瑞星卡卡电脑诊断日志 v1.30 (2009-8-10 19:55:41) 北京瑞星信息技术有限公司 注释: [A]表示该文件存在自启动关联; [M]表示该文件在内存中; + 注册表自运行项目 + 系统服务 + HKLM\System\CurrentControlSet\Services NVSvc [AM] 1. c:\windows\system32\nvsvc32.exe ose [A ] 2. c:\program files\common files\microsoft shared\source engine\ose.exe RavCCenter [AM] 3. d:\program files\rising\rav\ccenter.exe RavTask [A ] 4. d:\program files\rising\rav\ravtask.exe RfwCCenter [AM] 5. d:\program files\rising\rfw\ccenter.exe RfwService [AM] 6. d:\program files\rising\rfw\rfwsrv.exe RfwTask [AM] 7. d:\program files\rising\rfw\ravtask.exe RsRavMon [A ] 8. d:\program files\rising\rav\ravmond.exe RsScanSrv [A ] 9. d:\program files\rising\rav\scanfrm.exe + 内核驱动 + HKLM\System\CurrentControlSet\Services 360SelfProtection [A ] 10. c:\windows\system32\drivers\360selfprotection.sys Alidevice [A ] 11. c:\windows\system32\drivers\alidevice.sys BaseTDI [A ] 12. c:\windows\system32\drivers\basetdi.sys BFSDRV [A ] 13. c:\windows\system32\drivers\bfsdrv.sys EagleNT [A ] 14. c:\windows\system32\drivers\eaglent.sys EfiMon [A ] 15. c:\windows\system32\drivers\efimon.sys GMSIPCI [A ] 16. h:\install\gmsipci.sys HDAudBus [A ] 17. c:\windows\system32\drivers\hdaudbus.sys HookCont [A ] 18. c:\windows\system32\drivers\hookcont.sys HookPort [A ] 19. c:\windows\system32\drivers\hookport.sys HookSys [A ] 20. c:\windows\system32\drivers\hooksys.sys HookUrl [A ] 21. d:\program files\rising\rfw\hookurl.sys IntcAzAudAddService [A ] 22. c:\windows\system32\drivers\rtkhdaud.sys nocashio [A ] 23. c:\windows\system32\drivers\nocashio.sys npkcrypt [A ] 24. g:\program files\tencent\qq\npkcrypt.sys RfwBase [A ] 25. c:\windows\system32\drivers\rfwbase.sys rfwtdi [A ] 26. d:\program files\rising\rfw\rfwtdi.sys RsAntiSpyware [A ] 27. c:\windows\system32\drivers\rsboot.sys RsFwDrv [A ] 28. d:\program files\rising\rfw\rsfwdrv.sys RsNTGDI [A ] 29. c:\windows\system32\drivers\rsntgdi.sys RsProtect [A ] 30. c:\windows\system32\drivers\rsptect.sys RTL8023xp [A ] 31. c:\windows\system32\drivers\rtnicxp.sys SafeBoxKrnl [A ] 32. c:\windows\system32\drivers\safeboxkrnl.sys Secdrv [A ] 33. c:\windows\system32\drivers\secdrv.sys sfng32 [A ] 34. c:\windows\system32\drivers\sfng32.sys STHDA [A ] 35. c:\windows\system32\drivers\sthda.sys XDva200 [A ] 36. c:\windows\system32\xdva200.sys XDva219 [A ] 37. c:\windows\system32\xdva219.sys + 文件系统驱动 + HKLM\System\CurrentControlSet\Services exFat [A ] 38. c:\windows\system32\drivers\exfat.sys + 系统登陆自运行 + HKCU\Control Panel\Desktop Scrnsave.exe [A ] 39. c:\windows\system32\七彩泡泡.scr + IE浏览器加载模块 + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {01443AEC-0FD1-40fd-9C87-E93D1494C233} [A ] 40. e:\program files\thunder network\thunder\comdlls\tdatonce_now.dll {889D2FEB-5411-4565-8998-1DD2C5261283} [AM] 41. e:\program files\thunder network\thunder\comdlls\xunleibho_now.dll {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [A ] 42. c:\windows\system32\urlfilter.dll {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [AM] 43. d:\program files\360\360safe\safemon\safemon.dll + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions Exec [A ] 44. g:\program files\holdfast\platform 5.0\gameclient.exe + 资源管理器加载模块 + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter text/xml [A ] 45. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll + HKLM\SOFTWARE\Classes\PROTOCOLS\Handler mso-offdap [A ] 46. c:\program files\common files\microsoft shared\web components\10\owc10.dll + HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [A ] 47. c:\windows\system32\ieudinit.exe + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved HyperTerminal Icon Ext [A ] 48. c:\windows\system32\hticons.dll WinRAR shell extension [AM] 49. c:\program files\winrar\rarext.dll PicaView [A ] 50. c:\program files\acdsee\picaview.dll Microsoft Office HTML Icon Handler [A ] 51. c:\program files\microsoft office\office11\msohev.dll Web Folders [A ] 52. c:\program files\common files\microsoft shared\web folders\msonsext.dll NvCpl DesktopContext Class [A ] 53. c:\windows\system32\nvcpl.dll Desktop Explorer [A ] 54. c:\windows\system32\nvshell.dll Desktop Explorer Menu [A ] 54. c:\windows\system32\nvshell.dll nView Desktop Context Menu [A ] 54. c:\windows\system32\nvshell.dll Shell Extensions for RealOne Player [A ] 55. c:\program files\real\realplayer\rpshell.dll RISING [AM] 56. c:\windows\system32\ravext.dll Play on my TV helper [A ] 53. c:\windows\system32\nvcpl.dll + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {32CD708B-60A7-4C00-9377-D73EAA495F0F} [AM] 56. c:\windows\system32\ravext.dll + 用户登陆自运行项目 + HKLM\Software\Microsoft\Windows\CurrentVersion\Run nwiz [A ] 57. c:\windows\system32\nwiz.exe RavTray [A ] 58. d:\program files\rising\rav\rstray.exe RFWTray [AM] 59. d:\program files\rising\rfw\rstray.exe RTHDCPL [AM] 60. c:\windows\rthdcpl.exe Alcmtr [A ] 61. c:\windows\alcmtr.exe 360Safebox [A ] 62. d:\program files\360\360safebox\safeboxtray.exe 360Safetray [A ] 63. d:\program files\360\360safe\safemon\360tray.exe + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce KKDelay [A ] 64. e:\program files\rising\antispyware\runonce.exe Rav [A ] 65. d:\program files\rising\rav\update\setup.exe + 开机执行 + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order BootExecute [A ] 66. c:\windows\system32\bsmain.exe + 映像劫持 + HKCR\.html 360seURL\open\Command [A ] 67. d:\program files\360\360se3\360se.exe + HKCR\.htm 360seURL\open\Command [A ] 67. d:\program files\360\360se3\360se.exe + HKCR\.mp3 RealPlayer.MP3.6\open\Command [A ] 68. c:\program files\real\realplayer\realplay.exe + 程序初始化和已知动态连接库 + HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs [AM] 69. c:\windows\system32\kmon.dll + 正在运行的进程 + 00000184(388) Explorer.EXE 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll 10000000[00024000] [AM] 56. c:\windows\system32\ravext.dll 72C80000[00008000] [ M] 70. c:\windows\system32\msacm32.drv 018B0000[0002F000] [AM] 43. d:\program files\360\360safe\safemon\safemon.dll 01F20000[00020000] [AM] 41. e:\program files\thunder network\thunder\comdlls\xunleibho_now.dll 01F70000[0000E000] [ M] 71. e:\program files\thunder network\thunder\components\resworker\dsbho_00.dll 01F80000[0001E000] [ M] 72. e:\program files\thunder network\thunder\components\resworker\dataprocessor_00.dll 02730000[0002C000] [AM] 49. c:\program files\winrar\rarext.dll 02680000[00012000] [ M] 73. f:\新建文件夹\ultraedit32v14.10.0.1024中文绿色破解版\ultraedit-32\ue32ctmn.dll + 0000019c(412) RsTray.exe 00400000[00023000] [AM] 59. d:\program files\rising\rfw\rstray.exe 10000000[00023000] [ M] 74. d:\program files\rising\rfw\comserv.dll 7C3A0000[0007B000] [ M] 75. c:\windows\system32\msvcp71.dll 7C340000[00056000] [ M] 76. c:\windows\system32\msvcr71.dll 23700000[00023000] [ M] 77. d:\program files\rising\rfw\rslang.dll 00A80000[0002D000] [ M] 78. d:\program files\rising\rfw\comx3.dll 00AB0000[00019000] [ M] 79. d:\program files\rising\rfw\syslay.dll 23800000[00025000] [ M] 80. d:\program files\rising\rfw\rsxml.dll 00CB0000[00010000] [ M] 81. d:\program files\rising\rfw\proccomm.dll 00FC0000[00013000] [ M] 82. d:\program files\rising\rfw\monstate.dll 00FF0000[0000C000] [ M] 83. d:\program files\rising\rfw\rfwrule.dll 01000000[00017000] [ M] 84. d:\program files\rising\rfw\rsconf.dll 01030000[0000E000] [ M] 85. d:\program files\rising\rfw\rsappmgr.dll 01050000[00031000] [ M] 86. d:\program files\rising\rfw\cfgdll.dll 01170000[00030000] [ M] 87. d:\program files\rising\rfw\rspalvd.dll 26600000[000C3000] [ M] 88. d:\program files\rising\rfw\rsguilib.dll 7C140000[00103000] [ M] 89. c:\windows\system32\mfc71.dll 33000000[00025000] [ M] 90. d:\program files\rising\rfw\ravbintl.dll 01260000[00067000] [ M] 91. d:\program files\rising\rfw\rsnetsvr.dll 012D0000[00044000] [ M] 92. d:\program files\rising\rfw\rsmginfo.dll 01320000[0004B000] [ M] 93. d:\program files\rising\rfw\rfwtray.dll 23900000[00040000] [ M] 94. d:\program files\rising\rfw\pngdll.dll 01A00000[00064000] [ M] 95. d:\program files\rising\rfw\rfwlog.dll + 0000028c(652) svchost.exe + 000002a0(672) smss.exe + 000002e8(744) knownsvr.exe 00400000[00072000] [ M] 96. e:\program files\rising\antispyware\knownsvr.exe 10000000[00034000] [ M] 97. e:\program files\rising\antispyware\ncomm.dll 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll 00A90000[0002D000] [ M] 98. e:\program files\rising\antispyware\comx3.dll 00AC0000[00019000] [ M] 99. e:\program files\rising\antispyware\syslay.dll 00FA0000[0002F000] [AM] 43. d:\program files\360\360safe\safemon\safemon.dll + 000002ec(748) csrss.exe + 00000304(772) winlogon.exe 72C80000[00008000] [ M] 70. c:\windows\system32\msacm32.drv + 00000330(816) services.exe + 0000033c(828) lsass.exe + 00000370(880) nvsvc32.exe 00400000[00022000] [AM] 1. c:\windows\system32\nvsvc32.exe 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll + 000003a4(932) RUNDLL32.EXE 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll 10000000[00017000] [ M] 100. c:\windows\system32\nvmctray.dll + 000003e8(1000) svchost.exe + 0000042c(1068) svchost.exe + 000004b0(1200) CCENTER.EXE 00400000[0001B000] [AM] 3. d:\program files\rising\rav\ccenter.exe 10000000[00029000] [ M] 101. d:\program files\rising\rav\combase.dll 00680000[00027000] [ M] 102. d:\program files\rising\rav\cnt09.dll 009B0000[0001D000] [ M] 103. d:\program files\rising\rav\cnt08.dll + 000004e4(1252) CCENTER.EXE 00400000[0001B000] [AM] 5. d:\program files\rising\rfw\ccenter.exe 10000000[00029000] [ M] 104. d:\program files\rising\rfw\combase.dll 00680000[00027000] [ M] 105. d:\program files\rising\rfw\cnt09.dll + 000004f8(1272) svchost.exe + 00000540(1344) RavTask.exe 00400000[00020000] [AM] 7. d:\program files\rising\rfw\ravtask.exe 10000000[00010000] [ M] 81. d:\program files\rising\rfw\proccomm.dll 7C340000[00056000] [ M] 76. c:\windows\system32\msvcr71.dll 7C3A0000[0007B000] [ M] 75. c:\windows\system32\msvcp71.dll 00A60000[00017000] [ M] 84. d:\program files\rising\rfw\rsconf.dll 00A90000[0000E000] [ M] 85. d:\program files\rising\rfw\rsappmgr.dll 00AB0000[00031000] [ M] 86. d:\program files\rising\rfw\cfgdll.dll 00CD0000[00027000] [ M] 106. d:\program files\rising\rfw\rstask.dll 00D90000[00018000] [ M] 107. d:\program files\rising\rfw\rsstub.dll + 000005a0(1440) RTHDCPL.EXE 00400000[010EE000] [AM] 60. c:\windows\rthdcpl.exe 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll 72C80000[00008000] [ M] 70. c:\windows\system32\msacm32.drv 10000000[0002F000] [AM] 43. d:\program files\360\360safe\safemon\safemon.dll + 000005e4(1508) svchost.exe + 00000624(1572) ctfmon.exe 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll + 00000644(1604) svchost.exe + 000006c0(1728) rfwsrv.exe 00400000[00016000] [AM] 6. d:\program files\rising\rfw\rfwsrv.exe 10000000[00029000] [ M] 104. d:\program files\rising\rfw\combase.dll 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll 7C3A0000[0007B000] [ M] 75. c:\windows\system32\msvcp71.dll 7C340000[00056000] [ M] 76. c:\windows\system32\msvcr71.dll 00680000[0001D000] [ M] 108. d:\program files\rising\rfw\monbase.dll 006B0000[00019000] [ M] 109. d:\program files\rising\rfw\moncomm.dll 006E0000[00064000] [ M] 95. d:\program files\rising\rfw\rfwlog.dll 00770000[0000C000] [ M] 83. d:\program files\rising\rfw\rfwrule.dll 00780000[00041000] [ M] 110. d:\program files\rising\rfw\rfwsrv.dll 007D0000[00019000] [ M] 79. d:\program files\rising\rfw\syslay.dll 00850000[0001B000] [ M] 111. d:\program files\rising\rfw\mports.dll 00880000[00010000] [ M] 112. d:\program files\rising\rfw\rfwdrvc.dll 008A0000[00014000] [ M] 113. d:\program files\rising\rfw\rfwdrv.dll 00BE0000[00067000] [ M] 91. d:\program files\rising\rfw\rsnetsvr.dll 00F60000[0002D000] [ M] 78. d:\program files\rising\rfw\comx3.dll 011D0000[00014000] [ M] 114. d:\program files\rising\rfw\urlrule.dll 01200000[0003C000] [ M] 115. d:\program files\rising\rfw\recomp.dll 01250000[00038000] [ M] 116. d:\program files\rising\rfw\refs.dll 014B0000[00030000] [ M] 117. d:\program files\rising\rfw\viruslib.dll 01500000[00029000] [ M] 118. d:\program files\rising\rfw\relibldr.dll 01580000[0022C000] [ M] 119. d:\program files\rising\rfw\rfwproxy.dll 01B00000[0000E000] [ M] 85. d:\program files\rising\rfw\rsappmgr.dll 01B20000[00031000] [ M] 86. d:\program files\rising\rfw\cfgdll.dll 01C40000[00010000] [ M] 81. d:\program files\rising\rfw\proccomm.dll 02CC0000[0000E000] [ M] 120. d:\program files\rising\rfw\urllib.dll + 00000788(1928) spoolsv.exe + 000007c8(1992) rsnetsvr.exe 00400000[00079000] [ M] 121. d:\program files\rising\rav\rsnetsvr.exe 10000000[00035000] [ M] 122. d:\program files\rising\rav\ncomm.dll 00380000[00019000] [ M] 123. d:\program files\rising\rav\syslay.dll 00BA0000[0002D000] [ M] 124. d:\program files\rising\rav\comx3.dll 00D10000[00010000] [ M] 125. d:\program files\rising\rav\proccomm.dll 7C340000[00056000] [ M] 76. c:\windows\system32\msvcr71.dll 7C3A0000[0007B000] [ M] 75. c:\windows\system32\msvcp71.dll + 00000af4(2804) alg.exe 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll + 0000150c(5388) RsAgent.exe 00400000[00036000] [ M] 126. d:\program files\rising\rav\rsagent.exe 10000000[00010000] [ M] 125. d:\program files\rising\rav\proccomm.dll 7C340000[00056000] [ M] 76. c:\windows\system32\msvcr71.dll 7C3A0000[0007B000] [ M] 75. c:\windows\system32\msvcp71.dll 00CD0000[0002D000] [ M] 124. d:\program files\rising\rav\comx3.dll 00D00000[00019000] [ M] 123. d:\program files\rising\rav\syslay.dll 00E70000[00059000] [ M] 127. d:\program files\rising\rav\scanprxy.dll + 000015f4(5620) AgentSvr.exe 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll 10000000[0002F000] [AM] 43. d:\program files\360\360safe\safemon\safemon.dll + 000016b0(5808) ras.exe 00400000[0000B000] [ M] 128. e:\program files\rising\antispyware\ras.exe 7C140000[00103000] [ M] 129. e:\program files\rising\antispyware\mfc71.dll 7C340000[00056000] [ M] 130. e:\program files\rising\antispyware\msvcr71.dll 60000000[0009B000] [AM] 69. c:\windows\system32\kmon.dll 10000000[0002F000] [AM] 43. d:\program files\360\360safe\safemon\safemon.dll 00BF0000[00047000] [ M] 131. e:\program files\rising\antispyware\kakamgr.dll 7C3A0000[0007B000] [ M] 132. e:\program files\rising\antispyware\msvcp71.dll 00C40000[00019000] [ M] 99. e:\program files\rising\antispyware\syslay.dll 00C60000[0001F000] [ M] 133. d:\program files\rising\rav\proccom.dll 00C80000[00024000] [ M] 134. e:\program files\rising\antispyware\rscommx2.dll 00DD0000[0002D000] [ M] 98. e:\program files\rising\antispyware\comx3.dll 00F40000[00058000] [ M] 135. e:\program files\rising\antispyware\dbmgr.dll 23800000[00022000] [ M] 136. e:\program files\rising\antispyware\rsxml.dll 010A0000[0002E000] [ M] 137. e:\program files\rising\antispyware\pweb.dll 010D0000[000C2000] [ M] 138. e:\program files\rising\antispyware\pscan.dll 011A0000[00034000] [ M] 97. e:\program files\rising\antispyware\ncomm.dll 01200000[00070000] [ M] 139. e:\program files\rising\antispyware\pset.dll 01270000[0002A000] [ M] 140. e:\program files\rising\antispyware\pdefend.dll 012A0000[000B6000] [ M] 141. e:\program files\rising\antispyware\ptools.dll 01460000[0008D000] [ M] 142. e:\program files\rising\antispyware\psysinfo.dll 01520000[00024000] [AM] 56. c:\windows\system32\ravext.dll 23900000[00040000] [ M] 143. e:\program files\rising\antispyware\pngdll.dll 03C70000[004A3000] [ M] 144. c:\windows\system32\macromed\flash\flash10c.ocx 72C80000[00008000] [ M] 70. c:\windows\system32\msacm32.drv 054E0000[00086000] [ M] 145. e:\program files\rising\antispyware\kengine.dll 05570000[00045000] [ M] 146. e:\program files\rising\antispyware\posttrt.dll 054C0000[00010000] [ M] 147. e:\program files\rising\antispyware\kscanex.dll 057D0000[0002F000] [ M] 148. e:\program files\rising\antispyware\engine.dll 05810000[00033000] [ M] 149. e:\program files\rising\antispyware\rsdialog.dll