瑞星卡卡电脑诊断日志 v1.30 (2009-5-27 17:25:42) 北京瑞星信息技术有限公司 注释: [A]表示该文件存在自启动关联; [M]表示该文件在内存中; + 注册表自运行项目 + 系统服务 + HKLM\System\CurrentControlSet\Services MSSQLServerADHelper [A ] 1. c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe RavAgent [AM] 2. c:\program files\rising\rav\ravagent.exe RavAlert [A ] 3. c:\program files\rising\rav\ravalert.exe RavService [AM] 4. c:\program files\rising\rav\ravservice.exe RavUpdate [AM] 5. c:\program files\rising\rav\ravupdate.exe RNReport [A ] 6. c:\program files\rising\rav\rnreport.exe RsCCenter [AM] 7. c:\program files\rising\rav\ccenter.exe + 内核驱动 + HKLM\System\CurrentControlSet\Services New0 [A ] 8. c:\winnt\system32\new.sys RsNTGDI [A ] 9. c:\winnt\system32\drivers\rsntgdi.sys + IE浏览器加载模块 + HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} [A ] 10. c:\winnt\system32\kakatool.dll + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [A ] 11. c:\winnt\system32\urlfilter.dll + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions Script [A ] 12. c:\winnt\web\related.htm + 资源管理器加载模块 + HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} [A ] 13. c:\winnt\system32\updcrl.exe [A ] 14. c:\winnt\system32\verisignpub1.crl + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Multimedia File Property Sheet [A ] 15. c:\winnt\system32\mmsys.cpl HyperTerminal Icon Ext [A ] 16. c:\winnt\system32\hticons.dll Shell Application Manager [A ] 17. c:\winnt\system32\appwiz.cpl Installed Apps Enumerator [A ] 17. c:\winnt\system32\appwiz.cpl Darwin App Publisher [A ] 17. c:\winnt\system32\appwiz.cpl RISING [AM] 18. c:\winnt\system32\ravext.dll WinRAR shell extension [AM] 19. c:\program files\winrar\rarext.dll + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {32CD708B-60A7-4C00-9377-D73EAA495F0F} [AM] 18. c:\winnt\system32\ravext.dll + 用户登陆自运行项目 + HKLM\Software\Microsoft\Windows\CurrentVersion\Run RavTray [AM] 20. c:\program files\rising\rav\ravtray.exe RavTask [A ] 21. c:\program files\rising\rav\ravtask.exe runeip [AM] 22. d:\program files\rising\antispyware\rstray.exe + 开机执行 + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order BootExecute [A ] 23. c:\winnt\system32\bsmain.exe + 映像劫持 + HKCR\.html htmlfile\TencentTraveler\Command [A ] 24. c:\program files\tencent\tt\bin\ttraveler.exe + HKCR\.htm htmlfile\TencentTraveler\Command [A ] 24. c:\program files\tencent\tt\bin\ttraveler.exe + 程序初始化和已知动态连接库 + HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs [AM] 25. c:\winnt\system32\kmon.dll + 其他自启动项目 + C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Service Manager.lnk [AM] 26. c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe + 正在运行的进程 + 000000a0(160) smss.exe + 000000b8(184) csrss.exe + 000000cc(204) winlogon.exe + 000000e8(232) services.exe + 000000f4(244) lsass.exe + 000001bc(444) svchost.exe + 000001d4(468) spoolsv.exe + 000001f0(496) msdtc.exe + 00000260(608) svchost.exe + 00000284(644) llssrv.exe + 000002a4(676) sqlservr.exe 00400000[0072D000] [ M] 27. c:\program files\msde\mssql$ravn\binn\sqlservr.exe 41060000[00006000] [ M] 28. c:\program files\msde\mssql$ravn\binn\opends60.dll 41070000[0000D000] [ M] 29. c:\program files\msde\mssql$ravn\binn\ums.dll 42AE0000[00090000] [ M] 30. c:\program files\msde\mssql$ravn\binn\sqlsort.dll 41080000[00007000] [ M] 31. c:\program files\msde\mssql$ravn\binn\resources\1033\sqlevn70.rll 72C00000[00015000] [ M] 32. c:\program files\msde\mssql$ravn\binn\ssnetlib.dll 410D0000[00006000] [ M] 33. c:\program files\msde\mssql$ravn\binn\ssnmpn70.dll 41510000[00007000] [ M] 34. c:\program files\msde\mssql$ravn\binn\ssmslpcn.dll + 000002fc(764) RavTray.exe 00400000[000F5000] [AM] 20. c:\program files\rising\rav\ravtray.exe 10000000[0003E000] [ M] 35. c:\program files\rising\rav\ravuilib.dll 780C0000[00061000] [ M] 36. c:\winnt\system32\msvcp60.dll 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 00F60000[00020000] [ M] 37. c:\program files\rising\rav\ravtray936.dll 00FA0000[0001F000] [ M] 38. c:\program files\rising\rav\proccom.dll 00FC0000[00024000] [ M] 39. c:\program files\rising\rav\rscommx2.dll + 000003ac(940) regsvc.exe + 00000404(1028) RavAgent.exe 00400000[00125000] [AM] 2. c:\program files\rising\rav\ravagent.exe 780C0000[00061000] [ M] 36. c:\winnt\system32\msvcp60.dll 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 10000000[0001F000] [ M] 38. c:\program files\rising\rav\proccom.dll 00DF0000[00024000] [ M] 39. c:\program files\rising\rav\rscommx2.dll 00F40000[0000E000] [ M] 40. c:\program files\rising\rav\rsappmgr.dll 00F60000[00030000] [ M] 41. c:\program files\rising\rav\cfgdll.dll 01100000[00046000] [ M] 42. c:\program files\rising\rav\strategy.dll 69B10000[00115000] [ M] 43. c:\winnt\system32\msxml3.dll 1F660000[0001F000] [ M] 44. c:\winnt\system32\msdart.dll 01C60000[00015000] [ M] 45. c:\program files\common files\system\ole db\msdatl3.dll + 00000420(1056) MSTask.exe + 00000468(1128) Explorer.EXE 30000000[00011000] [ M] 46. c:\winnt\system32\msratelc.dll 10000000[0001C000] [AM] 18. c:\winnt\system32\ravext.dll 04D10000[0002E000] [AM] 19. c:\program files\winrar\rarext.dll 69B10000[00115000] [ M] 43. c:\winnt\system32\msxml3.dll 23700000[00028000] [ M] 47. c:\program files\rising\rav\rscommon.dll 379B0000[0008C000] [ M] 48. c:\program files\common files\microsoft shared\web folders\msonsext.dll + 0000048c(1164) WinMgmt.exe + 000004bc(1212) Dfssvc.exe + 000004cc(1228) inetinfo.exe + 000004e4(1252) ras.exe 00400000[0000B000] [ M] 49. d:\program files\rising\antispyware\ras.exe 7C140000[00103000] [ M] 50. d:\program files\rising\antispyware\mfc71.dll 7C340000[00056000] [ M] 51. d:\program files\rising\antispyware\msvcr71.dll 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 10000000[00047000] [ M] 52. d:\program files\rising\antispyware\kakamgr.dll 7C3A0000[0007B000] [ M] 53. d:\program files\rising\antispyware\msvcp71.dll 00970000[00019000] [ M] 54. d:\program files\rising\antispyware\syslay.dll 009A0000[0001F000] [ M] 38. c:\program files\rising\rav\proccom.dll 009C0000[00024000] [ M] 55. d:\program files\rising\antispyware\rscommx2.dll 00B10000[0002D000] [ M] 56. d:\program files\rising\antispyware\comx3.dll 010A0000[00058000] [ M] 57. d:\program files\rising\antispyware\dbmgr.dll 23800000[00022000] [ M] 58. d:\program files\rising\antispyware\rsxml.dll 01200000[0002D000] [ M] 59. d:\program files\rising\antispyware\pweb.dll 01230000[000C1000] [ M] 60. d:\program files\rising\antispyware\pscan.dll 01300000[00034000] [ M] 61. d:\program files\rising\antispyware\ncomm.dll 01460000[00070000] [ M] 62. d:\program files\rising\antispyware\pset.dll 014D0000[0002A000] [ M] 63. d:\program files\rising\antispyware\pdefend.dll 01500000[000B6000] [ M] 64. d:\program files\rising\antispyware\ptools.dll 015C0000[0008D000] [ M] 65. d:\program files\rising\antispyware\psysinfo.dll 01860000[0001C000] [AM] 18. c:\winnt\system32\ravext.dll 23900000[00040000] [ M] 66. d:\program files\rising\antispyware\pngdll.dll + 00000518(1304) RavUpdate.exe 00400000[0012C000] [AM] 5. c:\program files\rising\rav\ravupdate.exe 780C0000[00061000] [ M] 36. c:\winnt\system32\msvcp60.dll 10000000[001EA000] [ M] 67. c:\program files\rising\rav\dlcenter.dll 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 00DE0000[0001F000] [ M] 38. c:\program files\rising\rav\proccom.dll 00E00000[00024000] [ M] 39. c:\program files\rising\rav\rscommx2.dll + 000006b0(1712) internat.exe + 000006b8(1720) sqlmangr.exe 00400000[00014000] [AM] 26. c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe 10000000[0002D000] [ M] 68. c:\winnt\system32\sqlunirl.dll 41140000[0000C000] [ M] 69. c:\program files\microsoft sql server\80\tools\binn\w95scm.dll 42C40000[00017000] [ M] 70. c:\program files\microsoft sql server\80\tools\binn\sqlsvc.dll 1F9B0000[00006000] [ M] 71. c:\winnt\system32\odbcbcp.dll 42AC0000[00007000] [ M] 72. c:\program files\microsoft sql server\80\tools\binn\sqlresld.dll 43970000[00006000] [ M] 73. c:\program files\microsoft sql server\80\tools\binn\resources\1033\sqlsvc.rll 43790000[00018000] [ M] 74. c:\program files\microsoft sql server\80\tools\binn\resources\1033\sqlmangr.rll + 000006dc(1756) cmd.exe 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 10000000[0002D000] [ M] 56. d:\program files\rising\antispyware\comx3.dll 00810000[00019000] [ M] 54. d:\program files\rising\antispyware\syslay.dll + 000006f4(1780) CCenter.exe 00400000[0002A000] [AM] 7. c:\program files\rising\rav\ccenter.exe 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll + 000006f8(1784) conime.exe 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 10000000[0002D000] [ M] 56. d:\program files\rising\antispyware\comx3.dll 00710000[00019000] [ M] 54. d:\program files\rising\antispyware\syslay.dll + 000006fc(1788) rstray.exe 00400000[00023000] [AM] 22. d:\program files\rising\antispyware\rstray.exe 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 10000000[00044000] [ M] 75. d:\program files\rising\antispyware\rsmginfo.dll 23800000[00022000] [ M] 58. d:\program files\rising\antispyware\rsxml.dll 7C3A0000[0007B000] [ M] 53. d:\program files\rising\antispyware\msvcp71.dll 7C340000[00056000] [ M] 51. d:\program files\rising\antispyware\msvcr71.dll 00E20000[00024000] [ M] 76. d:\program files\rising\antispyware\comserv.dll 00E50000[00019000] [ M] 54. d:\program files\rising\antispyware\syslay.dll 23700000[00026000] [ M] 77. d:\program files\rising\antispyware\rscommon.dll 00E90000[0002D000] [ M] 56. d:\program files\rising\antispyware\comx3.dll 23900000[00040000] [ M] 66. d:\program files\rising\antispyware\pngdll.dll 010A0000[00068000] [ M] 78. d:\program files\rising\antispyware\runiep.dll 01110000[00034000] [ M] 61. d:\program files\rising\antispyware\ncomm.dll 01170000[0001F000] [ M] 38. c:\program files\rising\rav\proccom.dll 01190000[00024000] [ M] 55. d:\program files\rising\antispyware\rscommx2.dll 02630000[0001C000] [AM] 18. c:\winnt\system32\ravext.dll + 00000734(1844) svchost.exe 63B50000[00034000] [ M] 79. c:\winnt\system32\unimdm.tsp 63BC0000[00008000] [ M] 80. c:\winnt\system32\kmddsp.tsp 63BB0000[0000C000] [ M] 81. c:\winnt\system32\ndptsp.tsp 63BD0000[00006000] [ M] 82. c:\winnt\system32\ipconf.tsp 63BE0000[00044000] [ M] 83. c:\winnt\system32\h323.tsp + 000007d8(2008) RavService.exe 00400000[00155000] [AM] 4. c:\program files\rising\rav\ravservice.exe 780C0000[00061000] [ M] 36. c:\winnt\system32\msvcp60.dll 10000000[001EA000] [ M] 67. c:\program files\rising\rav\dlcenter.dll 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 00E10000[0001F000] [ M] 38. c:\program files\rising\rav\proccom.dll 00E30000[00024000] [ M] 39. c:\program files\rising\rav\rscommx2.dll 69B10000[00115000] [ M] 43. c:\winnt\system32\msxml3.dll + 00000820(2080) knownsvr.exe 00400000[00072000] [ M] 84. d:\program files\rising\antispyware\knownsvr.exe 10000000[00034000] [ M] 61. d:\program files\rising\antispyware\ncomm.dll 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 00D50000[0002D000] [ M] 56. d:\program files\rising\antispyware\comx3.dll 00D80000[00019000] [ M] 54. d:\program files\rising\antispyware\syslay.dll + 00000824(2084) NOTEPAD.EXE 60000000[00074000] [AM] 25. c:\winnt\system32\kmon.dll 10000000[0002D000] [ M] 56. d:\program files\rising\antispyware\comx3.dll 00710000[00019000] [ M] 54. d:\program files\rising\antispyware\syslay.dll