sys><N/A>
[d7b49fa / d7b49fa][Running/Manual Start]
  <\??\C:\WINDOWS\system32\d7b49fa.sys><N/A>
[KBaseZS / KBaseZS][Running/Disabled]
  <\??\E:\KBaseZS.sys><N/A>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>

==================================
浏览器加载项
[]
  {3B0087DA-90E3-446D-8C7A-6E61D226D87A} <C:\Program Files\Internet Explorer\VteNt64.987, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {3B0087DA-90E3-446D-8C7A-6E61D226D87A} <C:\Program Files\Internet Explorer\VteNt64.987, N/A>
[]
  {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\FlDbg9c.ocx, (Signed) Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <, >
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[使用迅雷下载]
  <E:\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 1684 / Administrator][C:\WINDOWS\system32\userinit.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\5934EA2B.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
    [C:\WINDOWS\system32\58FF3024.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\F2CBFAC4.dll]  [N/A, ]
    [C:\WINDOWS\system32\D7C79813.dll]  [N/A, ]
    [C:\WINDOWS\system32\59964D2B.dll]  [N/A, ]
    [C:\WINDOWS\system32\DA63E650.dll]  [N/A, ]
    [C:\WINDOWS\system32\70B0129E.dll]  [N/A, ]
    [C:\WINDOWS\system32\43ACDCC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\3F21AA0C.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\quyyqasb.dll]  [N/A, ]
    [C:\WINDOWS\system32\xajkzwup.dll]  [N/A, ]
[PID: 1704 / Administrator][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\5934EA2B.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
    [C:\WINDOWS\system32\58FF3024.dll]  [N/A, ]
    [C:\WINDOWS\system32\alxlin.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\F2CBFAC4.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh18005.dll]  [N/A, ]
    [C:\WINDOWS\system32\D7C79813.dll]  [N/A, ]
    [C:\WINDOWS\system32\xajkzwup.dll]  [N/A, ]
    [C:\WINDOWS\system32\quyyqasb.dll]  [N/A, ]
    [C:\WINDOWS\system32\59964D2B.dll]  [N/A, ]
    [C:\WINDOWS\system32\DA63E650.dll]  [N/A, ]
    [C:\WINDOWS\system32\70B0129E.dll]  [N/A, ]
    [C:\WINDOWS\system32\43ACDCC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh12002.dll]  [N/A, ]
    [C:\WINDOWS\system32\3F21AA0C.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\E3367679.dll]  [N/A, ]
    [E:\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4299]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 2012 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4299]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4299]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4299]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4299]
    [C:\WINDOWS\system32\xajkzwup.dll]  [N/A, ]
    [C:\WINDOWS\system32\quyyqasb.dll]  [N/A, ]
    [C:\WINDOWS\system32\E3367679.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\3F21AA0C.dll]  [N/A, ]
    [C:\WINDOWS\system32\43ACDCC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\70B0129E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DA63E650.dll]  [N/A, ]
    [C:\WINDOWS\system32\59964D2B.dll]  [N/A, ]
    [C:\WINDOWS\system32\D7C79813.dll]  [N/A, ]
    [C:\WINDOWS\system32\F2CBFAC4.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\58FF3024.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
[PID: 2028 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\58FF3024.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
    [C:\WINDOWS\system32\F2CBFAC4.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\xajkzwup.dll]  [N/A, ]
    [C:\WINDOWS\system32\quyyqasb.dll]  [N/A, ]
    [C:\WINDOWS\system32\DA63E650.dll]  [N/A, ]
    [C:\WINDOWS\system32\59964D2B.dll]  [N/A, ]
    [C:\WINDOWS\system32\D7C79813.dll]  [N/A, ]
    [C:\WINDOWS\system32\70B0129E.dll]  [N/A, ]
    [C:\WINDOWS\system32\43ACDCC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\3F21AA0C.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\E3367679.dll]  [N/A, ]
[PID: 1080 / Administrator][C:\WINDOWS\system32\System.exe]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\5934EA2B.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
    [C:\WINDOWS\system32\58FF3024.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\F2CBFAC4.dll]  [N/A, ]
    [C:\WINDOWS\system32\D7C79813.dll]  [N/A, ]
    [C:\WINDOWS\system32\xajkzwup.dll]  [N/A, ]
    [C:\WINDOWS\system32\quyyqasb.dll]  [N/A, ]
    [C:\WINDOWS\system32\59964D2B.dll]  [N/A, ]
    [C:\WINDOWS\system32\DA63E650.dll]  [N/A, ]
    [C:\WINDOWS\system32\70B0129E.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\43ACDCC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\3F21AA0C.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\E3367679.dll]  [N/A, ]
[PID: 1400 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\xajkzwup.dll]  [N/A, ]
    [C:\WINDOWS\system32\quyyqasb.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\E3367679.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\3F21AA0C.dll]  [N/A, ]
    [C:\WINDOWS\system32\43ACDCC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\70B0129E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DA63E650.dll]  [N/A, ]
    [C:\WINDOWS\system32\59964D2B.dll]  [N/A, ]
    [C:\WINDOWS\system32\D7C79813.dll]  [N/A, ]
    [C:\WINDOWS\system32\F2CBFAC4.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\58FF3024.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
[PID: 2344 / Administrator][C:\WINDOWS\system32\meyotmek.exe]  [N/A, ]
[PID: 2136 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [E:\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 3400 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1232 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 3496 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.500\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 2240 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.500\SRE6b2fc24e.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\Program Files\Internet Explorer\VteNt64.987]  [N/A, ]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.500\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
[file]
open=y
url1=http://down.cvz2.cn/hb/0.exe
url2=http://down.cvz2.cn/hb/100.exe
url3=http://down.cvz2.cn/hb/2.exe
url4=http://down.cvz2.cn/hb/3.exe
url5=http://down.cvz2.cn/hb/4.exe
url6=http://down.cvz2.cn/hb/5.exe
url7=http://down.cvz2.cn/hb/6.exe
url8=http://down.cvz2.cn/hb/7.exe
url9=http://down.cvz2.cn/hb/8.exe
url10=http://down.cvz2.cn/hb/9.exe
url11=http://down.cvz2.cn/hb/10.exe
url12=http://down.cvz2.cn/hb/11.exe
url13=http://down.cvz2.cn/hb/12.exe
url14=http://down.cvz2.cn/hb/13.exe
url15=http://down.cvz2.cn/hb/14.exe
url16=http://down.cvz2.cn/hb/15.exe
url17=http://down.cvz2.cn/hb/16.exe
url18=http://down.cvz2.cn/hb/17.exe
url19=http://down.cvz2.cn/hb/18.exe
url20=http://down.cvz2.cn/hb/19.exe
url21=http://down.cvz2.cn/hb/20.exe
url22=http://down.cvz2.cn/hb/21.exe
url23=http://down.cvz2.cn/hb/22.exe
url24=http://down.cvz2.cn/hb/23.exe
url25=http://down.cvz2.cn/hb/24.exe
url26=http://down.cvz2.cn/hb/25.exe
url27=http://down.cvz2.cn/hb/27.exe
url28=http://down.cvz2.cn/hb/28.exe
url29=http://down.cvz2.cn/hb/29.exe
url30=http://down.cvz2.cn/hb/30.exe
url31=http://down.cvz2.cn/hb/31.exe
url32=http://down.cvz2.cn/hb/32.exe
url33=http://down.cvz2.cn/hb/33.exe
url34=http://down.cvz2.cn/hb/26.exe
url35=http://down.cvz2.cn/hb/34.exe
count=35

==================================
进程特权扫描
N/A

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================