这几天我回家发现速度下滑,后来运行SSM才发现中了传奇龙!!!
帮帮忙!我发现了窃听文件C:\Documents and Settings\tmwl\Local Settings\Temp\z9dl8.dll  我也运行不了SREng.没有授权号!只能用别的扫下报告..我敢说这个是变异的
F2 - REG:system.ini: Shell=Explorer.exe 1
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QQ] D:\Program Files\Tencent\QQ\QQ.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pyjj] C:\Program Files\jj4\jjsvr4.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 百度首页 - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://baidu.com/index.php?tn=bainiudg (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra 'Tools' menuitem: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O11 - Options group: [!ANetSpeeder]  NetSpeeder
O11 - Options group: [!IESearch] 百度搜索伴侣
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143347706486
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF7CB9FB-1255-41E8-A7C9-BEAA3C88449B}: NameServer = 202.98.0.68,202.98.5.68
O20 - Winlogon Notify: System Safety Monitor - SSMWinlogonEx.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Routing and Remote SqlServer (Remote SQL) - Unknown owner - C:\WINDOWS\system32\su.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell           

+ 1            File not found: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           

+ NvCplDaemon    NVIDIA Display Properties Extension    NVIDIA Corporation    c:\windows\system32\nvcpl.dll

+ QQ    QQ    TENCENT    d:\program files\tencent\qq\qq.exe

+ TkBellExe    RealNetworks Scheduler    RealNetworks, Inc.    c:\program files\common files\real\update_ob\realsched.exe

+ Torjan Program        qiuSCaK    c:\windows\winlogon.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run           

+ CheckFaultKernel            c:\windows\system32\mswdm.exe

+ KernelFaultCheck            c:\windows\system32\mswdm.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run           

+ pyjj    加加输入法 4.0 作者:孙百川    加加开发组    c:\program files\jj4\jjsvr4.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks           

+ ntldr.dll            c:\ntldr.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ Desktop Explorer    NVIDIA Desktop Explorer, Version 110.14     NVIDIA Corporation    c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu    NVIDIA Desktop Explorer, Version 110.14     NVIDIA Corporation    c:\windows\system32\nvshell.dll

+ HyperTerminal Icon Ext    HyperTerminal Applet Library    Hilgraeve, Inc.    c:\windows\system32\hticons.dll

+ Image Cutter            c:\program files\imagecutter\contextmenu.dll

+ nView Desktop Context Menu    NVIDIA Desktop Explorer, Version 110.14     NVIDIA Corporation    c:\windows\system32\nvshell.dll

+ Shell Extensions for RealOne Player    RealPlayer Shell Extensions    RealNetworks, Inc.    c:\program files\real\realplayer\rpshell.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ Web 文件夹            c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects           

+ QQBrowserHelperObject Class    QQIEHelper Module    深圳市腾讯计算机系统有限公司    d:\program files\tencent\qq\qqiehelper.dll

+ ThunderIEHelper Class    XunLei BHO    Thunder Networking Technologies,LTD    c:\windows\system32\xunleibho_v14.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions           

+ FlashGet    FlashGet    Amaze Soft    d:\program files\flashget\flashget.exe

+ QQ    QQ    TENCENT    d:\program files\tencent\qq\qq.exe

+ 百度首页            File not found: http://baidu.com/index.php?tn=bainiudg

+ 浩方对战平台    浩方对战平台    上海浩方在线信息技术有限公司    f:\program files\浩方对战平台\gameclient.exe

HKLM\System\CurrentControlSet\Services           

+ NVSvc    Provides system and desktop level support to the NVIDIA display driver    NVIDIA Corporation    c:\windows\system32\nvsvc32.exe

+ Remote SQL    在局域网以及广域网环境中为企业提供路由服务。        c:\windows\system32\su.exe

HKLM\System\CurrentControlSet\Services           

+ admjoy    Vortex AU8820 WDM Joystick Driver    Aureal, Inc.    c:\windows\system32\drivers\admjoy.sys

+ aeaudio    Andrea Audio Stub Driver    Andrea Electronics Corporation    c:\windows\system32\drivers\aeaudio.sys

+ AN983    ADMtek AN983/AN985/ADM951X NDIS5 Driver    ADMtek Incorporated.    c:\windows\system32\drivers\an983.sys

+ BaseTDI    basetdi    Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\basetdi.sys

+ EagleNT            File not found: C:\WINDOWS\system32\drivers\EagleNT.sys

+ ExpScaner            File not found: C:\Program Files\Rising\Rav\ExpScan.sys

+ GOOD05            File not found: C:\WINDOWS\system32\vqpn6hhl.sys

+ HookCont            File not found: C:\Program Files\Rising\Rav\HOOKCONT.sys

+ HookReg            File not found: C:\Program Files\Rising\Rav\HookReg.sys

+ HookSys            File not found: C:\Program Files\Rising\Rav\HookSys.sys

+ ialm            File not found: system32\DRIVERS\ialmnt5.sys

+ MEMSCAN            File not found: C:\Program Files\Rising\Rav\MEMSCAN.sys

+ NPF    npf    CACE Technologies    c:\windows\system32\drivers\npf.sys

+ npkcrypt    nProtect KeyCrypt Driver    INCA Internet Co., Ltd.    d:\program files\tencent\qq\npkcrypt.sys

+ nv    NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.98     NVIDIA Corporation    c:\windows\system32\drivers\nv4_mini.sys

+ oreans32            c:\windows\system32\drivers\oreans32.sys

+ prcmondrv    Process Monitor driver    Igor Nys    c:\windows\system32\drivers\prcmondrv1041.sys

+ Ptilink    Direct Parallel Link Driver    Parallel Technologies, Inc.    c:\windows\system32\drivers\ptilink.sys

+ safemon    System Safety Monitor 2.0 extension for Windows security layer    System Safety Limited    c:\windows\system32\drivers\safemon.sys

+ Secdrv    SafeDisc driver        c:\windows\system32\drivers\secdrv.sys

+ smwdm    SoundMAX Integrated Digital Audio     Analog Devices, Inc.    c:\windows\system32\drivers\smwdm.sys

+ XPROTECTOR            c:\windows\system32\drivers\xprotector.sys

+ ZSMC301b    Video streaming and Capture Device Driver    VM    c:\windows\system32\drivers\usbvm31b.sys

+ {6080A529-897E-4629-A488-ABA0C29B635E}            File not found: system32\drivers\ialmsbw.sys

+ {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}            File not found: system32\drivers\ialmkchw.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify           

+ System Safety Monitor            File not found: SSMWinlogonEx.dll

这样我删除文件它就出现蓝屏死机!!!
[Main]
Program=超级兔子IE修复专家
Version=V7.67
WindowsVersion=Windows XP
IEVersion=6.0.2900.2180
WinDir=C:\WINDOWS\
WinSystemDir=C:\WINDOWS\system32\
USERPROFILE=C:\Documents and Settings\tmwl
Admin=1
Detail=1
Date=2005-08-13
Time=10:01:33
Code=,
CDCode=,
Reg=0

[Soft]
1=百度上网伴侣,已安装
2=新浪iGame游戏总动园,已安装
3=联众世界,已安装
Max=3

[IE]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Main
1_Name=Window Title
1_Value=Microsoft Internet Explorer
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Main
2_Name=Local Page
2_Value=about:blank
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Main
3_Name=Search Page
3_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Main
4_Name=Start Page
4_Value=http://www.haokan123.com/
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Main
5_Name=Default_page_url
5_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\Main
6_Name=First Home Page
6_Value=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Internet Explorer\Main
7_Name=Search Page
7_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Internet Explorer\Main
8_Name=Start Page
8_Value=about:blank
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Internet Explorer\Main
9_Name=Default_page_url
9_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Internet Explorer\Main
10_Name=First Home Page
10_Value=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Internet Explorer\Main
11_Name=Search Page
11_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Internet Explorer\Main
12_Name=Start Page
12_Value=about:blank
Max=12

[IE2]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
1_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1016832
1_FileDate=2004-8-12
1_FileVersion=6.0.2900.2180
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
2_Name={0E5CBF21-D15F-11D0-8301-00AA005B4383}
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8241664
2_FileDate=2004-8-12
2_FileVersion=6.0.2900.2180
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
3_Name={43869BB3-22FD-4F15-9B46-238106BA2F4E}
3_FileName=D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
3_FileSize=684032
3_FileDate=2006-6-19 PM 02:43:28
3_FileVersion=2.1.0.1463
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
4_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
4_FileName=%SystemRoot%\system32\browseui.dll
4_FileSize=1016832
4_FileDate=2004-8-12
4_FileVersion=6.0.2900.2180
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
5_Name={43869BB3-22FD-4F15-9B46-238106BA2F4E}
5_FileName=D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
5_FileSize=684032
5_FileDate=2006-6-19 PM 02:43:28
5_FileVersion=2.1.0.1463
Max=5

[IE3]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\MenuExt\&使用迅雷下载
1_FileName=C:\Program Files\Thunder Network\Thunder\geturl.htm
1_FileSize=2238
1_FileDate=2005-12-8 PM 06:32:22
1_FileVersion=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\MenuExt\&使用迅雷下载全部链接
2_FileName=C:\Program Files\Thunder Network\Thunder\getallurl.htm
2_FileSize=885
2_FileDate=2005-11-17 PM 03:31:20
2_FileVersion=
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\MenuExt\上传到QQ网络硬盘
3_FileName=D:\Program Files\Tencent\QQ\AddToNetDisk.htm
3_FileSize=534
3_FileDate=2006-6-12 PM 03:35:00
3_FileVersion=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\MenuExt\使用网际快车下载
4_FileName=D:\Program Files\FlashGet\jc_link.htm
4_FileSize=1898
4_FileDate=2000-2-6 AM 11:06:34
4_FileVersion=
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\MenuExt\使用网际快车下载全部链接
5_FileName=D:\Program Files\FlashGet\jc_all.htm
5_FileSize=575
5_FileDate=2000-2-6 AM 11:06:06
5_FileVersion=
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ自定义面板
6_FileName=D:\Program Files\Tencent\QQ\AddPanel.htm
6_FileSize=1815
6_FileDate=2006-6-12 PM 03:35:00
6_FileVersion=
7_HKey=HKEY_CURRENT_USER
7_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ表情
7_FileName=D:\Program Files\Tencent\QQ\AddEmotion.htm
7_FileSize=534
7_FileDate=2006-6-12 PM 03:35:00
7_FileVersion=
8_HKey=HKEY_CURRENT_USER
8_Key=Software\Microsoft\Internet Explorer\MenuExt\用QQ彩信发送该图片
8_FileName=D:\Program Files\Tencent\QQ\SendMMS.htm
8_FileSize=519
8_FileDate=2006-6-12 PM 03:35:22
8_FileVersion=
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}
9_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
9_ButtonText=百度首页
9_MenuText=
9_FileName=
9_FileVersion=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}
10_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
10_ButtonText=浩方对战平台
10_MenuText=浩方对战平台
10_FileName=
10_FileVersion=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157b}
11_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
11_ButtonText=QQ
11_MenuText=QQ
11_FileName=
11_FileVersion=
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
12_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
12_ButtonText=FlashGet
12_MenuText=FlashGet
12_FileName=
12_FileVersion=
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}
13_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
13_ButtonText=QQ炫彩工具条设置
13_MenuText=QQ炫彩工具条设置
13_FileName=
13_FileVersion=
14_HKey=HKEY_CURRENT_USER
14_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
14_Clsid=
14_ButtonText=
14_MenuText=
14_FileName=
14_FileVersion=
15_HKey=HKEY_LOCAL_MACHINE
15_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}
15_Download=http://go.microsoft.com/fwlink/?linkid=39204
15_FileName=C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
15_FileSize=367
15_FileDate=2006-5-15 PM 06:48:12
15_FileVersion=
16_HKey=HKEY_LOCAL_MACHINE
16_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}
16_Download=http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143347706486
16_FileName=C:\WINDOWS\Downloaded Program Files\wuweb.inf
16_FileSize=291
16_FileDate=2005-5-26 AM 04:19:32
16_FileVersion=
17_HKey=HKEY_LOCAL_MACHINE
17_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
17_Download=http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
17_FileName=C:\WINDOWS\Downloaded Program Files\erma.inf
17_FileSize=1249
17_FileDate=2006-6-7 AM 11:09:22
17_FileVersion=
18_HKey=HKEY_LOCAL_MACHINE
18_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C661F36D-DF85-4EF4-83C7-E107B83D04B1}
18_Download=http://dl_dir.qq.com/3dshow/3DShowVM.cab
18_FileName=C:\WINDOWS\Downloaded Program Files\3DShowVM.inf
18_FileSize=573
18_FileDate=2006-3-13 PM 02:28:36
18_FileVersion=
19_HKey=HKEY_LOCAL_MACHINE
19_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
19_Download=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
19_FileName=C:\WINDOWS\Downloaded Program Files\swflash.inf
19_FileSize=5019
19_FileDate=2006-3-27 PM 01:00:04
19_FileVersion=
20_HKey=HKEY_LOCAL_MACHINE
20_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}
20_Download=http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
20_FileName=C:\WINDOWS\Downloaded Program Files\OL2005.inf
20_FileSize=205
20_FileDate=2006-2-14 AM 09:58:16
20_FileVersion=
21_HKey=HKEY_LOCAL_MACHINE
21_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1536C2E6-83CD-4C4F-A219-61E535081B71}
21_NameServer=
21_Clsid=
21_FileName=
21_FileVersion=
22_HKey=HKEY_LOCAL_MACHINE
22_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32D0353A-33BF-442D-946D-D0B7DE8B10B7}
22_NameServer=
22_Clsid=
22_FileName=
22_FileVersion=
23_HKey=HKEY_LOCAL_MACHINE
23_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5465D3A9-25BE-43F0-A158-5602A49BB785}
23_NameServer=
23_Clsid=
23_FileName=
23_FileVersion=
24_HKey=HKEY_LOCAL_MACHINE
24_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF7CB9FB-1255-41E8-A7C9-BEAA3C88449B}
24_NameServer=202.98.0.68,202.98.5.68
24_Clsid=
24_FileName=
24_FileVersion=
Max=24

[Link]
1_HKey=HKEY_CLASSES_ROOT
1_Key=.exe
1_Name=
1_Value=winfiles
1_HKeyLink=HKEY_CLASSES_ROOT
1_KeyLink=exefile\shell\open\command
1_NameLink=
1_ValueLink="%1" %*
2_HKey=HKEY_CLASSES_ROOT
2_Key=.com
2_Name=
2_Value=comfile
2_HKeyLink=HKEY_CLASSES_ROOT
2_KeyLink=comfile\shell\open\command
2_NameLink=
2_ValueLink="%1" %*
3_HKey=HKEY_CLASSES_ROOT
3_Key=.lnk
3_Name=
3_Value=lnkfile
3_HKeyLink=HKEY_CLASSES_ROOT
3_KeyLink=lnkfile\CLSID
3_NameLink=
3_ValueLink={00021401-0000-0000-C000-000000000046}
4_HKey=HKEY_CLASSES_ROOT
4_Key=.txt
4_Name=
4_Value=txtfile
4_HKeyLink=HKEY_CLASSES_ROOT
4_KeyLink=txtfile\shell\open\command
4_NameLink=
4_ValueLink=%SystemRoot%\system32\NOTEPAD.EXE %1
4_FileSizeLink=66560
4_FileDateLink=2004-8-12
4_FileVersionLink=5.1.2600.2180
5_HKey=HKEY_CLASSES_ROOT
5_Key=.htm
5_Name=
5_Value=htmlfile
5_HKeyLink=HKEY_CLASSES_ROOT
5_KeyLink=htmlfile\shell\open\command
5_NameLink=
5_ValueLink="C:\Program Files\Internet Explorer\iexplore.com" -nohome
5_FileSizeLink=46211
5_FileDateLink=2005-7-22 PM 02:23:12
5_FileVersionLink=0.0.0.83
6_HKey=HKEY_CLASSES_ROOT
6_Key=.html
6_Name=
6_Value=htmlfile
6_HKeyLink=HKEY_CLASSES_ROOT
6_KeyLink=htmlfile\shell\open\command
6_NameLink=
6_ValueLink="C:\Program Files\Internet Explorer\iexplore.com" -nohome
6_FileSizeLink=46211
6_FileDateLink=2005-7-22 PM 02:23:12
6_FileVersionLink=0.0.0.83
7_HKey=HKEY_CLASSES_ROOT
7_Key=.url
7_Name=
7_Value=InternetShortcut
7_HKeyLink=HKEY_CLASSES_ROOT
7_KeyLink=InternetShortcut\shell\open\command
7_NameLink=
7_ValueLink=finder.com shdocvw.dll,OpenURL %l
8_HKey=HKEY_CLASSES_ROOT
8_Key=PROTOCOLS\Filter\text/html
8_Name=CLSID
8_Value=
9_HKey=HKEY_CLASSES_ROOT
9_Key=PROTOCOLS\Filter\text/plain
9_Name=CLSID
9_Value=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
10_Name=
10_Value=http://
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
11_Name=www
11_Value=http://
Max=11

[Shdoclc]
1_FileSize=498176
1_FileDate=2004-8-12
1_FileVersion=6.0.2900.2180
Max=1

[AppInit_DLLs]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
1_Name=AppInit_DLLs
1_Value=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2_Name=Userinit
2_Value=C:\WINDOWS\SYSTEM32\Userinit.exe,
2_FileSize=23552
2_FileDate=2004-8-12
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
3_Name=Shell
3_Value=Explorer.exe 1
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4_Name=System
3_Value=
Max=4

[WinSock2NameSpace]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
1_Name=DisplayString
1_Value=Tcpip
1_Enabled=1
1_LibraryPath=%SystemRoot%\System32\mswsock.dll
1_FileSize=240640
1_FileDate=2004-8-12
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2_Name=DisplayString
2_Value=NTDS
2_Enabled=1
2_LibraryPath=%SystemRoot%\System32\winrnr.dll
2_FileSize=16896
2_FileDate=2004-8-12
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
3_Name=DisplayString
3_Value=网络位置知晓 (NLA) 名称空间
3_Enabled=1
3_LibraryPath=%SystemRoot%\System32\mswsock.dll
3_FileSize=240640
3_FileDate=2004-8-12
Max=3

[WinSock2Protocol]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
1_Name=PackedCatalogItem
1_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
1_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡????昅?      ? ????耀?銡?ā              ? ? ? ? ā ?          ?匀????吀挀瀀椀瀀?嬀吀?倀??倀崀                                                                                                                                                                                                                                           
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2_Name=PackedCatalogItem
2_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
2_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????      ? ????耀?銡?ā              ? ? ? ? ? ?      ?  MSAFD Tcpip [UDP/IP]                                                                                                                                                                                                                                           
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
3_Name=PackedCatalogItem
3_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
3_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????      ? ????耀?銡?ā              ? ? ? ? ?  ?    ?  MSAFD Tcpip [RAW/IP]                                                                                                                                                                                                                                           
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
4_Name=PackedCatalogItem
4_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
4_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????        　弘玍?锑è往??
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{5465D3A9-25BE-43F0-A158-5602A49BB785}] SEQPACKET 3                                                                                                                                                                         
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
5_Name=PackedCatalogItem
5_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
5_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????        　弘玍?锑è往??
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{5465D3A9-25BE-43F0-A158-5602A49BB785}] DATAGRAM 3                                                                                                                                                                         
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
6_Name=PackedCatalogItem
6_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
6_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????      ? 　弘玍?锑è往??
                    耀        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀????????????????????????????????????紀崀?匀?儀倀????吀?　                                                                                                                                                                         
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
7_Name=PackedCatalogItem
7_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
7_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????      ? 　弘玍?锑è往??
                    耀        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀????????????????????????????????????紀崀???吀??刀???　                                                                                                                                                                         
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
8_Name=PackedCatalogItem
8_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
8_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????        　弘玍?锑è往??
                   ??        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀???　?????????????????????　???????　??紀崀?匀?儀倀????吀??                                                                                                                                                                         
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
9_Name=PackedCatalogItem
9_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
9_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????        　弘玍?锑è往??
                   ??        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀???　?????????????????????　???????　??紀崀???吀??刀????                                                                                                                                                                         
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
10_Name=PackedCatalogItem
10_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
10_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????        　弘玍?锑è往??
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{1536C2E6-83CD-4C4F-A219-61E535081B71}] SEQPACKET 2                                                                                                                                                                         
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
11_Name=PackedCatalogItem
11_FileName=%SystemRoot%\system32\mswsock.dll E 6 2 3 9 A A 1 E C E 3 4 F E 7 7 2 6 0 4 8 7
11_Value= DDF?、?L{C689AAB8-8E78-11D0-8C47-00C04FC295EE?????? ????ā???????耿<<<Obsolete>>?〡??????        　弘玍?锑è往??
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{1536C2E6-83CD-4C4F-A219-61E535081B71}] DATAGRAM 2                                                                                                                                                                         
Max=11

[WinSock2Winsock]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=System\CurrentControlSet\Services\Winsock2\Winsock
1_Name=PathName
1_Value=
1_Found=0
Max=1

[WOW]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\WOW
1_Name=cmdline
1_Value=%SystemRoot%\system32\ntvdm.exe -o
1_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
1_FileSize=417280
1_FileDate=2004-8-12
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Control\WOW
2_Name=wowcmdline
2_Value=%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
2_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
2_FileSize=417280
2_FileDate=2004-8-12
Max=2

[ShellExecuteHooks]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1_Name={AEB6717E-7E19-11d0-97EE-00C04FD91972}
1_ClsidName=URL 执行挂钩
1_FileName=C:\WINDOWS\system32\shell32.dll
1_FileSize=8241664
1_FileDate=2004-8-12
Max=1

[ShellServiceObjectDelayLoad]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1_Name=PostBootReminder
1_Value={7849596a-48ea-486e-8937-a2a3009f31a9}
1_ClsidName=PostBootReminder 对象
1_FileName=%SystemRoot%\system32\SHELL32.dll
1_FileSize=8241664
1_FileDate=2004-8-12
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
2_Name=CDBurn
2_Value={fbeb8a05-beee-4442-804e-409d6c4515e9}
2_ClsidName=烧 CD 的 ShellFolder
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8241664
2_FileDate=2004-8-12
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
3_Name=WebCheck
3_Value={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
3_ClsidName=WebCheck
3_FileName=%SystemRoot%\system32\webcheck.dll
3_FileSize=265728
3_FileDate=2004-8-12
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
4_Name=SysTray
4_Value={35CEC8A3-2BE6-11D2-8773-92E220524153}
4_ClsidName=SysTray
4_FileName=C:\WINDOWS\system32\stobject.dll
4_FileSize=121344
4_FileDate=2004-8-12
Max=4

[SharedTaskScheduler]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1_Name={438755C2-A8BA-11D1-B96B-00A0C90312E1}
1_Value=Browseui 预加载程序
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1016832
1_FileDate=2004-8-12
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
2_Name={8C7461EF-2B13-11d2-BE35-3078302C2030}
2_Value=组件类别缓存程序
2_FileName=%SystemRoot%\system32\browseui.dll
2_FileSize=1016832
2_FileDate=2004-8-12
Max=2

[ProtocolDefaults]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
1_Name=http
1_Value=3
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2_Name=https
2_Value=3
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
3_Name=ftp
3_Value=3
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
4_Name=file
4_Value=3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
5_Name=@ivt
5_Value=1
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
6_Name=shell
6_Value=0
Max=6

[BootExecute]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\Session Manager
1_Name=BootExecute
1_Value=autocheck autochk *
Max=1

[AutoRun]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=Software\Microsoft\Windows\CurrentVersion\Run
1_Name=NvCplDaemon
1_Value=rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
1_FileSize=7311360
1_FileDate=2005-12-10 AM 03:06:00
1_FileVersion=6.14.10.8198
2_HKey=HKEY_LOCAL_MACHINE
2_Key=Software\Microsoft\Windows\CurrentVersion\Run
2_Name=KernelFaultCheck
2_Value=%systemroot%\system32\dumprep 0 -k
3_HKey=HKEY_LOCAL_MACHINE
3_Key=Software\Microsoft\Windows\CurrentVersion\Run
3_Name=TkBellExe
3_Value="c:\program files\common files\real\update_ob\realsched.exe"  -osboot
3_FileSize=180269
3_FileDate=2006-4-4 AM 11:45:48
3_FileVersion=0.1.0.3510
4_HKey=HKEY_LOCAL_MACHINE
4_Key=Software\Microsoft\Windows\CurrentVersion\Run
4_Name=Torjan Program
4_Value=c:\windows\winlogon.exe
4_FileSize=46211
4_FileDate=2005-7-22 PM 02:23:12
4_FileVersion=0.0.0.83
5_HKey=HKEY_LOCAL_MACHINE
5_Key=Software\Microsoft\Windows\CurrentVersion\RunOnce
5_Name=Super Rabbit Winspeed
5_Value="d:\program files\super rabbit\magicset\winspeed.exe" /autokill:3
5_FileSize=912384
5_FileDate=2006-6-27 AM 12:06:00
5_FileVersion=7.67.0.1
6_HKey=HKEY_LOCAL_MACHINE
6_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
6_Name=load
6_Value=
7_HKey=HKEY_CURRENT_USER
7_Key=Software\Microsoft\Windows\CurrentVersion\Run
7_Name=ctfmon.exe
7_Value=c:\windows\system32\ctfmon.exe
7_FileSize=15360
7_FileDate=2004-8-12
7_FileVersion=5.1.2600.2180
8_HKey=HKEY_CURRENT_USER
8_Key=Software\Microsoft\Windows\CurrentVersion\Run
8_Name=pyjj
8_Value=c:\program files\jj4\jjsvr4.exe
8_FileSize=454656
8_FileDate=2006-1-17 PM 05:00:04
8_FileVersion=4.0.0.20
9_HKey=HKEY_CURRENT_USER
9_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
9_Name=load
9_Value=
Max=9

[ModuleUsage]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dddmsp.dll
1_Name=.Owner
1_Value={EF9F1C48-1A63-495A-9317-B7B71B34A9CF}
1_Clsid=Msp Class
1_FileName=C:\WINDOWS\Downloaded Program Files\dddmsp.dll
1_FileSize=118784
1_FileDate=2005-4-26 PM 03:16:28
1_FileVersion=1.0.0.1
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/OL2005.dll
2_Name=.Owner
2_Value={E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}
2_Clsid=Rising Web Scan Object
2_FileName=C:\WINDOWS\Downloaded Program Files\OL2005.dll
2_FileSize=278528
2_FileDate=2006-2-13 PM 03:57:38
2_FileVersion=18.0.0.6
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YAlive.dll
3_Name=.Owner
3_Value={57421194-58FB-49AE-9B4F-FD48869B9AD4}
3_Clsid=
3_FileName=C:\WINDOWS\Downloaded Program Files\YAlive.dll
3_FileVersion=
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/3DShowVM.ocx
4_Name=.Owner
4_Value={C661F36D-DF85-4EF4-83C7-E107B83D04B1}
4_Clsid=WebActivater Control
4_FileName=C:\WINDOWS\system32\3DShowVM.ocx
4_FileSize=319488
4_FileDate=2006-3-13 PM 02:00:38
4_FileVersion=1.0.200.50
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iMopDl.dll
5_Name=.Owner
5_Value={5932517A-3326-4439-A708-1C98EDB5C549}
5_Clsid=
5_FileName=C:\WINDOWS\system32\iMopDl.dll
5_FileVersion=
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL
6_Name=.Owner
6_Value=Unknown Owner
6_Clsid=
6_FileName=C:\WINDOWS\system32\LegitCheckControl.DLL
6_FileVersion=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll
7_Name=.Owner
7_Value=Unknown Owner
7_Clsid=
7_FileName=C:\WINDOWS\system32\mfc42.dll
7_FileSize=1028096
7_FileDate=2004-8-12
7_FileVersion=6.2.4131.0
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll
8_Name=.Owner
8_Value=Unknown Owner
8_Clsid=
8_FileName=C:\WINDOWS\system32\msvcrt.dll
8_FileSize=343040
8_FileDate=2004-8-12
8_FileVersion=7.0.2600.2180
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll
9_Name=.Owner
9_Value=Unknown Owner
9_Clsid=
9_FileName=C:\WINDOWS\system32\olepro32.dll
9_FileSize=83456
9_FileDate=2004-8-12
9_FileVersion=5.1.2600.2180
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll
10_Name=.Owner
10_Value=Unknown Owner
10_Clsid=
10_FileName=C:\WINDOWS\system32\wuweb.dll
10_FileSize=173536
10_FileDate=2005-5-26 AM 04:19:32
10_FileVersion=5.8.0.2469
Max=10

[Process]
1_FileName=C:\WINDOWS\SYSTEM32\SMSS.EXE
1_FileSize=50688
1_FileDate=2004-8-12
1_FileVersion=5.1.2600.2180
2_FileName=C:\WINDOWS\SYSTEM32\CSRSS.EXE
2_FileSize=6144
2_FileDate=2004-8-12
2_FileVersion=5.1.2600.2180
3_FileName=C:\WINDOWS\SYSTEM32\WINLOGON.EXE
3_FileSize=487424
3_FileDate=2004-8-12
3_FileVersion=5.1.2600.2180
4_FileName=C:\WINDOWS\SYSTEM32\SERVICES.EXE
4_FileSize=108032
4_FileDate=2004-8-12
4_FileVersion=5.1.2600.2180
5_FileName=C:\WINDOWS\SYSTEM32\LSASS.EXE
5_FileSize=13312
5_FileDate=2004-8-12
5_FileVersion=5.1.2600.2180
6_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
6_FileSize=14336
6_FileDate=2004-8-12
6_FileVersion=5.1.2600.2180
7_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
7_FileSize=14336
7_FileDate=2004-8-12
7_FileVersion=5.1.2600.2180
8_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
8_FileSize=14336
8_FileDate=2004-8-12
8_FileVersion=5.1.2600.2180
9_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
9_FileSize=14336
9_FileDate=2004-8-12
9_FileVersion=5.1.2600.2180
10_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
10_FileSize=14336
10_FileDate=2004-8-12
10_FileVersion=5.1.2600.2180
11_FileName=C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
11_FileSize=57856
11_FileDate=2004-8-12
11_FileVersion=5.1.2600.2180
12_FileName=C:\WINDOWS\SYSTEM32\NVSVC32.EXE
12_FileSize=131139
12_FileDate=2005-12-10 AM 03:06:00
12_FileVersion=6.14.10.8198
13_FileName=C:\WINDOWS\SYSTEM32\WDFMGR.EXE
13_FileSize=38912
13_FileDate=2004-8-10 PM 10:05:14
13_FileVersion=5.2.3790.1230
14_FileName=C:\WINDOWS\EXPLORER.EXE
14_FileSize=976896
14_FileDate=2004-8-12
14_FileVersion=6.0.2900.2180
15_FileName=C:\WINDOWS\SYSTEM32\ALG.EXE
15_FileSize=44544
15_FileDate=2004-8-12
15_FileVersion=5.1.2600.2180
16_FileName=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
16_FileSize=180269
16_FileDate=2006-4-4 AM 11:45:48
16_FileVersion=0.1.0.3510
17_FileName=C:\WINDOWS\SYSTEM32\CTFMON.EXE
17_FileSize=15360
17_FileDate=2004-8-12
17_FileVersion=5.1.2600.2180
18_FileName=C:\PROGRAM FILES\JJ4\JJSVR4.EXE
18_FileSize=454656
18_FileDate=2006-1-17 PM 05:00:04
18_FileVersion=4.0.0.20
19_FileName=C:\WINDOWS\WINLOGON.EXE
19_FileSize=46211
19_FileDate=2005-7-22 PM 02:23:12
19_FileVersion=0.0.0.83
20_FileName=D:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE
20_FileSize=3022848
20_FileDate=2006-4-20 PM 05:51:34
20_FileVersion=3.0.0.250
21_FileName=C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
21_FileSize=124184
21_FileDate=2005-5-26 AM 04:16:36
21_FileVersion=5.8.0.2469
22_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
22_FileSize=14336
22_FileDate=2004-8-12
22_FileVersion=5.1.2600.2180
23_FileName=D:\PROGRAM FILES\SUPER RABBIT\MAGICSET\MAGICSET.EXE
23_FileSize=569344
23_FileDate=2006-6-27 AM 12:19:10
23_FileVersion=7.67.0.0
24_FileName=D:\PROGRAM FILES\SUPER RABBIT\MAGICSET\IEHELP.EXE
24_FileSize=704000
24_FileDate=2006-6-27 AM 12:04:32
24_FileVersion=7.67.0.1
25_FileName=C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
25_FileSize=218112
25_FileDate=2004-8-12 AM 08:00:00
25_FileVersion=5.1.2600.2180
26_FileName=[SYSTEM PROCESS]
Max=26

[Hosts]
HostsFile=C:\WINDOWS\system32\Drivers\Etc\Hosts
1_Host=127.0.0.1      localhost
Max=1

[Service]
1_ServiceName=DcomLaunch
1_DisplayName=DCOM Server Process Launcher
1_Description=为 DCOM 服务提供加载功能。
1_Status=已启动
1_StartType=自动
1_ServiceDll=C:\WINDOWS\SYSTEM32\RPCSS.DLL
1_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH

2_ServiceName=HTTPFilter
2_DisplayName=HTTP SSL
2_Description=此服务通过安全套接字层(SSL)实现 HTTP 服务的安全超文本传送协议(HTTPS)。如果此服务被禁用，任何依赖它的服务将无法启动。
2_Status=停止
2_StartType=手动
2_ServiceDll=C:\WINDOWS\SYSTEM32\W3SSL.DLL
2_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER

3_ServiceName=IDriverT
3_DisplayName=InstallDriver Table Manager
3_Description=Provides support for the Running Object Table for InstallShield Drivers
3_Status=停止
3_StartType=手动
3_ServiceDll=
3_ImagePath="C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\11\INTEL 32\IDRIVERT.EXE"

4_ServiceName=Indtry
4_DisplayName=Remote Registry Protect
4_Description=注册表保护加密器，提供注册表的软件的快速运行，恢复，以及加密功能。无法终止此服务。
4_Status=已启动
4_StartType=自动
4_ServiceDll=C:\WINDOWS\SYSTEM32\BJOP.DLL
4_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

5_ServiceName=NetDDEdsdm
5_DisplayName=Network DDE DSDM
5_Description=管理动态数据交换 (DDE) 网络共享。如果此服务终止，DDE 网络共享将不可用。如果此服务被禁用，任何依赖它的服务将无法启动。
5_Status=停止
5_StartType=已禁用
5_ServiceDll=
5_ImagePath=C:\WINDOWS\SYSTEM32\NETDDE.EXE

6_ServiceName=NVSvc
6_DisplayName=NVIDIA Display Driver Service
6_Description=Provides system and desktop level support to the NVIDIA display driver
6_Status=已启动
6_StartType=自动
6_ServiceDll=
6_ImagePath=C:\WINDOWS\SYSTEM32\NVSVC32.EXE

7_ServiceName=UMWdf
7_DisplayName=Windows User Mode Driver Framework
7_Description=启用 Windows 用户模式驱动程序。
7_Status=已启动
7_StartType=自动
7_ServiceDll=
7_ImagePath=C:\WINDOWS\SYSTEM32\WDFMGR.EXE

8_ServiceName=WmdmPmSN
8_DisplayName=Portable Media Serial Number Service
8_Description=Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
8_Status=停止
8_StartType=手动
8_ServiceDll=C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL
8_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

9_ServiceName=wscsvc
9_DisplayName=Security Center
9_Description=监视系统安全设置和配置。
9_Status=已启动
9_StartType=自动
9_ServiceDll=C:\WINDOWS\SYSTEM32\WSCSVC.DLL
9_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

10_ServiceName=xmlprov
10_DisplayName=Network Provisioning Service
10_Description=为自动网络提供管理基于域的 XML 配置文件。
10_Status=停止
10_StartType=手动
10_ServiceDll=C:\WINDOWS\SYSTEM32\XMLPROV.DLL
10_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

Max=10

[END]
Max=1


病毒样本http://free.ys168.com/?kkliver密码ruixing请谨慎下载!!!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\jj4\jjsvr4.exe
C:\WINDOWS\WINLOGON.EXE
D:\Program Files\Tencent\TT\TTraveler.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Super Rabbit\MagicSet\magicset.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\tmwl\桌面\SREng2\SREng.exe
C:\Documents and Settings\tmwl\My Documents\工具\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\RunOnce: [Super Rabbit Winspeed] "D:\Program Files\Super Rabbit\MagicSet\winspeed.exe" /autokill:3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pyjj] C:\Program Files\jj4\jjsvr4.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 百度首页 - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://baidu.com/index.php?tn=bainiudg (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra 'Tools' menuitem: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O11 - Options group: [!ANetSpeeder]  NetSpeeder
O11 - Options group: [!IESearch] 百度搜索伴侣
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143347706486
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF7CB9FB-1255-41E8-A7C9-BEAA3C88449B}: NameServer = 202.98.0.68,202.98.5.68
O20 - Winlogon Notify: System Safety Monitor - SSMWinlogonEx.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe