2008-11-25,11:24:47
System Repair Engineer 2.7.0.1210
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows Server 2003 Enterprise Edition Service Pack 2 (Build 3790) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表

==================================
启动文件夹
[2N49BT4N420]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\2N49BT4N420.lnk --> C:\WINDOWS\H9SG9AR9C.exe [File is missing]><H>
[5V0GWXFQHL]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\5V0GWXFQHL.lnk --> C:\WINDOWS\AP4G8E07.exe [File is missing]><H>
[G8Y8A134M2RY]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\G8Y8A134M2RY.lnk --> C:\WINDOWS\T33S4J3W6E.exe [File is missing]><H>
[HSO3Y6]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HSO3Y6.lnk --> C:\WINDOWS\RNT5MIXM5AWA.exe [File is missing]><H>
[IQD850W]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IQD850W.lnk --> C:\WINDOWS\UNIAI.exe [File is missing]><H>
[K0KAR]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\K0KAR.lnk --> C:\WINDOWS\WVOA78IEM2B.exe [File is missing]><H>
[QA0RQOH7SCMO]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\QA0RQOH7SCMO.lnk --> C:\WINDOWS\35TLEPR83W.exe [File is missing]><H>
[SZWKYK4LP3AL]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\SZWKYK4LP3AL.lnk --> C:\WINDOWS\J5W1EJE1Y0.exe [File is missing]><H>
[XCYOQLM]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\XCYOQLM.lnk --> C:\WINDOWS\HRGBG.exe [File is missing]><H>
==================================
服务
[MK8WLM50LSQR / H9SG9AR9C][Stopped/Auto Start]
  <C:\WINDOWS\H9SG9AR9C.exe VYS5GL51NKU><(File is missing)>
[WWF37NP0 / HRGBG][Stopped/Auto Start]
  <C:\WINDOWS\HRGBG.exe 687THRI><(File is missing)>
==================================
驱动程序
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[3HBPIV / QRZGZ6ULF79][Stopped/Manual Start]
  <\??\C:\WINDOWS\GFQE5APK6HGG.txt><N/A>
==================================
浏览器加载项
[wpad.fiyice]
  {2F61969A-836A-433E-AC37-4B46959D1FD4} <C:\WINDOWS\system32\ifxul.dll, N/A>
[lib.ncu]
  {7756F4D0-5A78-4E3C-AE36-BB13EC49C7F9} <C:\WINDOWS\system32\jthnnw.dll, N/A>
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <, >
[wpad.fiyice]
  {2F61969A-836A-433E-AC37-4B46959D1FD4} <C:\WINDOWS\system32\ifxul.dll, N/A>
[]
  {4BB7444F-E4DA-4E02-AAAD-505A0E9855D4} <, >
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[]
  {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <, >
[lib.ncu]
  {7756F4D0-5A78-4E3C-AE36-BB13EC49C7F9} <C:\WINDOWS\system32\jthnnw.dll, N/A>
[]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <, >
[]
  {ACDC15CD-B675-4C7C-86E9-CA92F2DF2896} <, >
[]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <, >
[]
  {C847FDE7-B612-47ED-B32C-4000C9DD26B6} <, >
[]
  {D5DC8911-DCD3-49CE-AE95-8AD512F2D280} <, >
[klx.tchkb]
  {D6D7284A-1F5C-4E64-BA3E-714A982EA867} <C:\WINDOWS\system32\vqioe.dll, N/A>
[]
  {E176B817-4905-4CDF-8C9C-0AF3EA3B4AC7} <, >
[]
  {E176B817-4905-4CDF-8C9C-0AF3EA3B4AC9} <, >
[]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <, >
==================================
正在运行的进程
[PID: 472 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [%SystemRoot%\System32\CScript.exe "%1" %*]
.JS  Error. [%SystemRoot%\System32\CScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
N/A
==================================
计划任务
N/A
==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003D5AA5)
入口点错误：NtCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003D5C45)
入口点错误：NtLoadDriver (危险等级: 高,  被下面模块所HOOK: 0x003D6395)
入口点错误：NtSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003D5D15)
入口点错误：NtWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003D5B75)
入口点错误：ZwCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003D5AA5)
入口点错误：ZwCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003D5C45)
入口点错误：ZwSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003D5D15)
入口点错误：ZwWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003D5B75)
入口点错误：CreateServiceA (危险等级: 高,  被下面模块所HOOK: 0x003D6055)
入口点错误：CreateServiceW (危险等级: 高,  被下面模块所HOOK: 0x003D6125)
入口点错误：LoadLibraryA (危险等级: 高,  被下面模块所HOOK: 0x003D6D55)
入口点错误：LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: 0x003D593D)
入口点错误：CreateFileW (危险等级: 高,  被下面模块所HOOK: 0x003D6875)
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x003D6C85)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x003D6AE5)
==================================
隐藏进程
N/A
==================================