我电脑中了backdoor.gpigeon.zit病毒,被感染了18个文件.瑞星正版杀毒软件

每次也杀不掉.瑞星内存监控小伞也打不开了.帮小妹一下吧.多谢大哥了.

2006-08-03,22:42:44

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<DrvMon.exe><C:\WINNT\system32\DrvMon.exe> [Alcor Micro, Corp.]
<ctfmon.exe><ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Avance Logic, Inc.]
<IgfxTray><C:\WINNT\System32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><C:\WINNT\System32\hkcmd.exe> [Intel Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<dddclient><C:\Program Files\DuDu\DddClient\DuDuAccsvc.exe> []
<CnsMin><Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<helper.dll><C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<PCTVOICE><pctspk.exe> []
<CountrySelection><pctptt.exe> [PCtel, Inc.]
<dl_accel><C:\Program Files\3721\Dlaccel\YDownloader.exe> [北京三七二一科技有限公司]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo!]
<System Manager><C:\WINNT\svchost.exe> []
<spoolsv><> []
<RavTask><"D:\瑞星软件包\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINNT\DOWNLO~1\CnsHook.dll> [北京三七二一科技有限公司]
<{9C49042D-D3EE-4DEF-9B25-17EFC27A7C7A}><C:\WINNT\system32\Qbgwyw.dll> []

==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>




发贴时间:2006-8-4 15:32:44
√Tom-Skype全球免费网络通话，可多方会谈，比传统电话还清晰。

 

==================================
服务
[C-DillaSrv / C-DillaSrv]
<C:\WINNT\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[PCtel speaker phone / pctspk]
<System32\pctspk.exe><>
[Rising Process Communication Center / RsCCenter]
<"D:\瑞星软件包\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\瑞星软件包\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Ulead Burning Helper / UleadBurningHelper]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
浏览器加载项
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4559.dll, Microsoft Corporation>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINNT\IEYHelper.dll, Eastday Corporation>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, >
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\DOCUME~1\user\LOCALS~1\Temp\SSLive.dll, TENCENT>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[]
{9C49042D-D3EE-4DEF-9B25-17EFC27A7C7A} <C:\WINNT\system32\Qbgwyw.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINNT\estAlive.dll, N/A>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINNT\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[比较购物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINNT\YayaBands.dll, Eastday Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[AddSHCARoot Control]
{098A3F72-3110-4004-B954-2F9DC44934B4} <C:\WINNT\DOWNLO~1\ADDCAR~1.OCX, SHECA>
[Autodesk MapGuide ActiveX Control]
{62789780-B744-11D0-986B-00609731A21D} <C:\WINNT\Downloaded Program Files\MgAxCtrl.dll, Autodesk Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\swflash.ocx, N/A>
[VqqSpeedDlProxy Class]
{F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINNT\vqqsdl.dll, Tencent>
[&使用下载加速专家下载]
<C:\Program Files\3721\Dlaccel\geturl.htm, N/A>
[上传到QQ网络硬盘]
<E:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&x)]
<res://D:\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<E:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================




发贴时间:2006-8-4 15:35:42
√Tom-Skype全球免费网络通话，可多方会谈，比传统电话还清晰。

服务
[C-DillaSrv / C-DillaSrv]
<C:\WINNT\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[PCtel speaker phone / pctspk]
<System32\pctspk.exe><>
[Rising Process Communication Center / RsCCenter]
<"D:\瑞星软件包\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\瑞星软件包\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Ulead Burning Helper / UleadBurningHelper]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
浏览器加载项
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4559.dll, Microsoft Corporation>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINNT\IEYHelper.dll, Eastday Corporation>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, >
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\DOCUME~1\user\LOCALS~1\Temp\SSLive.dll, TENCENT>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[]
{9C49042D-D3EE-4DEF-9B25-17EFC27A7C7A} <C:\WINNT\system32\Qbgwyw.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINNT\estAlive.dll, N/A>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINNT\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[比较购物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINNT\YayaBands.dll, Eastday Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[AddSHCARoot Control]
{098A3F72-3110-4004-B954-2F9DC44934B4} <C:\WINNT\DOWNLO~1\ADDCAR~1.OCX, SHECA>
[Autodesk MapGuide ActiveX Control]
{62789780-B744-11D0-986B-00609731A21D} <C:\WINNT\Downloaded Program Files\MgAxCtrl.dll, Autodesk Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\swflash.ocx, N/A>
[VqqSpeedDlProxy Class]
{F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINNT\vqqsdl.dll, Tencent>
[&使用下载加速专家下载]
<C:\Program Files\3721\Dlaccel\geturl.htm, N/A>
[上传到QQ网络硬盘]
<E:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&x)]
<res://D:\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<E:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================




发贴时间:2006-8-4 15:38:23
√使用卡卡上网安全助手，帮你扫除流氓软件、抵挡恶意网站！

多谢大哥你,我昨天用了超级兔子在"安全模式"下进行处理,后面显示"已安装"的垃圾软件被清除掉了,但还有好多显示"没有找到"的垃圾软件就清除不掉了.
    我清除完后,不知道点什么地方才可以扫描出日记.所以还不能给你看到结果.
  请大哥再帮了一下吧.

[Main]
Program=超级兔子IE修复专家
Version=V7.75
WindowsVersion=Windows 2000
IEVersion=5.00.3700.1000
WinDir=C:\WINNT\
WinSystemDir=C:\WINNT\system32\
USERPROFILE=C:\Documents and Settings\user
Admin=1
Detail=1
Date=2006-08-12
Time=23:18:02
Code=,
CDCode=,
Reg=0

[Soft]
Max=0

[IE]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Main
1_Name=Window Title
1_Value=Microsoft Internet Explorer
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Main
2_Name=Local Page
2_Value=about:blank
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Main
3_Name=Search Page
3_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Main
4_Name=Start Page
4_Value=http://www.haokan123.com/
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Main
5_Name=Default_page_url
5_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\Main
6_Name=First Home Page
6_Value=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Internet Explorer\Main
7_Name=Search Page
7_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Internet Explorer\Main
8_Name=Start Page
8_Value=about:blank
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Internet Explorer\Main
9_Name=Default_page_url
9_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Internet Explorer\Main
10_Name=First Home Page
10_Value=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Internet Explorer\Main
11_Name=Search Page
11_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Internet Explorer\Main
12_Name=Start Page
12_Value=about:blank
Max=12

[IE2]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
1_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
1_FileName=%SystemRoot%\System32\browseui.dll
1_FileSize=792848
1_FileDate=2005-4-27 11:37:08
1_FileVersion=5.0.3828.2700
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
2_Name={0E5CBF21-D15F-11D0-8301-00AA005B4383}
2_FileName=%SystemRoot%\System32\browseui.dll
2_FileSize=792848
2_FileDate=2005-4-27 11:37:08
2_FileVersion=5.0.3828.2700
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
3_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
3_FileName=%SystemRoot%\System32\browseui.dll
3_FileSize=792848
3_FileDate=2005-4-27 11:37:08
3_FileVersion=5.0.3828.2700
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
4_Name={0E5CBF21-D15F-11D0-8301-00AA005B4383}
4_FileName=%SystemRoot%\System32\browseui.dll
4_FileSize=792848
4_FileDate=2005-4-27 11:37:08
4_FileVersion=5.0.3828.2700
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Internet Explorer\Toolbar
5_Name={8E718888-423F-11D2-876E-00A0C9082467}
5_FileName=C:\WINNT\System32\msdxm.ocx
5_FileSize=844560
5_FileDate=2005-6-3 22:18:26
5_FileVersion=6.4.9.1129
Max=5

[IE3]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\MenuExt\上传到QQ网络硬盘
1_FileName=E:\Program Files\Tencent\QQ\AddToNetDisk.htm
1_FileVersion=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Excel(&x)
2_FileName=res://D:\MICROS~1\Office10\EXCEL.EXE/3000
2_FileVersion=
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ自定义面板
3_FileName=E:\Program Files\Tencent\QQ\AddPanel.htm
3_FileVersion=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ表情
4_FileName=E:\Program Files\Tencent\QQ\AddEmotion.htm
4_FileVersion=
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\MenuExt\用QQ彩信发送该图片
5_FileName=E:\Program Files\Tencent\QQ\SendMMS.htm
5_FileVersion=
6_HKey=HKEY_LOCAL_MACHINE

6_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
6_Clsid={1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
6_ButtonText=@shdoclc.dll,-866
6_MenuText=@shdoclc.dll,-864
6_FileName=%SystemRoot%\web\related.htm
6_FileSize=642
6_FileDate=2000-1-10 12:00:00
6_FileVersion=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157b}
7_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
7_ButtonText=QQ
7_MenuText=腾讯QQ
7_FileName=
7_FileVersion=
8_HKey=HKEY_CURRENT_USER
8_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
8_Clsid=
8_ButtonText=
8_MenuText=
8_FileName=
8_FileVersion=
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes
9_Download=file://C:\WINNT\Java\classes\dajava.cab
9_FileName=
9_FileVersion=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java
10_Download=file://C:\WINNT\Java\classes\xmldso.cab
10_FileName=
10_FileVersion=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{098A3F72-3110-4004-B954-2F9DC44934B4}
11_Download=http://vchat.dgnet.net/AddSHCARootCert.cab
11_FileName=C:\WINNT\Downloaded Program Files\addcaroot.inf
11_FileSize=161
11_FileDate=2001-11-14 16:15:04
11_FileVersion=
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62789780-B744-11D0-986B-00609731A21D}
12_Download=http://219.133.46.45/mgaxctrl.cab
12_FileName=C:\WINNT\Downloaded Program Files\MgAxCtrl.inf
12_FileSize=158
12_FileDate=2000-6-30 20:18:44
12_FileVersion=
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
13_Download=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
13_FileName=C:\WINNT\Downloaded Program Files\swflash.inf
13_FileSize=3759
13_FileDate=2003-12-8 13:58:16
13_FileVersion=
14_HKey=HKEY_LOCAL_MACHINE
14_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F138084D-84D7-48CD-BEA8-04772457516E}
14_Download=http://218.85.138.27/vqqsdl1009.cab
14_FileName=C:\WINNT\Downloaded Program Files\vqqsdl.inf
14_FileSize=346
14_FileDate=2005-4-5 14:59:26
14_FileVersion=
15_HKey=HKEY_LOCAL_MACHINE
15_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AC69278-CF81-4B2F-8FEC-C810C93F2EC5}
15_NameServer=
15_Clsid=
15_FileName=
15_FileVersion=
16_HKey=HKEY_LOCAL_MACHINE
16_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ADCEC7D7-F26E-4B7E-9ED5-C3E76E69B498}
16_NameServer=
16_Clsid=
16_FileName=
16_FileVersion=
17_HKey=HKEY_LOCAL_MACHINE
17_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B1CD7718-EA65-42F1-B684-361C3E0A0775}
17_NameServer=
17_Clsid=
17_FileName=
17_FileVersion=
18_HKey=HKEY_LOCAL_MACHINE
18_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D10726A6-D55C-4035-AB82-2F8EA5832944}
18_NameServer=
18_Clsid=
18_FileName=
18_FileVersion=
19_HKey=HKEY_LOCAL_MACHINE
19_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DCB92FE8-6E79-4611-A080-CB16F394909B}
19_NameServer=
19_Clsid=
19_FileName=
19_FileVersion=
20_HKey=HKEY_LOCAL_MACHINE
20_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1D09F11-2497-422E-871D-8A983E216DBD}
20_NameServer=
20_Clsid=
20_FileName=
20_FileVersion=
Max=20

[Link]
1_HKey=HKEY_CLASSES_ROOT
1_Key=.exe
1_Name=
1_Value=exefile
1_HKeyLink=HKEY_CLASSES_ROOT
1_KeyLink=exefile\shell\open\command
1_NameLink=
1_ValueLink="%1" %*
2_HKey=HKEY_CLASSES_ROOT
2_Key=.com
2_Name=
2_Value=comfile
2_HKeyLink=HKEY_CLASSES_ROOT
2_KeyLink=comfile\shell\open\command
2_NameLink=
2_ValueLink="%1" %*
3_HKey=HKEY_CLASSES_ROOT
3_Key=.lnk
3_Name=
3_Value=lnkfile
3_HKeyLink=HKEY_CLASSES_ROOT
3_KeyLink=lnkfile\CLSID
3_NameLink=
3_ValueLink={00021401-0000-0000-C000-000000000046}
4_HKey=HKEY_CLASSES_ROOT
4_Key=.txt
4_Name=
4_Value=txtfile
4_HKeyLink=HKEY_CLASSES_ROOT
4_KeyLink=txtfile\shell\open\command
4_NameLink=
4_ValueLink=%SystemRoot%\system32\NOTEPAD.EXE %1
4_FileSizeLink=50960
4_FileDateLink=2000-1-10 12:00:00
4_FileVersionLink=5.0.2140.1
5_HKey=HKEY_CLASSES_ROOT
5_Key=.htm
5_Name=
5_Value=htmlfile
5_HKeyLink=HKEY_CLASSES_ROOT
5_KeyLink=htmlfile\shell\open\command
5_NameLink=
5_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
5_FileSizeLink=60688
5_FileDateLink=2000-1-10 20:00:00
5_FileVersionLink=5.0.2920.0
6_HKey=HKEY_CLASSES_ROOT
6_Key=.html
6_Name=
6_Value=htmlfile
6_HKeyLink=HKEY_CLASSES_ROOT
6_KeyLink=htmlfile\shell\open\command
6_NameLink=
6_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
6_FileSizeLink=60688
6_FileDateLink=2000-1-10 20:00:00
6_FileVersionLink=5.0.2920.0
7_HKey=HKEY_CLASSES_ROOT
7_Key=.url
7_Name=
7_Value=InternetShortcut
7_HKeyLink=HKEY_CLASSES_ROOT
7_KeyLink=InternetShortcut\shell\open\command
7_NameLink=
7_ValueLink=rundll32.exe shdocvw.dll,OpenURL %l
8_HKey=HKEY_CLASSES_ROOT
8_Key=PROTOCOLS\Filter\text/html
8_Name=CLSID
8_Value=
9_HKey=HKEY_CLASSES_ROOT
9_Key=PROTOCOLS\Filter\text/plain
9_Name=CLSID
9_Value=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
10_Name=
10_Value=http://
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
11_Name=www
11_Value=http://
Max=11

[Shdoclc]
1_FileSize=332288
1_FileDate=2003-6-19 12:05:04
1_FileVersion=5.0.3700.6668
Max=1

[AppInit_DLLs]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
1_Name=AppInit_DLLs
1_Value=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2_Name=Userinit
2_Value=C:\WINNT\system32\userinit.exe,
2_FileSize=17680
2_FileDate=2003-6-19 12:05:04
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
3_Name=Shell
3_Value=Explorer.exe
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4_Name=System
3_Value=
Max=4

[WinSock2NameSpace]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
1_Name=DisplayString
1_Value=Tcpip
1_Enabled=1
1_LibraryPath=%SystemRoot%\System32\rnr20.dll
1_FileSize=36624
1_FileDate=2003-6-19 12:05:04
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2_Name=DisplayString
2_Value=NTDS
2_Enabled=1
2_LibraryPath=%SystemRoot%\System32\winrnr.dll
2_FileSize=19216
2_FileDate=2000-1-10 12:00:00
Max=2

[WinSock2Protocol]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
1_Name=PackedCatalogItem
1_FileName=%SystemRoot%\system32\msafd.dll
1_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                  f       ?诧?谑￡往??
                 
          MSAFD Tcpip [TCP/IP]                                                                                                                                                                                                                                           
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2_Name=PackedCatalogItem
2_FileName=%SystemRoot%\system32\msafd.dll
2_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                  ?       ?诧?谑￡往??
                         ?  ?匀????吀挀瀀椀瀀?嬀唀?倀??倀崀                                                                                                                                                                                                                                           
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
3_Name=PackedCatalogItem
3_FileName=%SystemRoot%\system32\msafd.dll
3_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                  ?      ?诧?谑￡往??
                    ?    ?  ?匀????吀挀瀀椀瀀?嬀刀?圀??倀崀                                                                                                                                                                                                                                           
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
4_Name=PackedCatalogItem

4_FileName=%SystemRoot%\system32\rsvpsp.dll
4_Value=??? ??? 礀?????沗硦 ??   ā  ?? ??? ??? ??? ??? ??　 ??? ??? ??? ??? ??? 尀??尀??尀圀?一一吀尀瀀渀瀀氀漀最?琀砀琀                  ??      ? 悩窝?袽 苀髦?ā ??i ???i ??i
? ? ? ? ? ?      ?  RSVP UDP Service Provider  营矸4??菽矙? 搀?  营矸  ??艄矙  ?槖? ?  ?矼????蠀?  \Device\{D10726A6-D55C-4035-AB82-2F8EA5832944} 8EA5832944}  耇?錇??
????脋矙?  ??胑矙?騇???杌様  ?????矙芠矙????蛬矙? ???矼?矼耇樰栿?  rt??  ??岏槗耀??  ?????????様  ???SYSTEM\CurrentCont
?
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
5_Name=PackedCatalogItem
5_FileName=%SystemRoot%\system32\rsvpsp.dll
5_Value=??? ??? 礀?????沗硦 ??   ā  ?? ??? ??? ??? ??? ??　 ??? ??? ??? ??? ??? 尀??尀??尀圀?一一吀尀瀀渀瀀氀漀最?琀砀琀                  昀?      ? 悩窝?袽 苀髦?ā 欀搀????? ??耇 ? ? ? ? ā ?          刀匀嘀倀?吀?倀?匀攀爀瘀椀挀攀?倀爀漀瘀椀搀攀爀 ???????标??万?i ????槈吿??矼?矼耇??????麗????鶧矻 ?  ???矼 ?矼??矼
????
 ?脀??  ????????? ??闘??????
?? ā?? ??ā?鶧矻? ??〇??  ??艄矙  ?? ???矼 ? ?  ???矼 ?矼??矼?  栀?      ?鴇??
吀? ?? ?  栀??様?　?  ????昀 ā?
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
6_Name=PackedCatalogItem
6_FileName=%SystemRoot%\system32\msafd.dll
6_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                         ?赟???耀?銡?ā              ? ? ? ? ?  ?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCB92FE8-6E79-4611-A080-CB16F394909B}] SEQPACKET 0                                                                                                                                                                         
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
7_Name=PackedCatalogItem
7_FileName=%SystemRoot%\system32\msafd.dll
7_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                  ?       ?赟???耀?銡?ā              ? ? ? ? ?  ?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCB92FE8-6E79-4611-A080-CB16F394909B}] DATAGRAM 0                                                                                                                                                                         
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
8_Name=PackedCatalogItem
8_FileName=%SystemRoot%\system32\msafd.dll
8_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                          ?赟???耀?銡?ā              ? ? ? ? ? ???        MSAFD NetBIOS [\Device\NetBT_Tcpip_{D10726A6-D55C-4035-AB82-2F8EA5832944}] SEQPACKET 1                                                                                                                                                                         
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
9_Name=PackedCatalogItem
9_FileName=%SystemRoot%\system32\msafd.dll
9_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                  ?        ?赟???耀?銡?
                   ??        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀??　????????????　????????????????????紀崀???吀??刀????                                                                                                                                                                         
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
10_Name=PackedCatalogItem
10_FileName=%SystemRoot%\system32\msafd.dll
10_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                          ?赟???耀?銡?
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1CD7718-EA65-42F1-B684-361C3E0A0775}] SEQPACKET 2                                                                                                                                                                         
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
11_Name=PackedCatalogItem
11_FileName=%SystemRoot%\system32\msafd.dll
11_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                  ?        ?赟???耀?銡Ё
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1CD7718-EA65-42F1-B684-361C3E0A0775}] DATAGRAM 2                                                                                                                                                                         
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
12_Name=PackedCatalogItem
12_FileName=%SystemRoot%\system32\msafd.dll
12_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                          ?赟???耀?銡?
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{7AC69278-CF81-4B2F-8FEC-C810C93F2EC5}] SEQPACKET 3                                                                                                                                                                         
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
13_Name=PackedCatalogItem
13_FileName=%SystemRoot%\system32\msafd.dll
13_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                  ?        ?赟???耀?銡?
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{7AC69278-CF81-4B2F-8FEC-C810C93F2EC5}] DATAGRAM 3                                                                                                                                                                         
14_HKey=HKEY_LOCAL_MACHINE
14_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
14_Name=PackedCatalogItem
14_FileName=%SystemRoot%\system32\msafd.dll
14_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                          ?赟???耀?銡?
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1D09F11-2497-422E-871D-8A983E216DBD}] SEQPACKET 4                                                                                                                                                                         
15_HKey=HKEY_LOCAL_MACHINE
15_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
15_Name=PackedCatalogItem
15_FileName=%SystemRoot%\system32\msafd.dll
15_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                  ?        ?赟???耀?銡?
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1D09F11-2497-422E-871D-8A983E216DBD}] DATAGRAM 4                                                                                                                                                                         
16_HKey=HKEY_LOCAL_MACHINE
16_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
16_Name=PackedCatalogItem
16_FileName=%SystemRoot%\system32\msafd.dll
16_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @ \??\C:\WINNT\pnplog.txt                          ?赟???耀?銡?
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADCEC7D7-F26E-4B7E-9ED5-C3E76E69B498}] SEQPACKET 5                                                                                                                                                                         
17_HKey=HKEY_LOCAL_MACHINE
17_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
17_Name=PackedCatalogItem
17_FileName=%SystemRoot%\system32\msafd.dll
17_Value= ??
#?
y?
"F韄晬x吀??  ā
  蠀?# & ( * - 0 3 6 : = @

\C:\WINNT\pnplog.txt                  ?        ?赟???耀?銡?
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADCEC7D7-F26E-4B7E-9ED5-C3E76E69B498}] DATAGRAM 5                                                                                                                                                                         
Max=17

[WinSock2Winsock]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=System\CurrentControlSet\Services\Winsock2\Winsock
1_Name=PathName
1_Value=
1_Found=0
Max=1

[WOW]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\WOW
1_Name=cmdline
1_Value=%SystemRoot%\system32\ntvdm.exe -o
1_Filename=C:\WINNT\SYSTEM32\NTVDM.EXE
1_FileSize=399120
1_FileDate=2005-6-3 20:00:46
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Control\WOW
2_Name=wowcmdline
2_Value=%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
2_Filename=C:\WINNT\SYSTEM32\NTVDM.EXE
2_FileSize=399120
2_FileDate=2005-6-3 20:00:46
Max=2

[ShellExecuteHooks]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1_Name={AEB6717E-7E19-11d0-97EE-00C04FD91972}
1_ClsidName=URL 执行挂钩
1_FileName=C:\WINNT\system32\shell32.dll
1_FileSize=2361616
1_FileDate=2006-3-23 14:53:34
Max=1

[ShellServiceObjectDelayLoad]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1_Name=Network.ConnectionTray
1_Value={7007ACCF-3202-11D1-AAD2-00805FC1270E}
1_ClsidName=Network Connections Tray
1_FileName=C:\WINNT\system32\NETSHELL.dll
1_FileSize=477456
1_FileDate=2003-6-19 12:05:04
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
2_Name=WebCheck
2_Value={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
2_ClsidName=WebCheck
2_FileName=%SystemRoot%\system32\webcheck.dll
2_FileSize=257808
2_FileDate=2003-6-19 12:05:04
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
3_Name=SysTray
3_Value={35CEC8A3-2BE6-11D2-8773-92E220524153}
3_ClsidName=SysTray
3_FileName=C:\WINNT\system32\stobject.dll
3_FileSize=81168
3_FileDate=2003-6-19 12:05:04
Max=3

[SharedTaskScheduler]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1_Name={438755C2-A8BA-11D1-B96B-00A0C90312E1}
1_Value=Browseui preloader
1_FileName=%SystemRoot%\System32\browseui.dll
1_FileSize=792848
1_FileDate=2005-4-27 11:37:08
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
2_Name={8C7461EF-2B13-11d2-BE35-3078302C2030}
2_Value=Component Categories cache daemon
2_FileName=%SystemRoot%\System32\browseui.dll
2_FileSize=792848
2_FileDate=2005-4-27 11:37:08
Max=2

[ProtocolDefaults]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
1_Name=http
1_Value=3
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2_Name=https
2_Value=3
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
3_Name=ftp
3_Value=3
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
4_Name=file
4_Value=3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
5_Name=@ivt
5_Value=1
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
6_Name=shell
6_Value=0
Max=6

[BootExecute]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\Session Manager
1_Name=BootExecute
1_Value=autocheck autochk *
Max=1

[AutoRun]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=Software\Microsoft\Windows\CurrentVersion\Run
1_Name=Synchronization Manager
1_Value=mobsync.exe /logon
1_FileSize=111376
1_FileDate=2003-6-19 12:05:04
1_FileVersion=5.0.2195.6627
2_HKey=HKEY_LOCAL_MACHINE
2_Key=Software\Microsoft\Windows\CurrentVersion\Run
2_Name=SoundMan
2_Value=soundman.exe
2_FileSize=46592
2_FileDate=2002-9-11 10:57:20
2_FileVersion=5.0.0.7
3_HKey=HKEY_LOCAL_MACHINE
3_Key=Software\Microsoft\Windows\CurrentVersion\Run
3_Name=IgfxTray
3_Value=c:\winnt\system32\igfxtray.exe
3_FileSize=155648
3_FileDate=2003-1-24 0:17:02
3_FileVersion=3.0.0.2039
4_HKey=HKEY_LOCAL_MACHINE
4_Key=Software\Microsoft\Windows\CurrentVersion\Run
4_Name=HotKeysCmds
4_Value=c:\winnt\system32\hkcmd.exe
4_FileSize=114688
4_FileDate=2003-1-24 0:05:06
4_FileVersion=3.0.0.2039
5_HKey=HKEY_LOCAL_MACHINE
5_Key=Software\Microsoft\Windows\CurrentVersion\Run
5_Name=TkBellExe
5_Value="c:\program files\common files\real\update_ob\realsched.exe" -osboot
5_FileSize=151597
5_FileDate=2003-2-4 12:00:14
5_FileVersion=0.1.0.1622
6_HKey=HKEY_LOCAL_MACHINE
6_Key=Software\Microsoft\Windows\CurrentVersion\Run
6_Name=PCTVOICE
6_Value=pctspk.exe
6_FileSize=163840
6_FileDate=2002-12-4 17:54:48
6_FileVersion=1.0.0.1
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Windows\CurrentVersion\Run
7_Name=CountrySelection
7_Value=pctptt.exe
7_FileSize=68096
7_FileDate=2002-12-4 17:54:44
7_FileVersion=1.0.0.0
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Windows\CurrentVersion\Run
8_Name=RavTask
8_Value="e:\万鑫\rising\rav\ravtask.exe" -system
8_FileSize=114688
8_FileDate=2006-8-12 20:13:02
8_FileVersion=18.0.0.22
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
9_Name=load
9_Value=
10_HKey=HKEY_CURRENT_USER
10_Key=Software\Microsoft\Windows\CurrentVersion\Run
10_Name=DrvMon.exe
10_Value=c:\winnt\system32\drvmon.exe
10_FileSize=53248
10_FileDate=2004-9-10 10:16:58
10_FileVersion=1.0.0.9
11_HKey=HKEY_CURRENT_USER
11_Key=Software\Microsoft\Windows\CurrentVersion\Run
11_Name=ctfmon.exe
11_Value=ctfmon.exe
11_FileSize=8192
11_FileDate=2001-2-20 5:09:54
11_FileVersion=5.1.2409.7
12_HKey=HKEY_CURRENT_USER
12_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
12_Name=load
12_Value=
Max=12

[ModuleUsage]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/AcDcToday.ocx
1_Name=.Owner
1_Value={78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}
1_Clsid=AcDcToday 控件

1_FileName=C:\WINNT\Downloaded Program Files\AcDcToday.ocx
1_FileSize=54896
1_FileDate=2001-5-21 22:22:12
1_FileVersion=15.0.6.30
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/AcPreview.ocx
2_Name=.Owner
2_Value={F281A59C-7B65-11D3-8617-0010830243BD}
2_Clsid=AcPreview 控件
2_FileName=C:\WINNT\Downloaded Program Files\AcPreview.ocx
2_FileSize=120440
2_FileDate=2001-5-21 22:22:04
2_FileVersion=15.0.6.30
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/addcaroot.ocx
3_Name=.Owner
3_Value={098A3F72-3110-4004-B954-2F9DC44934B4}
3_Clsid=AddSHCARoot Control
3_FileName=C:\WINNT\Downloaded Program Files\addcaroot.ocx
3_FileSize=49152
3_FileDate=2001-11-14 16:10:14
3_FileVersion=1.0.0.1
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/blueskyvoice.ocx
4_Name=.Owner
4_Value={BA0F088C-72C1-475A-92F8-42391DEF6961}
4_Clsid=Blueskyvoice Control
4_FileName=C:\WINNT\Downloaded Program Files\blueskyvoice.ocx
4_FileSize=208896
4_FileDate=2004-4-3 15:56:00
4_FileVersion=2.6.0.0
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/blueskyvoicemulti.ocx
5_Name=.Owner
5_Value={991481A7-4669-4E15-8C24-100404E1F5CB}
5_Clsid=Blueskyvoice Control
5_FileName=C:\WINNT\Downloaded Program Files\blueskyvoicemulti.ocx
5_FileSize=1269760
5_FileDate=2004-11-28 15:52:10
5_FileVersion=6.0.0.43
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/dddspocx.dll
6_Name=.Owner
6_Value={8135EF31-FE8C-4C6E-A18A-F59944C3A488}
6_Clsid=
6_FileName=C:\WINNT\Downloaded Program Files\dddspocx.dll
6_FileVersion=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/filetran.ocx
7_Name=.Owner
7_Value={88734439-46D0-42C0-A13F-7E881EE550CF}
7_Clsid=Filetran Control
7_FileName=C:\WINNT\Downloaded Program Files\filetran.ocx
7_FileSize=126976
7_FileDate=2005-6-20 16:17:46
7_FileVersion=1.0.0.5
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/InstBanr.ocx
8_Name=.Owner
8_Value={AE563722-B4F5-11D4-A415-00108302FDFD}
8_Clsid=NOXLATE-BANR
8_FileName=C:\WINNT\Downloaded Program Files\InstBanr.ocx
8_FileSize=116280
8_FileDate=2001-5-21 22:22:14
8_FileVersion=1.0.0.15
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/InstFred.ocx
9_Name=.Owner
9_Value={1F831FA1-42FC-11D4-95A6-0080AD30DCE1}
9_Clsid=InstaFred
9_FileName=C:\WINNT\Downloaded Program Files\InstFred.ocx
9_FileSize=284216
9_FileDate=2001-5-21 22:22:12
9_FileVersion=1.0.3.13
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MgAxCtrl.dll
10_Name=.Owner
10_Value={62789780-B744-11D0-986B-00609731A21D}
10_Clsid=Autodesk MapGuide ActiveX Control
10_FileName=C:\WINNT\Downloaded Program Files\MgAxCtrl.dll
10_FileSize=3187104
10_FileDate=2000-6-30 20:20:34
10_FileVersion=5.0.4.5
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/NMGameX.dll
11_Name=.Owner
11_Value={CD1A82F2-3770-4509-8355-0D2F45158F21}
11_Clsid=
11_FileName=C:\WINNT\Downloaded Program Files\NMGameX.dll
11_FileSize=77824
11_FileDate=2004-8-18 10:35:34
11_FileVersion=1.0.1.2
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/v2.ocx
12_Name=.Owner
12_Value={2EA6D939-4445-43F1-A12

一些"已安装"的.就可以删掉,但其它的就删不掉.而且瑞星杀毒的删掉了后又安装,那序列号与ID号输入后就无法安装成功了.只能查毒.小伞还是打不开.