我的系统病毒太多请高手指点 bbs.ikaka.com

741016 - 2006-7-9 12:51:00

HijackThis_815汉化版扫描日志 V1.99.1
保存于 12:45:13, 日期 2006-07-09
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\TEMP\~CF.tmp.exe
C:\WINNT\system32\hidserv.exe
F:\KAV2005\KPfwSvc.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2AF.tmp.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B4.tmp.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B3.tmp.exe
C:\WINNT\system32\sysinfo.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B9.tmp.exe
C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2BB.tmp.exe
C:\WINNT\system32\lxbxcoms.exe
F:\Program Files\Tencent\qq\QQ.exe
F:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\ewido anti-malware\oldewido.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\淘宝网\淘宝旺旺\WangWang.exe
C:\WINNT\system32\NOTEPAD.EXE
F:\Downloads\Hijackthis1991zww\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: 东方卫士 - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} - C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll (file missing)
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [LXBXCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - 启动项HKLM\\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - 启动项HKLM\\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - 启动项HKLM\\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - 启动项HKLM\\Run: [Windows DLL Loader] C:\WINNT\system32\mbeleu.exe
O4 - 启动项HKLM\\Run: [Microsoft Update Wizard] winprg32.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Microsoft Configure] msconfigures.exe
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SkyNet\FireWall\pfw.exe
O4 - 启动项HKLM\\Run: [Windows Update Manager] sysinfo.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [krymfpfj_gob] C:\WINNT\system32\ecalsaiipubg.exe
O4 - 启动项HKLM\\Run: [WangWang] "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"
O4 - 启动项HKLM\\RunServices: [Microsoft Update Wizard] winprg32.exe
O4 - 启动项HKLM\\RunServices: [Microsoft Configure] msconfigures.exe
O4 - 启动项HKLM\\RunServices: [Windows Update Manager] sysinfo.exe
O4 - 启动项HKLM\\RunServices: [krymfpfj_gob] C:\WINNT\system32\ecalsaiipubg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Program Files\Tencent\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - G:\Program Files\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 东方卫士 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CE} - C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: 东方卫士工具条 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CE} - C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll (file missing)
O9 - 浏览器额外的按钮: 在线杀毒 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9EE} - http://www.i110.com/dfvsonline/ (file missing)
O9 - 浏览器额外的“工具”菜单项: 东方卫士 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9EE} - http://www.i110.com/dfvsonline/ (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {44198AE3-3BA0-41C2-8C8E-D29DC1FE28EB} (WTDSPlayerV5 Class) - http://www.wtwh.com.cn/chinese_1/demo/WTDSPlayerNetView.CAB
O16 - DPF: {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} (JMWiseCam Control) - http://210.82.38.206/JMWiseCam.cab
O16 - DPF: {5467862B-C477-437F-886E-EC5006B37DCA} (PwdEdit Control) - https://ebank.cmbc.com.cn/PwdEdit.cab
O16 - DPF: {615DE4D4-F7B6-43A9-9221-BDFB997BD785} (wIPCamCtrl Class) - http://www.tyhotek.com/wIPCam.cab
O16 - DPF: {7556F1A5-E2D4-46D2-90B6-553928D8E662} (NetCamera Control) - http://xddns.vicp.net/ncamCtrl.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {9BBD100C-E820-4930-9937-E8F3AA40E584} (DFVSScanFile Control) - http://antivirus3.sunv.com/dfvsolDown/dfvsol.cab
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe.cab
O16 - DPF: {C07405FD-84D1-4A25-94E8-68609EA8335B} (iChatX Object) - http://www.snsn.net.cn/voice/2_5_10/ichatx.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F212557-F4DE-4981-A028-B0FB590402CA}: NameServer = 61.139.2.69 202.98.96.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F212557-F4DE-4981-A028-B0FB590402CA}: NameServer = 61.139.2.69 202.98.96.68
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINNT\system32\DLMain.dll
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: comsec(comsec) (comsec) - Unknown owner - C:\WINNT\system32\comsec.exe (file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - NT 服务: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - F:\KAV2005\KPfwSvc.EXE
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - NT 服务: lxbx_device - Lexmark International, Inc. - C:\WINNT\system32\lxbxcoms.exe
O23 - NT 服务: NetBTD(ntbtd) (NetBTD) - Unknown owner - C:\WINNT\system32\netbtd.exe (file missing)
O23 - NT 服务: nvsec(nvsec) (NvSec) - Unknown owner - C:\WINNT\system32\nvsec.exe (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

我无邪 - 2006-7-9 13:01:00

以下选项如果你知道，就不必修复
开始→运行→输入services.msc，打开“服务”→查找 comsec，NetBTD，nvsec→双击→启动类型→禁止→停止→应用→确定。禁止comsec，NetBTD，nvsec这3个服务（每一个逗号隔开的就是一个病毒的服务，请逐一禁用）

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O4 - 启动项HKLM\\Run: [Windows DLL Loader] C:\WINNT\system32\mbeleu.exe
O4 - 启动项HKLM\\Run: [Microsoft Update Wizard] winprg32.exe
O4 - 启动项HKLM\\Run: [Microsoft Configure] msconfigures.exe
O4 - 启动项HKLM\\Run: [Windows Update Manager] sysinfo.exe
O4 - 启动项HKLM\\RunServices: [Microsoft Update Wizard] winprg32.exe
O4 - 启动项HKLM\\RunServices: [Microsoft Configure] msconfigures.exe
O4 - 启动项HKLM\\RunServices: [Windows Update Manager] sysinfo.exe
O4 - 启动项HKLM\\RunServices: [krymfpfj_gob] C:\WINNT\system32\ecalsaiipubg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINNT\system32\DLMain.dll
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINNT\system32\mbeleu.exe
winprg32.exe
sysinfo.exe
msconfigures.exe这三项你搜索一下，找到就删除，找不到就罢。
C:\WINNT\system32\ecalsaiipubg.exe
C:\WINNT\system32\DLMain.dll
修复后，重启回到正常模式
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

741016 - 2006-7-9 13:39:00

2006-07-09,13:35:39

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<NeroFilterCheck><C:\WINNT\system32\NeroCheck.exe> [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<krymfpfj_gob><C:\WINNT\system32\oyudtlbuib.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><(无)> []

==================================
启动文件夹
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[comsec(comsec) / comsec]
<"C:\WINNT\system32\comsec.exe"><N/A>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido security suite control / ewido security suite control]
<C:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
<C:\Program Files\ewido anti-malware\ewidoguard.exe><ewido networks>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"F:\KAV2005\KPfwSvc.EXE"><Kingsoft Corporation>
[LexBce Server / LexBceS]
<C:\WINNT\system32\LEXBCES.EXE><Lexmark International, Inc.>
[lxbx_device / lxbx_device]
<C:\WINNT\system32\lxbxcoms.exe -service><Lexmark International, Inc.>
[NetBTD(ntbtd) / NetBTD]
<"C:\WINNT\system32\netbtd.exe"><N/A>
[nvsec(nvsec) / NvSec]
<"C:\WINNT\system32\nvsec.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CPub Object]
{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[东方卫士]
{A26ABCF0-1C8F-46e7-A67C-0489DC21B9CE} <C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll, N/A>
[在线杀毒]
{A26ABCF0-1C8F-46e7-A67C-0489DC21B9EE} <http://www.i110.com/dfvsonline/, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[东方卫士]
{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\WINNT\system32\dfvs\dfvsol\DFVSIEBR.dll, N/A>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
[WTDSPlayerV5 Class]
{44198AE3-3BA0-41C2-8C8E-D29DC1FE28EB} <C:\WINNT\Downloaded Program Files\WTDSPlayerV5.dll, >
[JMWiseCam Control]
{466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} <C:\WINNT\DOWNLO~1\JMWISE~1.OCX, Linudix Co., LTD>
[PwdEdit Control]
{5467862B-C477-437F-886E-EC5006B37DCA} <C:\WINNT\DOWNLO~1\PwdEdit.ocx, adtec>
[wIPCamCtrl Class]
{615DE4D4-F7B6-43A9-9221-BDFB997BD785} <C:\WINNT\Downloaded Program Files\wIPCam.ocx, Tyhotek Corporation>
[NetCamera Control]
{7556F1A5-E2D4-46D2-90B6-553928D8E662} <C:\WINNT\DOWNLO~1\ncamCtrl.ocx, >
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINNT\DOWNLO~1\SUBMIT~1.DLL, >
[DFVSScanFile Control]
{9BBD100C-E820-4930-9937-E8F3AA40E584} <C:\WINNT\system32\dfvs\dfvsol\DFVSSFOL.ocx, >
[Submit Class]
{A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINNT\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd>
[iChatX Object]
{C07405FD-84D1-4A25-94E8-68609EA8335B} <C:\WINNT\Downloaded Program Files\ichatx.dll, 深圳市东方博雅科技有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
<F:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<F:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<F:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<F:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
<G:\Program Files\BitSpirit\bsurl.htm, N/A>

741016 - 2006-7-9 13:40:00

==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6714>
[PID: 228][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 240][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6695>
[PID: 424][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 448][C:\WINNT\system32\LEXBCES.EXE] <Lexmark International, Inc.><8.16>
[C:\WINNT\system32\lexp2p32.dll] <Lexmark International, Inc.><8.16>
[C:\WINNT\system32\lex2kusb.dll] <Lexmark International, Inc.><8.16>
[PID: 476][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659>
[C:\WINNT\system32\lxbxlmpm.DLL] <Lexmark International, Inc.><1.101.75.0>
[C:\WINNT\system32\AdobePDF.dll] <Adobe Systems Incorporated.><6.0.000>
[C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS] <N/A><N/A>
[C:\WINNT\system32\LXBXPMON.DLL] <N/A><N/A>
[C:\WINNT\system32\IMGMAN32.dll] <Data Techniques, Inc.>< 7.20 >
[C:\WINNT\system32\IM31IMG.DIL] <Data Techniques, Inc.>< 7.20 >
[C:\WINNT\system32\lxbxpmrc.dll] <Lexmark International, Inc.><1.0.14.4>
[C:\WINNT\system32\LEXLMPM.DLL] <Lexmark International, Inc.><8.16>
[C:\WINNT\system32\LexBce.dll] <Lexmark International, Inc.><8.16>
[C:\WINNT\system32\spool\PRTPROCS\W32X86\lxbxPP5C.dll] <><1.212.0.0>
[C:\WINNT\system32\spool\PRTPROCS\W32X86\LXBCPP5C.dll] <Lexmark International><1.0.4.2>
[C:\WINNT\system32\LXBCpwr.dll] <Lexmark International, Inc.><1, 0, 1, 0>
[PID: 508][C:\WINNT\system32\LEXPPS.EXE] <Lexmark International, Inc.><8.16>
[C:\WINNT\system32\LEXBCE.DLL] <Lexmark International, Inc.><8.16>
[PID: 520][C:\WINNT\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020>
[PID: 544][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 556][C:\Program Files\ewido anti-malware\ewidoctrl.exe] <ewido networks><3, 0, 0, 1>
[C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1>
[PID: 620][C:\WINNT\TEMP\~D0.tmp.exe] <N/A><N/A>
[C:\WINNT\TEMP\~DFD1.tmp] <N/A><N/A>
[PID: 684][C:\WINNT\system32\hidserv.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 708][F:\KAV2005\KPfwSvc.EXE] <Kingsoft Corporation><2004, 12, 19, 24>
[PID: 744][C:\WINNT\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7772>
[PID: 768][C:\WINNT\System32\SCardSvr.exe] <Microsoft Corporation><5.00.2195.6609>
[PID: 784][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6704>
[PID: 824][C:\WINNT\system32\stisvc.exe] <Microsoft Corporation><5.00.2195.6656>
[PID: 880][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 896][C:\WINNT\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.00.0984>
[PID: 1140][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\ewido anti-malware\context.dll] <ewido networks><1.0.0.1>
[C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1>
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500>
[PID: 1296][C:\Program Files\Lexmark 7100 Series\lxbxmon.exe] <Lexmark International, Inc.><1.206.0.0>
[C:\Program Files\Lexmark 7100 Series\lxbxscw.dll] <Lexmark International, Inc.><1.206.0.0>
[C:\WINNT\system32\lxbxcfg.dll] <Lexmark International><1, 0, 0, 1>
[C:\WINNT\system32\spool\drivers\w32x86\3\lxbxtsfw.dll] <Lexmark International Inc.><1.36.0.0>
[C:\WINNT\system32\spool\drivers\w32x86\3\lxbxdrec.dll] <Lexmark International Inc.><1.16.0.0>
[C:\WINNT\system32\spool\drivers\w32x86\3\lxbxcfg.dll] <Lexmark International><1, 0, 0, 1>
[C:\WINNT\system32\lxbxcomc.dll] <Lexmark International, Inc.><1.101.75.0>
[C:\WINNT\system32\lxbxpplc.dll] <Lexmark International, Inc.><1.101.75.0>
[C:\WINNT\system32\lxbxprox.dll] <Lexmark International, Inc.><1.101.75.0>
[PID: 1328][C:\Program Files\Lexmark 7100 Series\ezprint.exe] <N/A><N/A>
[C:\Program Files\Lexmark 7100 Series\Epwizard.DLL] <N/A><N/A>
[C:\Program Files\Lexmark 7100 Series\customui.dll] <Lexmark International Inc.><1.0.0.1>
[C:\Program Files\Lexmark 7100 Series\Eputil.DLL] <Lexmark International Inc.><1.0.0.1>
[C:\Program Files\Lexmark 7100 Series\Imagutil.DLL] <Lexmark International Inc.><1.0.0.1>
[C:\Program Files\Lexmark 7100 Series\LTWVC13n.dll] <LEAD Technologies, Inc.><13.0.0.078>
[C:\Program Files\Lexmark 7100 Series\LTDIS13N.dll] <LEAD Technologies, Inc.><13.0.0.078>
[C:\Program Files\Lexmark 7100 Series\LTKRN13N.dll] <LEAD Technologies, Inc.><13.0.0.078>
[C:\Program Files\Lexmark 7100 Series\LTFIL13N.DLL] <LEAD Technologies, Inc.><13.0.0.078>
[C:\Program Files\Lexmark 7100 Series\LTIMG13N.dll] <LEAD Technologies, Inc.><13.0.0.078>
[C:\Program Files\Lexmark 7100 Series\LTEFX13N.dll] <LEAD Technologies, Inc.><13.0.0.078>
[C:\Program Files\Lexmark 7100 Series\Epfunct.DLL] <Lexmark International Inc.><1.0.0.1>
[C:\Program Files\Lexmark 7100 Series\epstring.dll] <N/A><N/A>
[PID: 1332][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3249>
[C:\WINNT\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[PID: 1396][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B5.tmp.exe] <N/A><N/A>
[C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2BC.tmp] <N/A><N/A>
[PID: 1404][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B6.tmp.exe] <N/A><N/A>
[C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2BE.tmp] <N/A><N/A>
[PID: 1412][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2B7.tmp.exe] <N/A><N/A>
[C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2BF.tmp] <N/A><N/A>
[PID: 1428][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2BA.tmp.exe] <N/A><N/A>
[C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2BD.tmp] <N/A><N/A>
[PID: 1648][C:\WINNT\system32\RUNDLL32.EXE] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.7772>
[C:\WINNT\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7772>
[PID: 1656][C:\DOCUME~1\yanyi\LOCALS~1\Temp\~2C0.tmp.exe] <N/A><N/A>

741016 - 2006-7-9 13:41:00

[C:\DOCUME~1\yanyi\LOCALS~1\Temp\~DF2C1.tmp] <N/A><N/A>
[PID: 1120][C:\Program Files\ewido anti-malware\oldewido.exe] <ewido networks><3, 5, 0, 0>
[C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1>
[C:\Program Files\ewido anti-malware\wizard.dll] <N/A><N/A>
[C:\Program Files\ewido anti-malware\framework.dll] <ewido networks><1, 0, 0, 249>
[C:\Program Files\ewido anti-malware\configuration.dll] <ewido networks><1, 0, 0, 1>
[C:\Program Files\ewido anti-malware\engine.dll] <ewido networks GmbH & Co. KG><4, 0, 0, 2>
[C:\Program Files\ewido anti-malware\scan.dll] <ewido networks><1, 0, 0, 2>
[C:\Program Files\ewido anti-malware\modules\autostartviewer.dll] <ewido networks><1, 0, 0, 114>
[C:\Program Files\ewido anti-malware\TScan1.dll] <ewido networks><3, 0, 0, 0>
[C:\Program Files\ewido anti-malware\archive.dll] <N/A><N/A>
[C:\Program Files\ewido anti-malware\modules\connectionwatch.dll] <ewido networks><1, 0, 0, 2>
[C:\Program Files\ewido anti-malware\modules\processviewer.dll] <privat><1, 0, 0, 2>
[C:\Program Files\ewido anti-malware\quarantine.dll] <ewido networks><1, 0, 0, 43>
[C:\Program Files\ewido anti-malware\update.dll] <ewido networks><1, 0, 0, 8>
[C:\Program Files\ewido anti-malware\update_core.dll] <N/A><N/A>
[C:\Program Files\ewido anti-malware\info.dll] <ewido networks><1, 0, 0, 137>
[C:\Program Files\ewido anti-malware\resources.dll] <N/A><N/A>
[C:\WINNT\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] <N/A><N/A>
[PID: 1452][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\WINNT\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll] <N/A><N/A>
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.CHS] <N/A><N/A>
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 1844][C:\WINNT\system32\lxbxcoms.exe] <Lexmark International, Inc.><1.101.75.0>
[C:\WINNT\system32\lxbxprox.dll] <Lexmark International, Inc.><1.101.75.0>
[C:\WINNT\system32\lxbxserv.dll] <Lexmark International, Inc.><1.101.75.0>
[C:\WINNT\system32\lxbxusb1.dll] <Lexmark International, Inc.><1.101.75.0>
[PID: 1768][F:\Program Files\Tencent\qq\QQ.exe] <TENCENT><0, 0, 0, 0>
[F:\Program Files\Tencent\qq\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQHelperDll.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[F:\Program Files\Tencent\qq\QQAPI.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[F:\Program Files\Tencent\qq\LoginCtrl.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[F:\Program Files\Tencent\qq\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[F:\Program Files\Tencent\qq\QQRes.dll] <tencent><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQMainFrame.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\CQQApplication.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\NewSkin.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\HostingMgr.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\CameraDll.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\MailSummary.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\msdmo.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\QQGroupMng.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQSysMsgMng.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\QQConfigPlugin.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\UserDefinedHead.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QRingMng.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\PhoneAPI.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[F:\Program Files\Tencent\qq\QQAvatar.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\FlashAvatarDll.dll] <><1, 4, 0, 1>
[F:\Program Files\Tencent\qq\LongConnection.dll] <tencent><0, 3, 3, 8>
[F:\Program Files\Tencent\qq\QQPet.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[F:\Program Files\Tencent\qq\BQQApplication.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\QQPlugin.dll] <N/A><N/A>
[C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\CommercesMng.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[F:\Program Files\Tencent\qq\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[F:\Program Files\Tencent\qq\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
[F:\Program Files\Tencent\qq\QQAllInOne.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\SCCore.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\QQSceneMng.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 4, 40>
[PID: 2020][F:\Program Files\Tencent\qq\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[F:\Program Files\Tencent\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 1900][F:\Downloads\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [AutoCADScriptFile]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛