HijackThis_815汉化版扫描日志 V1.99.1
保存于      12:45:13, 日期 2006-07-09
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\TEMP\~CF.tmp.exe
C:\WINNT\system32\hidserv.exe
F:\KAV2005\KPfwSvc.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2AF.tmp.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B4.tmp.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B3.tmp.exe
C:\WINNT\system32\sysinfo.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B9.tmp.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2BB.tmp.exe
C:\WINNT\system32\lxbxcoms.exe
F:\Program Files\Tencent\qq\QQ.exe
F:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\ewido anti-malware\oldewido.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\淘宝网\淘宝旺旺\WangWang.exe
C:\WINNT\system32\NOTEPAD.EXE
F:\Downloads\Hijackthis1991zww\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: 东方卫士 - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} - C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll (file missing)
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [LXBXCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - 启动项HKLM\\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - 启动项HKLM\\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - 启动项HKLM\\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - 启动项HKLM\\Run: [Windows DLL Loader] C:\WINNT\system32\mbeleu.exe
O4 - 启动项HKLM\\Run: [Microsoft Update Wizard] winprg32.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [Microsoft Configure] msconfigures.exe
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SkyNet\FireWall\pfw.exe
O4 - 启动项HKLM\\Run: [Windows Update Manager] sysinfo.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [krymfpfj_gob] C:\WINNT\system32\ecalsaiipubg.exe
O4 - 启动项HKLM\\Run: [WangWang] "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"
O4 - 启动项HKLM\\RunServices: [Microsoft Update Wizard] winprg32.exe
O4 - 启动项HKLM\\RunServices: [Microsoft Configure] msconfigures.exe
O4 - 启动项HKLM\\RunServices: [Windows Update Manager] sysinfo.exe
O4 - 启动项HKLM\\RunServices: [krymfpfj_gob] C:\WINNT\system32\ecalsaiipubg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Program Files\Tencent\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - G:\Program Files\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 东方卫士 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CE} - C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: 东方卫士工具条 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CE} - C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll (file missing)
O9 - 浏览器额外的按钮: 在线杀毒 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9EE} - http://www.i110.com/dfvsonline/ (file missing)
O9 - 浏览器额外的“工具”菜单项: 东方卫士 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9EE} - http://www.i110.com/dfvsonline/ (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {44198AE3-3BA0-41C2-8C8E-D29DC1FE28EB} (WTDSPlayerV5 Class) - http://www.wtwh.com.cn/chinese_1/demo/WTDSPlayerNetView.CAB
O16 - DPF: {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} (JMWiseCam Control) - http://210.82.38.206/JMWiseCam.cab
O16 - DPF: {5467862B-C477-437F-886E-EC5006B37DCA} (PwdEdit Control) - https://ebank.cmbc.com.cn/PwdEdit.cab
O16 - DPF: {615DE4D4-F7B6-43A9-9221-BDFB997BD785} (wIPCamCtrl Class) - http://www.tyhotek.com/wIPCam.cab
O16 - DPF: {7556F1A5-E2D4-46D2-90B6-553928D8E662} (NetCamera Control) - http://xddns.vicp.net/ncamCtrl.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {9BBD100C-E820-4930-9937-E8F3AA40E584} (DFVSScanFile Control) - http://antivirus3.sunv.com/dfvsolDown/dfvsol.cab
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe.cab
O16 - DPF: {C07405FD-84D1-4A25-94E8-68609EA8335B} (iChatX Object) - http://www.snsn.net.cn/voice/2_5_10/ichatx.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F212557-F4DE-4981-A028-B0FB590402CA}: NameServer = 61.139.2.69 202.98.96.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F212557-F4DE-4981-A028-B0FB590402CA}: NameServer = 61.139.2.69 202.98.96.68
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINNT\system32\DLMain.dll
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: comsec(comsec) (comsec) - Unknown owner - C:\WINNT\system32\comsec.exe (file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - NT 服务: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - F:\KAV2005\KPfwSvc.EXE
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - NT 服务: lxbx_device - Lexmark International, Inc. - C:\WINNT\system32\lxbxcoms.exe
O23 - NT 服务: NetBTD(ntbtd) (NetBTD) - Unknown owner - C:\WINNT\system32\netbtd.exe (file missing)
O23 - NT 服务: nvsec(nvsec) (NvSec) - Unknown owner - C:\WINNT\system32\nvsec.exe (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

2006-07-09,13:35:39

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <NeroFilterCheck><C:\WINNT\system32\NeroCheck.exe>  [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <krymfpfj_gob><C:\WINNT\system32\oyudtlbuib.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  []

==================================
启动文件夹
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[comsec(comsec) / comsec]
  <"C:\WINNT\system32\comsec.exe"><N/A>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido security suite control / ewido security suite control]
  <C:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
  <C:\Program Files\ewido anti-malware\ewidoguard.exe><ewido networks>
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"F:\KAV2005\KPfwSvc.EXE"><Kingsoft Corporation>
[LexBce Server / LexBceS]
  <C:\WINNT\system32\LEXBCES.EXE><Lexmark International, Inc.>
[lxbx_device / lxbx_device]
  <C:\WINNT\system32\lxbxcoms.exe -service><Lexmark International, Inc.>
[NetBTD(ntbtd) / NetBTD]
  <"C:\WINNT\system32\netbtd.exe"><N/A>
[nvsec(nvsec) / NvSec]
  <"C:\WINNT\system32\nvsec.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CPub Object]
  {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, N/A>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[东方卫士]
  {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CE} <C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll, N/A>
[在线杀毒]
  {A26ABCF0-1C8F-46e7-A67C-0489DC21B9EE} <http://www.i110.com/dfvsonline/, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[东方卫士]
  {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll, N/A>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
[WTDSPlayerV5 Class]
  {44198AE3-3BA0-41C2-8C8E-D29DC1FE28EB} <C:\WINNT\Downloaded Program Files\WTDSPlayerV5.dll, >
[JMWiseCam Control]
  {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} <C:\WINNT\DOWNLO~1\JMWISE~1.OCX, Linudix Co., LTD>
[PwdEdit Control]
  {5467862B-C477-437F-886E-EC5006B37DCA} <C:\WINNT\DOWNLO~1\PwdEdit.ocx, adtec>
[wIPCamCtrl Class]
  {615DE4D4-F7B6-43A9-9221-BDFB997BD785} <C:\WINNT\Downloaded Program Files\wIPCam.ocx, Tyhotek Corporation>
[NetCamera Control]
  {7556F1A5-E2D4-46D2-90B6-553928D8E662} <C:\WINNT\DOWNLO~1\ncamCtrl.ocx, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINNT\DOWNLO~1\SUBMIT~1.DLL, >
[DFVSScanFile Control]
  {9BBD100C-E820-4930-9937-E8F3AA40E584} <C:\WINNT\system32\dfvs\dfvsol\DFVSSFOL.ocx, >
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINNT\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd>
[iChatX Object]
  {C07405FD-84D1-4A25-94E8-68609EA8335B} <C:\WINNT\Downloaded Program Files\ichatx.dll, 深圳市东方博雅科技有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <F:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <F:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <F:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <F:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <G:\Program Files\BitSpirit\bsurl.htm, N/A>

==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6714>
[PID: 228][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 240][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6695>
[PID: 424][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 448][C:\WINNT\system32\LEXBCES.EXE]  <Lexmark International, Inc.><8.16>
    [C:\WINNT\system32\lexp2p32.dll]  <Lexmark International, Inc.><8.16>
    [C:\WINNT\system32\lex2kusb.dll]  <Lexmark International, Inc.><8.16>
[PID: 476][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
    [C:\WINNT\system32\lxbxlmpm.DLL]  <Lexmark International, Inc.><1.101.75.0>
    [C:\WINNT\system32\AdobePDF.dll]  <Adobe Systems Incorporated.><6.0.000>
    [C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS]  <N/A><N/A>
    [C:\WINNT\system32\LXBXPMON.DLL]  <N/A><N/A>
    [C:\WINNT\system32\IMGMAN32.dll]  <Data Techniques, Inc.>< 7.20 >
    [C:\WINNT\system32\IM31IMG.DIL]  <Data Techniques, Inc.>< 7.20 >
    [C:\WINNT\system32\lxbxpmrc.dll]  <Lexmark International, Inc.><1.0.14.4>
    [C:\WINNT\system32\LEXLMPM.DLL]  <Lexmark International, Inc.><8.16>
    [C:\WINNT\system32\LexBce.dll]  <Lexmark International, Inc.><8.16>
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\lxbxPP5C.dll]  <><1.212.0.0>
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\LXBCPP5C.dll]  <Lexmark International><1.0.4.2>
    [C:\WINNT\system32\LXBCpwr.dll]  <Lexmark International, Inc.><1, 0, 1, 0>
[PID: 508][C:\WINNT\system32\LEXPPS.EXE]  <Lexmark International, Inc.><8.16>
    [C:\WINNT\system32\LEXBCE.DLL]  <Lexmark International, Inc.><8.16>
[PID: 520][C:\WINNT\system32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.020>
[PID: 544][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 556][C:\Program Files\ewido anti-malware\ewidoctrl.exe]  <ewido networks><3, 0, 0, 1>
    [C:\Program Files\ewido anti-malware\lang.dll]  <privat><1, 0, 0, 1>
[PID: 620][C:\WINNT\TEMP\~D0.tmp.exe]  <N/A><N/A>
    [C:\WINNT\TEMP\~DFD1.tmp]  <N/A><N/A>
[PID: 684][C:\WINNT\system32\hidserv.exe]  <Microsoft Corporation><5.00.2195.6655>
[PID: 708][F:\KAV2005\KPfwSvc.EXE]  <Kingsoft Corporation><2004, 12, 19, 24>
[PID: 744][C:\WINNT\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.7772>
[PID: 768][C:\WINNT\System32\SCardSvr.exe]  <Microsoft Corporation><5.00.2195.6609>
[PID: 784][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
[PID: 824][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 880][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 896][C:\WINNT\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.00.0984>
[PID: 1140][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\ewido anti-malware\shellhook.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\ewido anti-malware\context.dll]  <ewido networks><1.0.0.1>
    [C:\Program Files\ewido anti-malware\lang.dll]  <privat><1, 0, 0, 1>
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><6.0.0.2003051500>
[PID: 1296][C:\Program Files\Lexmark 7100 Series\lxbxmon.exe]  <Lexmark International, Inc.><1.206.0.0>
    [C:\Program Files\Lexmark 7100 Series\lxbxscw.dll]  <Lexmark International, Inc.><1.206.0.0>
    [C:\WINNT\system32\lxbxcfg.dll]  <Lexmark International><1, 0, 0, 1>
    [C:\WINNT\system32\spool\drivers\w32x86\3\lxbxtsfw.dll]  <Lexmark International Inc.><1.36.0.0>
    [C:\WINNT\system32\spool\drivers\w32x86\3\lxbxdrec.dll]  <Lexmark International Inc.><1.16.0.0>
    [C:\WINNT\system32\spool\drivers\w32x86\3\lxbxcfg.dll]  <Lexmark International><1, 0, 0, 1>
    [C:\WINNT\system32\lxbxcomc.dll]  <Lexmark International, Inc.><1.101.75.0>
    [C:\WINNT\system32\lxbxpplc.dll]  <Lexmark International, Inc.><1.101.75.0>
    [C:\WINNT\system32\lxbxprox.dll]  <Lexmark International, Inc.><1.101.75.0>
[PID: 1328][C:\Program Files\Lexmark 7100 Series\ezprint.exe]  <N/A><N/A>
    [C:\Program Files\Lexmark 7100 Series\Epwizard.DLL]  <N/A><N/A>
    [C:\Program Files\Lexmark 7100 Series\customui.dll]  <Lexmark International Inc.><1.0.0.1>
    [C:\Program Files\Lexmark 7100 Series\Eputil.DLL]  <Lexmark International Inc.><1.0.0.1>
    [C:\Program Files\Lexmark 7100 Series\Imagutil.DLL]  <Lexmark International Inc.><1.0.0.1>
    [C:\Program Files\Lexmark 7100 Series\LTWVC13n.dll]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Lexmark 7100 Series\LTDIS13N.dll]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Lexmark 7100 Series\LTKRN13N.dll]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Lexmark 7100 Series\LTFIL13N.DLL]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Lexmark 7100 Series\LTIMG13N.dll]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Lexmark 7100 Series\LTEFX13N.dll]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Lexmark 7100 Series\Epfunct.DLL]  <Lexmark International Inc.><1.0.0.1>
    [C:\Program Files\Lexmark 7100 Series\epstring.dll]  <N/A><N/A>
[PID: 1332][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3249>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
[PID: 1396][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B5.tmp.exe]  <N/A><N/A>
    [C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2BC.tmp]  <N/A><N/A>
[PID: 1404][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B6.tmp.exe]  <N/A><N/A>
    [C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2BE.tmp]  <N/A><N/A>
[PID: 1412][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B7.tmp.exe]  <N/A><N/A>
    [C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2BF.tmp]  <N/A><N/A>
[PID: 1428][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2BA.tmp.exe]  <N/A><N/A>
    [C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2BD.tmp]  <N/A><N/A>
[PID: 1648][C:\WINNT\system32\RUNDLL32.EXE]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\system32\NvMcTray.dll]  <NVIDIA Corporation><6.14.10.7772>
    [C:\WINNT\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.7772>
[PID: 1656][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2C0.tmp.exe]  <N/A><N/A>

[C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2C1.tmp]  <N/A><N/A>
[PID: 1120][C:\Program Files\ewido anti-malware\oldewido.exe]  <ewido networks><3, 5, 0, 0>
    [C:\Program Files\ewido anti-malware\lang.dll]  <privat><1, 0, 0, 1>
    [C:\Program Files\ewido anti-malware\wizard.dll]  <N/A><N/A>
    [C:\Program Files\ewido anti-malware\framework.dll]  <ewido networks><1, 0, 0, 249>
    [C:\Program Files\ewido anti-malware\configuration.dll]  <ewido networks><1, 0, 0, 1>
    [C:\Program Files\ewido anti-malware\engine.dll]  <ewido networks GmbH & Co. KG><4, 0, 0, 2>
    [C:\Program Files\ewido anti-malware\scan.dll]  <ewido networks><1, 0, 0, 2>
    [C:\Program Files\ewido anti-malware\modules\autostartviewer.dll]  <ewido networks><1, 0, 0, 114>
    [C:\Program Files\ewido anti-malware\TScan1.dll]  <ewido networks><3, 0, 0, 0>
    [C:\Program Files\ewido anti-malware\archive.dll]  <N/A><N/A>
    [C:\Program Files\ewido anti-malware\modules\connectionwatch.dll]  <ewido networks><1, 0, 0, 2>
    [C:\Program Files\ewido anti-malware\modules\processviewer.dll]  <privat><1, 0, 0, 2>
    [C:\Program Files\ewido anti-malware\quarantine.dll]  <ewido networks><1, 0, 0, 43>
    [C:\Program Files\ewido anti-malware\update.dll]  <ewido networks><1, 0, 0, 8>
    [C:\Program Files\ewido anti-malware\update_core.dll]  <N/A><N/A>
    [C:\Program Files\ewido anti-malware\info.dll]  <ewido networks><1, 0, 0, 137>
    [C:\Program Files\ewido anti-malware\resources.dll]  <N/A><N/A>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]  <N/A><N/A>
[PID: 1452][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll]  <N/A><N/A>
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.CHS]  <N/A><N/A>
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [c:\PROGRA~1\chinanet\VNETTR~1.DLL]  <><2005, 4, 6, 1>
    [c:\PROGRA~1\chinanet\Communicate.dll]  <0><2005, 3, 3, 1>
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  <><2004, 2, 28, 1>
    [C:\WINNT\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 1844][C:\WINNT\system32\lxbxcoms.exe]  <Lexmark International, Inc.><1.101.75.0>
    [C:\WINNT\system32\lxbxprox.dll]  <Lexmark International, Inc.><1.101.75.0>
    [C:\WINNT\system32\lxbxserv.dll]  <Lexmark International, Inc.><1.101.75.0>
    [C:\WINNT\system32\lxbxusb1.dll]  <Lexmark International, Inc.><1.101.75.0>
[PID: 1768][F:\Program Files\Tencent\qq\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [F:\Program Files\Tencent\qq\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\QQHelperDll.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 14>
    [F:\Program Files\Tencent\qq\QQAPI.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [F:\Program Files\Tencent\qq\LoginCtrl.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\npkcntc.dll]  <INCA Internet Co., Ltd.><2005, 9, 1, 1>
    [F:\Program Files\Tencent\qq\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [F:\Program Files\Tencent\qq\QQRes.dll]  <tencent><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\QQMainFrame.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\CQQApplication.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\NewSkin.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\HostingMgr.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\CameraDll.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\MailSummary.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\QQGroupMng.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\QQSysMsgMng.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\QRingMng.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\PhoneAPI.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [F:\Program Files\Tencent\qq\QQAvatar.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [F:\Program Files\Tencent\qq\LongConnection.dll]  <tencent><0, 3, 3, 8>
    [F:\Program Files\Tencent\qq\QQPet.dll]  <><1, 0, 0, 1>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [F:\Program Files\Tencent\qq\BQQApplication.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\QQPlugin.dll]  <N/A><N/A>
    [C:\Program Files\ewido anti-malware\shellhook.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\CommercesMng.dll]  <><1, 0, 0, 1>
    [F:\Program Files\Tencent\qq\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [F:\Program Files\Tencent\qq\QQUdpGetFileLib.dll]  <tencent><0, 2, 2, 3>
    [F:\Program Files\Tencent\qq\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
    [F:\Program Files\Tencent\qq\QQAllInOne.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\SCCore.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\QQSceneMng.dll]  <N/A><N/A>
    [F:\Program Files\Tencent\qq\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 4, 40>
[PID: 2020][F:\Program Files\Tencent\qq\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [F:\Program Files\Tencent\qq\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 1900][F:\Downloads\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================