本帖最后由 jasonsimon36 于 2010-11-22 22:38 编辑
最近不知道怎么的,开机变慢了,闪讯拨号后会假死半分钟,更要命的时候,用着用着突然软件都假死,文件名,盘符路径开始出现框框一样的乱码,鼠标可移动,连杀软点一下又说不是不是什么32系统的应用程序,重启后又恢复正常,用360,金山都扫描过,都系统修复过,windows清理助手也扫了,没毒啊,怎么回事啊 ,救救我
2010-11-21,22:29:28
SysLog Scanner 3.1 - build 20100608
Arswp (http://www.arswp.com)
Windows XP Professional Service Pack 3 (build 2600)
================================================================
注册项
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<UnlockerAssistant> <"C:\Program Files\Unlocker\UnlockerAssistant.exe"> [N/A]
<Netkeeper1.0> <D:\Program files\ChinaNetSn\bin\NetKeeper.exe> [XI AN XINLI SOFTWARE TECHNOLOGY CO.,LTD, 0, 0, 5, 1]
<kxesc> <"C:\Program Files\Common Files\Kingsoft\kiscommon\kxetray.exe" -autorun> [(Verified)Kingsoft Corporation, 2010,10,21,1314]
<KSafeTray> <"C:\Program Files\KSafe\KSafeTray.exe" -autorun> [(Verified)Kingsoft Corporation, 2.1.0.1025]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
<uxtheme> <uxtheme.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
<AtiExtEvent> <Ati2evxx.dll> [ATI Technologies Inc., 6.14.10.4177]
<WBSrv> <D:\WindowBlinds\WindowBlinds\wbsrv.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components]
<{89B4C1CD-B018-4511-B0A1-5476DBF70820}> <C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt]
<&使用优蛋下载> <D:\Program files\UDown\getUrl.htm> [N/A]
<&使用优蛋下载全部链接> <D:\Program files\UDown\getAllUrl.htm> [N/A]
<Add to Google Photos Screensa&ver> <res://C:\WINDOWS\system32\GPhotos.scr/200> [Google Inc., 3.6.105.67]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MenuExt]
<添加到QQ表情> <D:\Program files\TM2009\Bin\AddEmotion.htm> [N/A]
================================================================
启动组
================================================================
任务计划
================================================================
组件
--------------------------------
Shell Extension
[Display Panning CPL Extension]
<{42071714-76d4-11d1-8b24-00a0c9068ff3}> <deskpan.dll> []
[HyperTerminal Icon Ext]
<{88895560-9AA2-1069-930E-00AA0030EBC8}> <C:\WINDOWS\system32\hticons.dll> [(Verified)Hilgraeve, Inc., 5.1.2600.0]
[任务栏和「开始」菜单]
<{0DF44EAA-FF21-4412-828E-260A8728E7F1}> <> []
[HaoZip Shell Extension]
<{5FED836A-C96C-4d88-A91E-F63F07726585}> <D:\Program Files\HaoZip\HaoZipExt.dll> [(Verified)好压软件工作室, 2.0.1.4930]
[ShellLink for Application References]
<{e82a2d71-5b2f-43a0-97b8-81be15854de8}> <C:\WINDOWS\system32\dfshim.dll> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
--------------------------------
Protocols
[Cor MIME Filter, CorFltr, CorFltr 1]
<{1E66F26B-79EE-11D2-8710-00C04F79ED0D}> <mscoree.dll> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[]
<{6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}> <> []
--------------------------------
Context Menu
[duba_32bit]
<{D21D88E8-4123-48BA-B0B1-3FDBE4AE5FA4}> <C:\Program Files\Kingsoft\Kingsoft Antivirus\kavmenu.dll> [(Verified)Kingsoft Corporation, 2010,05,29,742]
[HaoZip]
<{5FED836A-C96C-4d88-A91E-F63F07726585}> <D:\Program Files\HaoZip\HaoZipExt.dll> [(Verified)好压软件工作室, 2.0.1.4930]
[QvodMenu]
<{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}> <d:\Program Files\QvodPlayer\QvodBand.dll> [(Verified)Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0]
--------------------------------
BrowserHelperObject
[迅雷下载支持]
<{889D2FEB-5411-4565-8998-1DD2C5261283}> <D:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.0.1962.dll> [(Verified)深圳市迅雷网络技术有限公司, 7,1,0,1962]
--------------------------------
ActiveX Extension
[WWPicUploadCtrl Class]
<{1D63232D-4F15-4A42-890D-EE617AA1537D}> <D:\Program files\AliWangWang\modules\1685\WWPictureUpload.dll> [Alibaba software (Shanghai) Corporation, 1.0.0.1]
[GDGetTokenInfo Class]
<{3AA9CF07-DF20-48FF-98BE-DED276E40146}> <C:\WINDOWS\system32\GDREAD~1.DLL> [Copyright 2007, 1, 0, 0, 2]
[Agent Class]
<{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}> <D:\Program Files\Thunder Network\Thunder\BHO\ThunderAgent7.1.0.1962.dll> [(Verified)深圳市迅雷网络技术有限公司, 7,1,0,1962]
[EditCtrl Class]
<{488A4255-3236-44B3-8F27-FA1AECAA8844}> <C:\WINDOWS\system32\aliedit\aliedit.dll> [(Verified)Copyright 2008, 2, 2, 0, 1]
[WangWangX Class]
<{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}> <D:\Program files\AliWangWang\AliIMX.dll> [(Verified)Alibaba software (Shanghai) Corporation., 1.0.0.1]
[InfoSecNetSign Class]
<{62B938C4-4190-4F37-8CF0-A92B0A91CC77}> <C:\WINDOWS\system32\netsign.dll> [Infosec Technologies Co., Ltd., 1, 2, 0, 1]
[AxInputControl Class]
<{73E4740C-08EB-4133-896B-8D0A7C9EE3CD}> <C:\WINDOWS\system32\InputControl.dll> [Copyright 2003, 1, 0, 0, 13]
[XunleiBHO Class]
<{802F530B-A8F6-4631-AE49-6BACAAC6373E}> <D:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.0.1962.dll> [(Verified)深圳市迅雷网络技术有限公司, 7,1,0,1962]
[AxSubmitControl Class]
<{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}> <C:\WINDOWS\system32\SubmitControl.dll> [Copyright 2003, 1, 0, 0, 6]
[SSOForPTLogin Class]
<{8FC1EE75-72B3-4A23-B987-2B1C4C8A611B}> <C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOAxCtrlForPTLogin.dll> [(Verified)Tencent, 1.0.0.3]
[OFrameObject Class]
<{9701758C-4373-482E-B13C-776C048EC890}> <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5927.310.(214).dll> [(Verified)ShenZhen Thunder Networking Technologies Ltd., 2, 3, 5927, 310]
[VersionDetector Class]
<{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B}> <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.32.(107).dll> [(Verified)ShenZhen Thunder Networking Technologies,Ltd., 1, 1, 0, 32]
[APlayer Control]
<{A9322148-C691-4B9D-91FC-B9C461DBE9DD}> <C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_001.dll> [(Verified)ShenZhen Thunder Networking Technologies, LTD, 2.1.5.320]
[InfoSecICBCNetSign Class]
<{B1FBC1AD-5644-4084-882A-0F8BA85E7506}> <C:\WINDOWS\system32\ICBC_N~1.DLL> [(Verified)Infosec Technologies Co., Ltd., 1, 0, 75, 3]
[FTNUpload Class]
<{BDEACC50-F56D-4D60-860F-CF6ED1766D65}> <D:\Program files\TM2009\Bin\TXFTNActiveX.dll> [(Verified)Tencent, 1, 0, 0, 11]
[KooPlayer Control]
<{C728DAB8-FDF5-4CD7-89DD-879D25794C77}> <> []
[Shockwave Flash Object]
<{D27CDB6E-AE6D-11CF-96B8-444553540000}> <C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx> [(Verified)Adobe Systems, Inc., 10,1,102,64]
[TimwpDll.TimwpCheck]
<{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4}> <d:\Program files\TM2009\Bin\Timwp.dll> [(Verified)Tencent, 1, 40, 1050, 0]
[PPLive Lite Class]
<{EF0D1A14-1033-41A2-A589-240C01EDC078}> <C:\Program Files\Internet Explorer\PPLite\plugin\pplugin2.dll> [(Verified)Copyright 2008, 1, 1, 0, 12]
================================================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Manual Start]
<%SystemRoot%\system32\Ati2evxx.exe> [ATI Technologies Inc., 6.14.10.4207]
[GP_CLT_Service / GP_CLT_Service][Running/Auto Start]
<C:\WINDOWS\system32\GP_CLT_Service.exe> [版权所有 (C) 2007, 1, 0, 1, 8]
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"> [Nokia, 7, 0, 133, 0]
[CloudServer / CloudServer][Running/Manual Start]
<F:\Cloud\CloudServer.exe> [(Verified)版权所有 (C) 2009, 10, 10, 5, 19]
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [(Verified)Google, 2.0.711.37800.beta]
[KSafe service / KSafeSvc][Running/Auto Start]
<"C:\Program Files\KSafe\KSafeSvc.exe" -svc> [(Verified)Kingsoft Corporation, 2.1.0.1027]
[Kingsoft Core Defend Service / kxedefend][Running/Auto Start]
<"C:\Program Files\Common Files\Kingsoft\kiscommon\kxedefend.exe" /service kxedefend> [(Verified)Kingsoft Corporation, 2010,08,05,1009]
[Kingsoft Security App Service / kxesapp][Running/Auto Start]
<"C:\Program Files\Common Files\Kingsoft\kiscommon\kxesapp.exe" /service kxesapp> [(Verified)Kingsoft Corporation, 2010,08,05,1009]
[Kingsoft Core Service / kxescore][Running/Auto Start]
<"C:\Program Files\Common Files\Kingsoft\kiscommon\kxescore.exe" /service kxescore> [(Verified)Kingsoft Corporation, 2010,08,05,1009]
[Kingsoft Antivirus Update Service / KxEUpSrv][Running/Auto Start]
<"C:\Program Files\Common Files\Kingsoft\kiscommon\upsvc.exe"> [(Verified)Kingsoft Corporation, 2010,10,18,1297]
================================================================
驱动
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys> [Andrea Electronics Corporation, 4.0.1.7 built by: WinDDK]
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys> [ATI Technologies Inc., 6.14.10.6860]
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
<system32\DRIVERS\bcm4sbxp.sys> [Broadcom Corporation, 4.60.0.0 built by: WinDDK]
[bpmjhnpc / bpmjhnpc][Stopped/System Start]
<\??\c:\windows\system32\drivers\bpmjhnpc.sys> []
[cFosSpeed Miniport / cFosSpeed][Stopped/Manual Start]
<system32\DRIVERS\cfosspeed.sys> []
[EQSysSecure / EQSysSecure][Stopped/System Start]
<\??\C:\WINDOWS\system32\drivers\EQSysSecure.sys> []
[jmioaogg / jmioaogg][Stopped/System Start]
<\??\c:\windows\system32\drivers\jmioaogg.sys> []
[DDK PACKET Protocol / Packet][Stopped/System Start]
<system32\DRIVERS\ProtoDrv.sys> []
[ProGCD / ProGCD][Running/Auto Start]
<\SystemRoot\System32\DRIVERS\ProGsys.sys> [HangZhou Metadata Co.,LTD, 1, 5, 3, 30]
[senfilt / senfilt][Running/Manual Start]
<system32\drivers\senfilt.sys> [Sensaura, 5.10.00.3515]
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<System32\drivers\sfdrv01.sys> [Protection Technology, 1.37]
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<System32\drivers\sfhlp02.sys> [Protection Technology, 2.3]
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<System32\drivers\sfsync02.sys> [Protection Technology, 2.12]
[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
<System32\drivers\sfvfs02.sys> [Protection Technology, 2.12]
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<system32\drivers\SiWinAcc.sys> [Silicon Image, Inc., 1.0.0.11]
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys> [Analog Devices, Inc., 5.12.01.5290]
[sptd / sptd][Running/Boot Start]
<System32\Drivers\sptd.sys> [N/A]
[System Restore Filter Driver / sr][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\sr.sys> []
[TAP-Win32 Adapter V9 / tap0901][Stopped/Manual Start]
<system32\DRIVERS\tap0901.sys> [The OpenVPN Project, 2.1_rc22 9/6 built by: WinDDK]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[UnlockerDriver5 / UnlockerDriver5][/Boot Start]
<\??\C:\Program Files\Unlocker\UnlockerDriver5.sys> [N/A]
[Driver for XLPPoEPC Device / XLPPoEPC][Running/Manual Start]
<system32\DRIVERS\XLPPoEPC.sys> [西安信利软件系统公司, 1.0.0.0]
[BC / BC][Running/Boot Start]
<system32\Drivers\BC.sys> [(Verified)Kingsoft Corporation, 2010,5,27,89]
[bootsafe / bootsafe][Running/Boot Start]
<system32\Drivers\bootsafe.sys> [(Verified)Kinsoft, 2010,05,11,27]
[KAVBootC / KAVBootC][Running/Boot Start]
<system32\drivers\KAVBootC.sys> [(Verified)Kingsoft Corporation, 2010,04,14,609]
[KAVSafe / KAVSafe][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys> [(Verified)Kingsoft Corporation, 2010,05,21,727]
[kmodurl / kmodurl][Running/System Start]
<\??\C:\Program Files\KSafe\kmodurl.sys> [(Verified)Kingsoft Corporation, 2.1.0.1025]
[ksdef / ksdef][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ksdef.sys> [(Verified)Kingsoft Corporation, 2010,09,13,53]
[kwatch32 / kwatch32][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\kwatch32.sys> [(Verified)Kingsoft Corporation, 2010,07,22,40]
[LongRADrv / LongRADrv][Running/System Start]
<\??\F:\Cloud\LongRADrv.sys> [(Verified)long, 9, 10, 5, 17]
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
<system32\drivers\ccdcmb.sys> [(Verified)Nokia, 7.1.29.50]
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
<system32\drivers\ccdcmbo.sys> [(Verified)Nokia, 7.1.28.49]
[onbgnkla / onbgnkla][Running/System Start]
<\??\c:\windows\system32\drivers\onbgnkla.sys> [(Verified)360.cn, 2.7.2.2]
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
<system32\DRIVERS\pccsmcfd.sys> [(Verified)Nokia, 7.0.0.0]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys> [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148)]
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys> [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086]
[Anchorfree HSS Adapter / taphss][Stopped/Manual Start]
<system32\DRIVERS\taphss.sys> [(Verified)AnchorFree Inc, 2.1_rc19 16/4 built by: WinDDK]
[upperdev / upperdev][Stopped/Manual Start]
<system32\DRIVERS\usbser_lowerflt.sys> [(Verified)Nokia, 7.1.28.49]
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
<system32\DRIVERS\usbser_lowerfltj.sys> [(Verified)Nokia, 7.1.28.49]
================================================================
活动进程
[PID: 1200 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\Ati2evxx.dll [ATI Technologies Inc., 6.14.10.4177]
C:\WINDOWS\system32\GOOGLEPINYIN2.IME [(Verified)Google Inc., 2.3.14.85]
[PID: 1256 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1428 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1504 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1624 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1664 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1832 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 188 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\GOOGLEPINYIN2.IME [(Verified)Google Inc., 2.3.14.85]
C:\Program Files\Unlocker\UnlockerHook.dll [N/A]
C:\Program Files\Kingsoft\Kingsoft Antivirus\ktaskbar.dll [(Verified)Kingsoft Corporation, 2010,05,26,732]
C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll [(Verified)Kingsoft Corporation, 2010,08,30,159]
C:\Program Files\KSafe\ksfmon.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
d:\Program Files\QvodPlayer\QvodBand.dll [(Verified)Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0]
D:\Program Files\HaoZip\HaoZipExt.dll [(Verified)好压软件工作室, 2.0.1.4930]
C:\Program Files\Kingsoft\Kingsoft Antivirus\kavmenu.dll [(Verified)Kingsoft Corporation, 2010,05,29,742]
C:\Program Files\Kingsoft\Kingsoft Antivirus\kis.dll [(Verified)Kingsoft Corporation, 2010,08,25,1089]
D:\Program Files\Tencent\QQPlayer\QPShellExt.dll [(Verified)Tencent, 1.0.0.1]
D:\Program Files\Tencent\QQPlayer\i18nu.dll [(Verified)Tencent, 1.2 alpha1 build2(20080220)]
[PID: 428 / SYSTEM] C:\Program Files\KSafe\KSafeSvc.exe [(Verified)Kingsoft Corporation, 2.1.0.1027]
C:\Program Files\KSafe\ksafeeng.dll [(Verified)Kingsoft Corporation, 2.1.0.1027]
C:\Program Files\KSafe\katrun.dll [(Verified)Kingsoft Corporation, 2.1.0.1027]
C:\Program Files\KSafe\ksafebak.dll [(Verified)Kingsoft Corporation, 2.1.0.1027]
C:\Program Files\KSafe\ksafedb.dll [(Verified)Kingsoft Corporation, 2.1.0.1027]
C:\Program Files\KSafe\kcache.dll [(Verified)Kingsoft Corporation, 2.1.0.1027]
C:\Program Files\KSafe\knescan.dll [(Verified)Kingsoft Corporation., 1.0.0.1111]
C:\Program Files\KSafe\kse\ksbwdet2.dll [(Verified)Kingsoft Corporation, 2010,11,04,1495]
C:\Program Files\KSafe\kse\sqlite.dll [(Verified)Kingsoft Corporation, 2010,03,30,781]
C:\Program Files\KSafe\KEng\ksafeave.dll [(Verified)Kingsoft Corporation., 1.0.0.1114]
C:\Program Files\KSafe\KEng\kae\kaecore.dat [(Verified)Kingsoft Corporation, 2010,06,30,436]
C:\Program Files\KSafe\kdump.dll [(Verified)Kingsoft Corporation, 2010,10,11,1453]
C:\Program Files\KSafe\kxebase.dll [(Verified)Kingsoft Corporation, 2010,5,12,402]
C:\Program Files\KSafe\scom.dll [(Verified)Kingsoft Corporation, 2010,5,12,402]
C:\Program Files\KSafe\kxecore\kxecore.dll [(Verified)Kingsoft Corporation, 2010,5,12,402]
C:\Program Files\KSafe\kexectrl.dll [(Verified)Kingsoft Corporation, 2010,09,18,1422]
C:\Program Files\KSafe\kwssp.dll [(Verified)Kingsoft Corporation, 2010.11.19.1025]
C:\Program Files\KSafe\json.dll [(Verified)N/A]
C:\Program Files\KSafe\ksscore.dll [(Verified)Kingsoft Corporation, 2010,11,18,54]
C:\Program Files\KSafe\kplugeng.dll [(Verified)Kingsoft Corporation., 1.5.2.1191]
C:\Program Files\KSafe\kcldrep.dll [(Verified)Kingsoft Corporation, 2010,11,05,45]
C:\Program Files\KSafe\kse\ksecorex.dll [(Verified)Kingsoft Corporation, 2010,09,16,1206]
C:\Program Files\KSafe\KEng\kae\karchive.dat [(Verified)Kingsoft Corporation, 2010,06,30,436]
C:\Program Files\KSafe\KEng\kae\kaearcha.dat [(Verified)Kingsoft Corporation, 2010,06,30,436]
C:\Program Files\KSafe\KEng\kae\kaeolea.dat [(Verified)Kingsoft Corporation, 2010,06,30,436]
C:\Program Files\KSafe\KEng\kae\kaearchb.dat [(Verified)Kingsoft Corporation, 2010,06,30,436]
C:\Program Files\KSafe\fwproxy.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\Program Files\KSafe\KEng\kae\kaeunpak.dat [(Verified)Kingsoft Corporation, 2010,06,30,436]
C:\Program Files\KSafe\KEng\kae\kaeunpack.dat [(Verified)Kingsoft Corporation, 2010,07,18,365]
C:\Program Files\KSafe\KEng\kae\kaevname.dat [(Verified)Kingsoft Corporation, 2010,06,30,436]
C:\Program Files\KSafe\KEng\kae\kaecorea.dat [(Verified)Kingsoft Corporation, 2010,06,30,436]
[PID: 1976 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2880 / SYSTEM] C:\WINDOWS\system32\GP_CLT_Service.exe [版权所有 (C) 2007, 1, 0, 1, 8]
[PID: 2912 / Administrator] C:\WINDOWS\system32\GP_CLT.exe [Copyright (C) 2007, 2, 0, 0, 7]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\GOOGLEPINYIN2.IME [(Verified)Google Inc., 2.3.14.85]
C:\WINDOWS\system32\GP_IFD.dll [CIDC., 1, 0, 17, 45]
C:\WINDOWS\system32\GP_COS.dll [Copyright (C) 2008, 2, 0, 1, 15]
C:\WINDOWS\system32\GP_RES.dll [Copyright (C) 2008, 2, 0, 1, 9]
[PID: 3208 / Administrator] C:\Program Files\Unlocker\UnlockerAssistant.exe [N/A]
C:\Program Files\Unlocker\UnlockerHook.dll [N/A]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\GOOGLEPINYIN2.IME [(Verified)Google Inc., 2.3.14.85]
[PID: 3316 / Administrator] D:\Program files\ChinaNetSn\bin\NetKeeper.exe [XI AN XINLI SOFTWARE TECHNOLOGY CO.,LTD, 0, 0, 5, 1]
D:\Program files\ChinaNetSn\bin\StringList.dll [N/A]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\Program Files\KSafe\ksfmon.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll [(Verified)Kingsoft Corporation, 2010,08,30,159]
C:\Program Files\Unlocker\UnlockerHook.dll [N/A]
C:\WINDOWS\system32\GOOGLEPINYIN2.IME [(Verified)Google Inc., 2.3.14.85]
D:\Program files\ChinaNetSn\bin\xinliPPPoE.dll [版权所有 (C) 2007, 1, 0, 1, 7]
C:\WINDOWS\system32\PProxyCTL.dll [西安, 4, 0, 0, 3]
D:\Program files\ChinaNetSn\plugin\EPHONE\NetKeeperToEcp.dll [浙江省公众信息产业有限公司, 0, 1, 1, 0]
[PID: 3372 / Administrator] C:\Program Files\KSafe\KSafeTray.exe [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\Program Files\KSafe\ksfmon.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\Program Files\KSafe\krunopt.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\Program Files\KSafe\kdump.dll [(Verified)Kingsoft Corporation, 2010,10,11,1453]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\Program Files\Unlocker\UnlockerHook.dll [N/A]
C:\WINDOWS\system32\GOOGLEPINYIN2.IME [(Verified)Google Inc., 2.3.14.85]
C:\Program Files\KSafe\kwsctrl.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll [(Verified)Kingsoft Corporation, 2010,08,30,159]
C:\Program Files\KSafe\ksafedb.dll [(Verified)Kingsoft Corporation, 2.1.0.1027]
C:\Program Files\KSafe\ksafevul.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\Program Files\KSafe\ksafeup.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\Program Files\KSafe\zlib1.dll [(Verified)(C) 1995-2004 Jean-loup Gailly & Mark Adler, 1.2.3]
C:\Program Files\KSafe\kplugeng.dll [(Verified)Kingsoft Corporation., 1.5.2.1191]
C:\Program Files\KSafe\KEng\ksignup.dll [(Verified)Kingsoft Corporation., 1.0.0.1114]
C:\Program Files\KSafe\KEng\KSGMerge.DLL [(Verified)Kingsoft Corporation, 2010,02,26,47]
[PID: 3460 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\Program Files\Unlocker\UnlockerHook.dll [N/A]
C:\WINDOWS\system32\GOOGLEPINYIN2.IME [(Verified)Google Inc., 2.3.14.85]
[PID: 3136 / SYSTEM] F:\Cloud\CloudServer.exe [(Verified)版权所有 (C) 2009, 10, 10, 5, 19]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 328 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2712 / Administrator] D:\Program files\Opera 11.00 beta\opera.exe [(Verified)Opera Software, 1104 (1)]
D:\Program files\Opera 11.00 beta\Opera.dll [(Verified)Opera Software, 1104 (1)]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\Program Files\KSafe\ksfmon.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll [(Verified)Kingsoft Corporation, 2010,08,30,159]
C:\Program Files\Unlocker\UnlockerHook.dll [N/A]
C:\Program Files\KSafe\kwsui.dll [(Verified)Kingsoft Corporation, 2010.11.19.1025]
C:\Program Files\KSafe\kswebshield.dll [(Verified)Kingsoft Corporation, 2010.11.20.1037]
C:\WINDOWS\system32\GOOGLEPINYIN2.IME [(Verified)Google Inc., 2.3.14.85]
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [(Verified)N/A]
[PID: 2968 / Administrator] D:\清理\arswp3\ArSwp3.exe [(Verified)Windows 清理助手, 3.1.3.0815]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\Program Files\KSafe\ksfmon.dll [(Verified)Kingsoft Corporation, 2.1.0.1025]
C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll [(Verified)Kingsoft Corporation, 2010,08,30,159]
C:\Program Files\Unlocker\UnlockerHook.dll [N/A]
C:\WINDOWS\system32\GOOGLEPINYIN2.IME [(Verified)Google Inc., 2.3.14.85]
C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx [(Verified)Adobe Systems, Inc., 10,1,102,64]
================================================================
文件关联
[.jpg] <"C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe" "%1"> [(Verified)Google Inc., 3.6.105.67]
[.zip] <"D:\Program Files\HaoZip\HaoZip.exe" "%1"> [(Verified)好压软件工作室, 2.0.1.4930]
[.rar] <"D:\Program Files\HaoZip\HaoZip.exe" "%1"> [(Verified)好压软件工作室, 2.0.1.4930]
[.swf] <"D:\Program Files\Tencent\QQPlayer\QQPlayer.exe" /o "%1"> [(Verified)Tencent, 2.8.787.400]
[.pdf] <"d:\Program Files\Foxit PDF Reader\FoxitReader.exe" "%1"> [(Verified)Foxit Software, 3, 3, 0, 0430]
[.url] <"D:\Program files\Opera\opera.exe" "%1"> [(Verified)Opera Software, 9053]
[.xml] <"D:\Program files\Opera\opera.exe" "%1"> [(Verified)Opera Software, 9053]
[.ram] <"D:\Program Files\Tencent\QQPlayer\QQPlayer.exe" /o "%1"> [(Verified)Tencent, 2.8.787.400]
[.gif] <"C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe" "%1"> [(Verified)Google Inc., 3.6.105.67]
[.bmp] <"C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe" "%1"> [(Verified)Google Inc., 3.6.105.67]
[.mod] <"D:\Program Files\Tencent\QQPlayer\QQPlayer.exe" /o "%1"> [(Verified)Tencent, 2.8.787.400]
================================================================
Autorun.Inf
================================================================
Winsock提供者
================================================================
隐藏进程
[PID: 3332] C:\Program Files\Common Files\Kingsoft\kiscommon\kxetray.exe [(Verified)Kingsoft Corporation, 2010,10,21,1314]
[PID: 2904] C:\Program Files\Common Files\Kingsoft\kiscommon\upsvc.exe [(Verified)Kingsoft Corporation, 2010,10,18,1297]
[PID: 824] C:\Program Files\Common Files\Kingsoft\kiscommon\kxesapp.exe [(Verified)Kingsoft Corporation, 2010,08,05,1009]
[PID: 356] C:\Program Files\Common Files\Kingsoft\kiscommon\kxedefend.exe [(Verified)Kingsoft Corporation, 2010,08,05,1009]
[PID: 368] C:\Program Files\Common Files\Kingsoft\kiscommon\kxescore.exe [(Verified)Kingsoft Corporation, 2010,08,05,1009]
================================================================
可疑文件
================================================================
HOSTS
127.0.0.1 localhost
0.0.0.0 notice.asdf.com
0.0.0.0 update.asdf.cn
|
[复制链接]
发表于 2010-11-22 22:35:08
楼主