瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我中病毒了,用hijackthis扫描了,哪位高手帮我看看?谢谢了先

123   2  /  3  页   跳转

我中病毒了,用hijackthis扫描了,哪位高手帮我看看?谢谢了先

收藏
心情niwota
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-12 08:30 | 只看楼主 短消息 资料
字号: 11楼

19_FileName=vlsp.dll ot%\system32\mswsock.dll
19_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ????昀      ? 氀濰锃???? ??                         VENTURI_TP MSAFD Tcpip [TCP/IP]                                                                                                                                                                                                                               
20_HKey=HKEY_LOCAL_MACHINE
20_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020
20_Name=PackedCatalogItem
20_FileName=vlsp.dll ot%\system32\mswsock.dll
20_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????      ? 謀????鱡??? ??                     ?  嘀?一吀唀刀?开吀倀??匀????吀挀瀀椀瀀?嬀唀?倀??倀崀                                                                                                                                                                                                                               
21_HKey=HKEY_LOCAL_MACHINE
21_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021
21_Name=PackedCatalogItem
21_FileName=vlsp.dll ot%\system32\mswsock.dll
21_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????      ? ???伃媛竓?З  Д ?          ? ? ? ? ?  ?    ?  VENTURI_TP MSAFD Tcpip [RAW/IP]                                                                                                                                                                                                                               
22_HKey=HKEY_LOCAL_MACHINE
22_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022
22_Name=PackedCatalogItem
22_FileName=vlsp.dll ot%\system32\mswsock.dll
22_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????&      ? 耀鯌??箺邈??? ?? 麗??畖? 唿??? ? ? ? ? ?      ?  VENTURI_TP RSVP UDP Service Provider 粒?  ??粒?粒  ??鋻??????鋮硼鋻??燿鋻??具??畕? ? ??耀?@    唿屵?攀瘀椀挀攀尀笀????????? ??????????????????????????紀 ??????????紀 ?琂????粓錿塼??? ?垊幵?? ???粓錿? 堀?    ??錿?粓 ??粓錿|  堀 ?粓 ??  ? 倀??? ?????  ??尀?甀爀爀攀? ? ? ā ?粓
23_HKey=HKEY_LOCAL_MACHINE
23_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023
23_Name=PackedCatalogItem
23_FileName=vlsp.dll ot%\system32\mswsock.dll
23_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ????昀      ? 一嚕瘿?????Й  Д ??  谀?専錍|?? ? ? ? ā ?          嘀?一吀唀刀?开吀倀?刀匀嘀倀?吀?倀?匀攀爀瘀椀挀攀?倀爀漀瘀椀搀攀爀  怀?簀???   ?専錍|?    全尿錍|??粓??粓埀? ?   ? 兰? ? ?????瀿????  ? 瀀?? ? ?粓? ??   ?@ 鴰?? 浏ā埜怿 ?  ????錏? ?????  ?専錍|??粓??粓??  ?  ?  耀  ??      ? ???? @  ?栁???倂?ī嘼畕  ??? ?????粒?粒??  ??
24_HKey=HKEY_LOCAL_MACHINE
24_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024
24_Name=PackedCatalogItem
24_FileName=vlsp.dll ot%\system32\mswsock.dll
24_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????        搀寲焠聦????? ??          ? ? ? ? ? ??        嘀?一吀唀刀?开吀倀??匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀?? ?????????????????????????????????紀崀?匀?儀倀????吀??                                                                                                                                                             
25_HKey=HKEY_LOCAL_MACHINE
25_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025
25_Name=PackedCatalogItem
25_FileName=vlsp.dll ot%\system32\mswsock.dll
25_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????        簀?~?????п  Д ?               _?        VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{320D6A29-72EC-41B9-A25A-22148A6FD444}] DATAGRAM 5                                                                                                                                                               
26_HKey=HKEY_LOCAL_MACHINE
26_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026
26_Name=PackedCatalogItem
26_FileName=vlsp.dll ot%\system32\mswsock.dll
26_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????      ? ???伨岨??п  Д ?                耀        嘀?一吀唀刀?开吀倀??匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀???????????????????????????? ???????紀崀?匀?儀倀????吀?                                                                                                                                                              
27_HKey=HKEY_LOCAL_MACHINE
27_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027
27_Name=PackedCatalogItem
27_FileName=vlsp.dll ot%\system32\mswsock.dll
27_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????      ? 怀茚牍殡衍??xН  Д ?                耀        嘀?一吀唀刀?开吀倀??匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀???????????????????????????? ???????紀崀???吀??刀???                                                                                                                                                                
28_HKey=HKEY_LOCAL_MACHINE
28_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028
28_Name=PackedCatalogItem
28_FileName=vlsp.dll ot%\system32\mswsock.dll
28_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????        ???檴??п  Д ?               ??        嘀?一吀唀刀?开吀倀??匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀?????? ???????????????????  ????????紀崀?匀?儀倀????吀??                                                                                                                                                             
29_HKey=HKEY_LOCAL_MACHINE
29_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029
29_Name=PackedCatalogItem
29_FileName=vlsp.dll ot%\system32\mswsock.dll
29_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????        錀???肮?驷?П  Д ?               ??        嘀?一吀唀刀?开吀倀??匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀?????? ???????????????????  ????????紀崀???吀??刀????                                                                                                                                                               
30_HKey=HKEY_LOCAL_MACHINE
30_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000030
30_Name=PackedCatalogItem
30_FileName=vlsp.dll ot%\system32\mswsock.dll
30_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????        ????掕?惉?? ??          ? ? ? ? ? ??        嘀?一吀唀刀?开吀倀??匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀????????????????????????? ??????????紀崀?匀?儀倀????吀??                                                                                                                                                             
31_HKey=HKEY_LOCAL_MACHINE
31_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000031
31_Name=PackedCatalogItem
gototop
 
心情niwota
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-12 08:31 | 只看楼主 短消息 资料
字号: 12楼

31_FileName=vlsp.dll ot%\system32\mswsock.dll
31_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????        尀???????? ??          ? ? ? ? ? ??        嘀?一吀唀刀?开吀倀??匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀????????????????????????? ??????????紀崀???吀??刀????                                                                                                                                                               
32_HKey=HKEY_LOCAL_MACHINE
32_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000032
32_Name=PackedCatalogItem
32_FileName=vlsp.dll ot%\system32\mswsock.dll
32_Value= 犙  切s  畒  ?v  研  甀y  竖  ?|?倀}  纨  ??  腡ò  芹  ??  爀?  ??  蠴ò  覕  ?????  瀀?  ??  進ò  醓  ??  鑕ò  閶  ?????        ?摵??鹍???Т  Д А               _?        VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{03D8E49B-63EA-4E15-BB60-E6EC923548C3}] SEQPACKET 3                                                                                                                                                             
Max=32

[WinSock2Winsock]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=System\CurrentControlSet\Services\Winsock2\Winsock
1_Name=PathName
1_Value=
1_Found=0
Max=1

[WOW]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\WOW
1_Name=cmdline
1_Value=%SystemRoot%\system32\ntvdm.exe -o
1_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
1_FileSize=417280
1_FileDate=2004-8-23 16:00:00
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Control\WOW
2_Name=wowcmdline
2_Value=%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
2_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
2_FileSize=417280
2_FileDate=2004-8-23 16:00:00
Max=2

[ShellExecuteHooks]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1_Name={AEB6717E-7E19-11d0-97EE-00C04FD91972}
1_ClsidName=URL 执行挂钩
1_FileName=C:\WINDOWS\system32\shell32.dll
1_FileSize=8241664
1_FileDate=2004-8-23 16:00:00
Max=1

[ShellServiceObjectDelayLoad]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1_Name=PostBootReminder
1_Value={7849596a-48ea-486e-8937-a2a3009f31a9}
1_ClsidName=PostBootReminder 对象
1_FileName=%SystemRoot%\system32\SHELL32.dll
1_FileSize=8241664
1_FileDate=2004-8-23 16:00:00
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
2_Name=CDBurn
2_Value={fbeb8a05-beee-4442-804e-409d6c4515e9}
2_ClsidName=烧 CD 的 ShellFolder
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8241664
2_FileDate=2004-8-23 16:00:00
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
3_Name=WebCheck
3_Value={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
3_ClsidName=WebCheck
3_FileName=%SystemRoot%\system32\webcheck.dll
3_FileSize=265728
3_FileDate=2004-8-23 16:00:00
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
4_Name=SysTray
4_Value={35CEC8A3-2BE6-11D2-8773-92E220524153}
4_ClsidName=SysTray
4_FileName=C:\WINDOWS\system32\stobject.dll
4_FileSize=121344
4_FileDate=2004-8-23 16:00:00
Max=4
gototop
 
心情niwota
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-12 08:31 | 只看楼主 短消息 资料
字号: 13楼

[SharedTaskScheduler]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1_Name={438755C2-A8BA-11D1-B96B-00A0C90312E1}
1_Value=Browseui 预加载程序
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1016832
1_FileDate=2004-8-23 16:00:00
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
2_Name={8C7461EF-2B13-11d2-BE35-3078302C2030}
2_Value=组件类别缓存程序
2_FileName=%SystemRoot%\system32\browseui.dll
2_FileSize=1016832
2_FileDate=2004-8-23 16:00:00
Max=2

[ProtocolDefaults]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
1_Name=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2_Name=http
2_Value=3
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
3_Name=https
3_Value=3
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
4_Name=ftp
4_Value=3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
5_Name=file
5_Value=3
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
6_Name=@ivt
6_Value=1
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
7_Name=shell
7_Value=0
Max=7

[BootExecute]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\Session Manager
1_Name=BootExecute
1_Value=autocheck autochk *
Max=1

[AutoRun]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=Software\Microsoft\Windows\CurrentVersion\Run
1_Name=HotKeysCmds
1_Value=c:\windows\system32\hkcmd.exe
1_FileSize=114688
1_FileDate=2004-10-10 18:38:26
1_FileVersion=3.0.0.2082
2_HKey=HKEY_LOCAL_MACHINE
2_Key=Software\Microsoft\Windows\CurrentVersion\Run
2_Name=SoundMan
2_Value=soundman.exe
2_FileSize=67584
2_FileDate=2004-6-18 16:31:02
2_FileVersion=5.1.0.28
3_HKey=HKEY_LOCAL_MACHINE
3_Key=Software\Microsoft\Windows\CurrentVersion\Run
3_Name=YLive.exe
3_Value=c:\progra~1\yahoo!\assist~1\ylive.exe
3_FileSize=20480
3_FileDate=2005-12-20 13:53:08
3_FileVersion=2.0.0.1002
4_HKey=HKEY_LOCAL_MACHINE
4_Key=Software\Microsoft\Windows\CurrentVersion\Run
4_Name=yassistse
4_Value="c:\progra~1\yahoo!\assistant\yassistse.exe"
4_FileSize=65536
4_FileDate=2005-9-21 6:08:40
4_FileVersion=1.0.1.1001
5_HKey=HKEY_LOCAL_MACHINE
5_Key=Software\Microsoft\Windows\CurrentVersion\Run
5_Name=helper.dll
5_Value=c:\windows\system32\rundll32.exe c:\progra~1\3721\helper.dll,rundll32
5_FileSize=53326
5_FileDate=2006-8-4 19:54:52
5_FileVersion=1.1.0.1325
6_HKey=HKEY_LOCAL_MACHINE
6_Key=Software\Microsoft\Windows\CurrentVersion\Run
6_Name=TkBellExe
6_Value="c:\program files\common files\real\update_ob\realsched.exe"  -osboot
6_FileVersion=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Windows\CurrentVersion\Run
7_Name=CnxDslTaskBar
7_Value="c:\program files\conexant\accessrunner adsl usb\cnxdsltb.exe" "conexant\accessrunner adsl usb"
7_FileSize=278528
7_FileDate=2004-10-22 18:05:08
7_FileVersion=40.1.18.0
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Windows\CurrentVersion\Run
8_Name=Alitalk
8_Value=c:\progra~1\阿里巴巴\贸易通\alitalk.exe -hideframe
8_FileSize=3067904
gototop
 
心情niwota
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-12 08:32 | 只看楼主 短消息 资料
字号: 14楼

8_FileDate=2006-4-20 17:27:12
8_FileVersion=3.0.0.1
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Windows\CurrentVersion\Run
9_Name=Install Alitalk
9_Value=c:\windows\temp\alitalk\alitalk.exe -hideframe
9_FileVersion=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Windows\CurrentVersion\Run
10_Name=MoveSearch
10_Value=c:\program files\huaci\huaci\zsearch.exe
10_FileSize=143360
10_FileDate=2006-1-19 15:32:50
10_FileVersion=1.0.0.1
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Windows\CurrentVersion\Run
11_Name=Desktop
11_Value=c:\windows\system32\rundll32.exe "c:\program files\deskadtop\run.dll" ,rundll
11_FileSize=102400
11_FileDate=2006-7-5 17:22:46
11_FileVersion=1.0.0.1
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Windows\CurrentVersion\Run
12_Name=y9f
12_Value=rundll32 "c:\windows\downlo~1\y9f.dll",run
13_HKey=HKEY_LOCAL_MACHINE
13_Key=Software\Microsoft\Windows\CurrentVersion\Run
13_Name=SearchNet_Up
13_Value="c:\program files\searchnet\serveup.exe"
13_FileSize=12800
13_FileDate=2006-8-3 9:59:20
13_FileVersion=1.0.2.4
14_HKey=HKEY_LOCAL_MACHINE
14_Key=Software\Microsoft\Windows\CurrentVersion\Run
14_Name=CdnCtr
14_Value=
15_HKey=HKEY_LOCAL_MACHINE
15_Key=Software\Microsoft\Windows\CurrentVersion\Run
15_Name=KernelFaultCheck
15_Value=%systemroot%\system32\dumprep 0 -k
16_HKey=HKEY_LOCAL_MACHINE
16_Key=Software\Microsoft\Windows\CurrentVersion\Run
16_Name=WangWang
16_Value="d:\program files\淘宝网\淘宝旺旺\wangwang.exe"
16_FileSize=4210754
16_FileDate=2006-6-28 18:26:10
16_FileVersion=1.6.6.616
17_HKey=HKEY_LOCAL_MACHINE
17_Key=Software\Microsoft\Windows\CurrentVersion\Run
17_Name=DesktopMemo
17_Value="c:\program files\deskmemo\deskmemo.exe"
17_FileSize=65536
17_FileDate=2006-8-4 17:02:48
17_FileVersion=1.0.0.1
18_HKey=HKEY_LOCAL_MACHINE
18_Key=Software\Microsoft\Windows\CurrentVersion\Run
18_Name=res
18_Value=c:\windows\system32\res.exe
18_FileSize=203168
18_FileDate=2004-6-6 13:16:00
18_FileVersion=
19_HKey=HKEY_LOCAL_MACHINE
19_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
19_Name=load
19_Value=
20_HKey=HKEY_CURRENT_USER
20_Key=Software\Microsoft\Windows\CurrentVersion\Run
20_Name=ctfmon.exe
20_Value=c:\windows\system32\ctfmon.exe
20_FileSize=15360
20_FileDate=2004-8-23 16:00:00
20_FileVersion=5.1.2600.2180
21_HKey=HKEY_CURRENT_USER
21_Key=Software\Microsoft\Windows\CurrentVersion\Run
21_Name=msnmsgr
21_Value="c:\program files\msn messenger\msnmsgr.exe" /background
21_FileSize=7094272
21_FileDate=2006-1-24 20:34:34
21_FileVersion=7.5.324.0
22_HKey=HKEY_CURRENT_USER
22_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
22_Name=load
22_Value=
Max=22

[ModuleUsage]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AliTalk_WebUpdate.dll
1_Name=.Owner
1_Value={276BF72D-CA22-4237-9BCF-593B4E490DE9}
1_Clsid=DownLoad Class
1_FileName=C:\WINDOWS\Downloaded Program Files\AliTalk_WebUpdate.dll
1_FileSize=188416
1_FileDate=2005-7-7 16:10:24
1_FileVersion=1.0.0.1
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll
2_Name=.Owner
2_Value={8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
2_Clsid=MessengerStatsClient Class
2_FileName=C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
2_FileSize=160864
2_FileDate=2003-5-29 15:00:20
2_FileVersion=7.1.9502.1
3_HKey=HKEY_LOCAL_MACHINE
gototop
 
心情niwota
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-12 08:32 | 只看楼主 短消息 资料
字号: 15楼

3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll
3_Name=.Owner
3_Value={00B71CFB-6864-4346-A978-C0A14556272C}
3_Clsid=Checkers Class
3_FileName=C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
3_FileSize=77408
3_FileDate=2003-5-29 15:00:18
3_FileVersion=7.1.9502.1
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx
4_Name=.Owner
4_Value={B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
4_Clsid=MsnMessengerSetupDownloadControl Class
4_FileName=C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
4_FileSize=113664
4_FileDate=2005-8-14 0:26:04
4_FileVersion=1.0.0.3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll
5_Name=.Owner
5_Value={4F1E5B1A-2A80-42CA-8532-2D05CB959537}
5_Clsid=MSN Photo Upload Tool
5_FileName=C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
5_FileSize=372736
5_FileDate=2005-10-14 11:02:36
5_FileVersion=10.0.911.0
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll
6_Name=.Owner
6_Value={4F1E5B1A-2A80-42CA-8532-2D05CB959537}
6_Clsid=MSN Photo Upload Tool
6_FileName=C:\WINDOWS\Downloaded Program Files\PURen-us.dll
6_FileSize=117088
6_FileDate=2002-6-19 14:11:22
6_FileVersion=5.0.1730.0
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YAlive.dll
7_Name=.Owner
7_Value={57421194-58FB-49AE-9B4F-FD48869B9AD4}
7_Clsid=Yahoo!Live
7_FileName=C:\WINDOWS\Downloaded Program Files\YAlive.dll
7_FileVersion=
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/vqqsdl.dll
8_Name=.Owner
8_Value={F138084D-84D7-48CD-BEA8-04772457516E}
8_Clsid=VqqSpeedDlProxy Class
8_FileName=C:\WINDOWS\vqqsdl.dll
8_FileSize=577536
8_FileDate=2005-4-12 11:38:04
8_FileVersion=1.0.0.9
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/vqqsdl.exe
9_Name=.Owner
9_Value={F138084D-84D7-48CD-BEA8-04772457516E}
9_Clsid=VqqSpeedDlProxy Class
9_FileName=C:\WINDOWS\vqqsdl.exe
9_FileSize=90112
9_FileDate=2005-4-12 11:48:04
9_FileVersion=1.0.0.9
Max=9
gototop
 
心情niwota
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-12 08:32 | 只看楼主 短消息 资料
字号: 16楼

[Process]
1_FileName=C:\WINDOWS\SYSTEM32\SMSS.EXE
1_FileSize=50688
1_FileDate=2004-8-23 16:00:00
1_FileVersion=5.1.2600.2180
2_FileName=C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2_FileSize=487424
2_FileDate=2004-8-23 16:00:00
2_FileVersion=5.1.2600.2180
3_FileName=C:\WINDOWS\SYSTEM32\SERVICES.EXE
3_FileSize=108032
3_FileDate=2004-8-23 16:00:00
3_FileVersion=5.1.2600.2180
4_FileName=C:\WINDOWS\SYSTEM32\LSASS.EXE
4_FileSize=13312
4_FileDate=2004-8-23 16:00:00
4_FileVersion=5.1.2600.2180
5_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
5_FileSize=14336
5_FileDate=2004-8-23 16:00:00
5_FileVersion=5.1.2600.2180
6_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
6_FileSize=14336
6_FileDate=2004-8-23 16:00:00
6_FileVersion=5.1.2600.2180
7_FileName=C:\WINDOWS\EXPLORER.EXE
7_FileSize=976896
7_FileDate=2004-8-23 16:00:00
7_FileVersion=6.0.2900.2180
8_FileName=C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
8_FileSize=57856
8_FileDate=2004-8-23 16:00:00
8_FileVersion=5.1.2600.2180
9_FileName=C:\WINDOWS\SYSTEM32\HKCMD.EXE
9_FileSize=114688
9_FileDate=2004-10-10 18:38:26
9_FileVersion=3.0.0.2082
10_FileName=C:\WINDOWS\SOUNDMAN.EXE
10_FileSize=67584
10_FileDate=2004-6-18 16:31:02
10_FileVersion=5.1.0.28
11_FileName=C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE
11_FileSize=20480
11_FileDate=2005-12-20 13:53:08
11_FileVersion=2.0.0.1002
12_FileName=C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
12_FileSize=32768
12_FileDate=2004-8-23 16:00:00
12_FileVersion=5.1.2600.2180
13_FileName=C:\PROGRA~1\YAHOO!\ASSISTANT\YASSISTSE.EXE
13_FileSize=65536
13_FileDate=2005-9-21 6:08:40
13_FileVersion=1.0.1.1001
14_FileName=C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
14_FileSize=32768
14_FileDate=2004-8-23 16:00:00
14_FileVersion=5.1.2600.2180
15_FileName=C:\PROGRAM FILES\CONEXANT\ACCESSRUNNER ADSL USB\CNXDSLTB.EXE
15_FileSize=278528
15_FileDate=2004-10-22 18:05:08
15_FileVersion=40.1.18.0
16_FileName=C:\PROGRAM FILES\COMMON FILES\SOGOU PXP\P2PSVR.EXE
16_FileSize=86016
16_FileDate=2006-6-8 20:25:10
16_FileVersion=2.0.0.17
17_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
17_FileSize=14336
17_FileDate=2004-8-23 16:00:00
17_FileVersion=5.1.2600.2180
18_FileName=C:\WINDOWS\DISKMAN.EXE
18_FileSize=77824
18_FileDate=2004-6-1 21:16:00
18_FileVersion=
19_FileName=C:\PROGRAM FILES\VENTURI2\CLIENT\VENTC.EXE
19_FileSize=868352
19_FileDate=2002-7-18 13:28:50
19_FileVersion=1.0.0.1
20_FileName=C:\PROGRAM FILES\HUACI\HUACI\ZSEARCH.EXE
20_FileSize=143360
20_FileDate=2006-1-19 15:32:50
20_FileVersion=1.0.0.1
21_FileName=C:\PROGRAM FILES\DESKMEMO\DESKMEMO.EXE
21_FileSize=65536
21_FileDate=2006-8-4 17:02:48
21_FileVersion=1.0.0.1
22_FileName=C:\WINDOWS\SYSTEM32\CTFMON.EXE
22_FileSize=15360
22_FileDate=2004-8-23 16:00:00
22_FileVersion=5.1.2600.2180
23_FileName=C:\PROGRAM FILES\DUDU\SPEED\DUDUPROS.EXE
23_FileSize=360448
23_FileDate=2006-6-5 9:32:54
23_FileVersion=5.0.0.1
24_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
24_FileSize=14336
24_FileDate=2004-8-23 16:00:00
24_FileVersion=5.1.2600.2180
25_FileName=D:\游戏\QQ\QQ.EXE
25_FileSize=1224704
25_FileDate=2005-10-11 16:36:18
25_FileVersion=14.19.0.220
26_FileName=D:\游戏\QQ\TIMPLATFORM.EXE
26_FileSize=69632
26_FileDate=2005-9-14 13:38:46
26_FileVersion=0.3.1.8
27_FileName=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
27_FileSize=93184
27_FileDate=2004-8-24
27_FileVersion=6.0.2900.2180
28_FileName=C:\PROGRAM FILES\DUDU\SPEED\DUDUACC.EXE
28_FileSize=1159168
28_FileDate=2006-8-2 16:47:00
28_FileVersion=5.0.0.7
29_FileName=D:\RUIXING\HA_HIJACKTHIS_1991\HIJACKTHIS.EXE
29_FileSize=218624
29_FileDate=2005-2-22 2:43:46
29_FileVersion=1.99.0.1
30_FileName=C:\PROGRAM FILES\SUPER RABBIT\MAGICSET\IEHELP.EXE
30_FileSize=735232
30_FileDate=2006-8-9 0:29:16
30_FileVersion=7.75.0.0
31_FileName=[SYSTEM PROCESS]
32_FileName=C:\WINDOWS\system32\CSRSS.EXE
32_FileSize=6144
32_FileDate=2004-8-23 16:00:00
32_FileVersion=5.1.2600.2180
33_FileName=C:\WINDOWS\system32\ALG.EXE
33_FileSize=44544
33_FileDate=2004-8-23 16:00:00
33_FileVersion=5.1.2600.2180
Max=33

[Hosts]
HostsFile=C:\WINDOWS\system32\Drivers\Etc\Hosts
1_Host=127.0.0.1      localhost
Max=1
gototop
 
心情niwota
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-12 08:33 | 只看楼主 短消息 资料
字号: 17楼

[Service]
1_ServiceName=BRGNS
1_DisplayName=Print Manager
1_Description=提供打印队列优化服务,有效协调及防止文件的丢失。
1_Status=已启动
1_StartType=自动
1_ServiceDll=
1_ImagePath=C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,EXPORT 1087

2_ServiceName=DcomLaunch
2_DisplayName=DCOM Server Process Launcher
2_Description=为 DCOM 服务提供加载功能。
2_Status=已启动
2_StartType=自动
2_ServiceDll=C:\WINDOWS\SYSTEM32\RPCSS.DLL
2_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH

3_ServiceName=HTTPFilter
3_DisplayName=HTTP SSL
3_Description=此服务通过安全套接字层(SSL)实现 HTTP 服务的安全超文本传送协议(HTTPS)。如果此服务被禁用,任何依赖它的服务将无法启动。
3_Status=已启动
3_StartType=手动
3_ServiceDll=C:\WINDOWS\SYSTEM32\W3SSL.DLL
3_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER

4_ServiceName=NetDDEdsdm
4_DisplayName=Network DDE DSDM
4_Description=管理动态数据交换 (DDE) 网络共享。如果此服务终止,DDE 网络共享将不可用。如果此服务被禁用,任何依赖它的服务将无法启动。
4_Status=停止
4_StartType=已禁用
4_ServiceDll=
4_ImagePath=C:\WINDOWS\SYSTEM32\NETDDE.EXE

5_ServiceName=P4P Service
5_DisplayName=P4P Service
5_Description=
5_Status=已启动
5_StartType=自动
5_ServiceDll=
5_ImagePath=C:\PROGRAM FILES\COMMON FILES\SOGOU PXP\P2PSVR.EXE

6_ServiceName=Remote Log
6_DisplayName=Remote Log
6_Description=IE地址栏搜索服务程序。如果此服务被禁用,任何依赖它的服务将无法启动。
6_Status=停止
6_StartType=自动
6_ServiceDll=
6_ImagePath=SYSTEM32\SERVEHOST.EXE

7_ServiceName=SmallCenter
7_DisplayName=Network Engine
7_Description=Windows 网络通讯引擎,提供高效稳定的网络通讯服务。无法终止此服务。
7_Status=已启动
7_StartType=自动
7_ServiceDll=C:\WINDOWS\SYSTEM\NTSTUB.DLL
7_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

8_ServiceName=Universal Disk Manager
8_DisplayName=Universal Disk Manager
8_Description=监测和监视新的通用磁盘驱动器并向逻辑磁盘管理器管理服务发送卷的信息以便配置。如果此服务被终止,动态磁盘状态和配置信息会过时。如果此服务被禁用,任何依赖它的服务将无法启动。
8_Status=已启动
8_StartType=自动
8_ServiceDll=
8_ImagePath=C:\WINDOWS\DISKMAN.EXE

9_ServiceName=Venturi2
9_DisplayName=Venturi2 Client
9_Description=
9_Status=已启动
9_StartType=自动
9_ServiceDll=
9_ImagePath=C:\PROGRAM FILES\VENTURI2\CLIENT\VENTC.EXE

10_ServiceName=WmdmPmSN
10_DisplayName=Portable Media Serial Number Service
10_Description=Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
10_Status=停止
10_StartType=手动
10_ServiceDll=C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL
10_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

11_ServiceName=wscsvc
11_DisplayName=Security Center
11_Description=监视系统安全设置和配置。
11_Status=已启动
11_StartType=自动
11_ServiceDll=C:\WINDOWS\SYSTEM32\WSCSVC.DLL
11_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

12_ServiceName=xmlprov
12_DisplayName=Network Provisioning Service
12_Description=为自动网络提供管理基于域的 XML 配置文件。
12_Status=停止
12_StartType=手动
12_ServiceDll=C:\WINDOWS\SYSTEM32\XMLPROV.DLL
12_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

Max=12

[END]
Max=1
gototop
 
心情niwota
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-12 08:33 | 只看楼主 短消息 资料
字号: 18楼

好了,怎么这么多,完了,是不是不可救药了
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-08-12 08:40 | 短消息 资料
字号: 19楼

似乎我没叫你发?

http://www.pctutu.com/srmsdown.asp
下载超级兔子..用超级兔子清理王卸载流氓软件...(安全模式...)
gototop
 
心情niwota
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-12 08:42 | 只看楼主 短消息 资料
字号: 20楼

哦,不用发了阿,呵呵,我下载好了那个,然后呢?
gototop
 
<<上一主题|下一主题>>
123   2  /  3  页   跳转
页面顶部
Powered by Discuz!NT