瑞星卡卡电脑诊断日志 v1.30 (2009-9-10 17:32:53) 北京瑞星信息技术有限公司 注释: [A]表示该文件存在自启动关联; [M]表示该文件在内存中; + 注册表自运行项目 + 系统服务 + HKLM\System\CurrentControlSet\Services ose [A ] 1. c:\program files\common files\microsoft shared\source engine\ose.exe UMWdf [AM] 2. c:\windows\system32\wdfmgr.exe + 内核驱动 + HKLM\System\CurrentControlSet\Services ADIHdAudAddService [A ] 3. c:\windows\system32\drivers\adihdaud.sys AEAudio [A ] 4. c:\windows\system32\drivers\aeaudio.sys ALCXWDM [A ] 5. c:\windows\system32\drivers\alcxwdm.sys HDAudBus [A ] 6. c:\windows\system32\drivers\hdaudbus.sys hptpro [A ] 7. c:\windows\system32\drivers\hptpro.sys ialm [A ] 8. c:\windows\system32\drivers\ialmnt5.sys MintRoot [A ] 9. c:\program files\common files\system\mintroot.sys RTL8023xp [A ] 10. c:\windows\system32\drivers\rtnicxp.sys Secdrv [A ] 11. c:\windows\system32\drivers\secdrv.sys SenFiltService [A ] 12. c:\windows\system32\drivers\senfilt.sys SiFilter [A ] 13. c:\windows\system32\drivers\siwinacc.sys SiRemFil [A ] 14. c:\windows\system32\drivers\siremfil.sys + 文件系统驱动 + HKLM\System\CurrentControlSet\Services exFat [A ] 15. c:\windows\system32\drivers\exfat.sys + 系统登陆自运行 + HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify igfxcui [A ] 16. c:\windows\system32\igfxsrvc.dll + HKCU\Control Panel\Desktop Scrnsave.exe [A ] 17. c:\windows\system32\文字滚动.scr + IE浏览器加载模块 + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {01443AEC-0FD1-40fd-9C87-E93D1494C233} [A ] 18. c:\program files\thunder network\thunder\comdlls\tdatonce_now.dll {889D2FEB-5411-4565-8998-1DD2C5261283} [AM] 19. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions Exec [A ] 20. c:\windows\network diagnostic\xpnetdiag.exe + 资源管理器加载模块 + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter text/xml [A ] 21. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll + HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components {E6389DF0-CF0D-4018-82C6-7EF518E3262E} [A ] 22. c:\program files\common files\system\qmc.exe + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved HyperTerminal Icon Ext [A ] 23. c:\windows\system32\hticons.dll Portable Media Devices [A ] 24. c:\windows\system32\audiodev.dll Portable Media Devices Menu [A ] 24. c:\windows\system32\audiodev.dll WinRAR shell extension [A ] 25. c:\program files\winrar\rarext.dll Microsoft Office HTML Icon Handler [A ] 26. c:\program files\microsoft office\office11\msohev.dll Web Folders [A ] 27. c:\program files\common files\microsoft shared\web folders\msonsext.dll + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {4894F5C2-169D-4DAC-A982-444B9BDB3AC4} [AM] 28. c:\windows\downloaded program files\uytbcaztxe23mezkgq.cur {7488E47D-E8F3-41C0-B2DA-9B2BD8803A80} [AM] 29. c:\windows\tasks\efepead4zpvmuxrdbs.inf {129067F2-E20A-4D14-8F30-FC3968B9C028} [AM] 30. c:\windows\tasks\ybmux4mu6funqjehwu.inf + 用户登陆自运行项目 + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce KKDelay [A ] 31. g:\卡卡\runonce.exe + 映像劫持 + HKCR\.html htmlfile\Edit\Command [A ] 32. c:\program files\microsoft office\office11\msohtmed.exe htmlfile\Print\Command [A ] 32. c:\program files\microsoft office\office11\msohtmed.exe + HKCR\.htm htmlfile\Edit\Command [A ] 32. c:\program files\microsoft office\office11\msohtmed.exe htmlfile\Print\Command [A ] 32. c:\program files\microsoft office\office11\msohtmed.exe + 正在运行的进程 + 00000110(272) wdfmgr.exe 01000000[0000C000] [AM] 2. c:\windows\system32\wdfmgr.exe + 0000022c(556) smss.exe + 00000270(624) csrss.exe + 00000288(648) winlogon.exe 72C80000[00008000] [ M] 33. c:\windows\system32\msacm32.drv + 0000029c(668) GreenBrowser.exe 00400000[00143000] [ M] 34. f:\卡卡.七龙纪自动狩猎插件v3.1\卡卡.七龙纪自动狩猎插件v3.1\greenbrowser.exe + 000002b4(692) services.exe 46040000[0000F000] [ M] 35. c:\windows\apppatch\acadproc.dll + 000002c0(704) lsass.exe + 00000304(772) tem81.exe 00400000[0000D000] [ M] 36. c:\documents and settings\administrator\local settings\temp\tem81.exe 10000000[00015000] [AM] 30. c:\windows\tasks\ybmux4mu6funqjehwu.inf 00900000[00013000] [AM] 29. c:\windows\tasks\efepead4zpvmuxrdbs.inf 00920000[00013000] [AM] 28. c:\windows\downloaded program files\uytbcaztxe23mezkgq.cur + 00000360(864) svchost.exe + 000003a0(928) svchost.exe + 000003f4(1012) QQa3l7.exe 00800000[00032000] [ M] 37. c:\program files\common files\system\qqa3l7.exe 00A00000[00011000] [ M] 38. c:\program files\common files\system\admin.obj + 00000400(1024) svchost.exe + 0000046c(1132) svchost.exe + 000004a8(1192) svchost.exe + 00000590(1424) ras.exe.exe 00400000[0000B000] [ M] 39. g:\卡卡\ras.exe.exe 7C140000[00103000] [ M] 40. g:\卡卡\mfc71.dll 7C340000[00056000] [ M] 41. g:\卡卡\msvcr71.dll 10000000[00047000] [ M] 42. g:\卡卡\kakamgr.dll 7C3A0000[0007B000] [ M] 43. g:\卡卡\msvcp71.dll 00A50000[00019000] [ M] 44. g:\卡卡\syslay.dll 00A80000[0001F000] [ M] 45. g:\卡卡\proccom.dll 00AA0000[00024000] [ M] 46. g:\卡卡\rscommx2.dll 00BF0000[0002D000] [ M] 47. g:\卡卡\comx3.dll 00D60000[00058000] [ M] 48. g:\卡卡\dbmgr.dll 23800000[00022000] [ M] 49. g:\卡卡\rsxml.dll 00EC0000[0002E000] [ M] 50. g:\卡卡\pweb.dll 00EF0000[00011000] [ M] 51. g:\卡卡\ws2help.dll 01160000[000C2000] [ M] 52. g:\卡卡\pscan.dll 01270000[00034000] [ M] 53. g:\卡卡\ncomm.dll 01060000[00070000] [ M] 54. g:\卡卡\pset.dll 010E0000[0002A000] [ M] 55. g:\卡卡\pdefend.dll 012B0000[000B6000] [ M] 56. g:\卡卡\ptools.dll 01470000[0008D000] [ M] 57. g:\卡卡\psysinfo.dll 00F10000[00013000] [AM] 28. c:\windows\downloaded program files\uytbcaztxe23mezkgq.cur 00F30000[00013000] [AM] 29. c:\windows\tasks\efepead4zpvmuxrdbs.inf 00F50000[00015000] [AM] 30. c:\windows\tasks\ybmux4mu6funqjehwu.inf 23900000[00040000] [ M] 58. g:\卡卡\pngdll.dll 03420000[0002F000] [ M] 59. g:\卡卡\engine.dll 03400000[0000F000] [ M] 60. g:\卡卡\zip.dll 043E0000[00475000] [ M] 61. c:\windows\system32\macromed\flash\flash10a.ocx 72C80000[00008000] [ M] 33. c:\windows\system32\msacm32.drv + 000005d4(1492) explorer.exe 00E20000[0000A000] [ M] 62. c:\windows\system\noy6.tmp 10000000[00013000] [AM] 28. c:\windows\downloaded program files\uytbcaztxe23mezkgq.cur 00F40000[00013000] [AM] 29. c:\windows\tasks\efepead4zpvmuxrdbs.inf 00FE0000[00015000] [AM] 30. c:\windows\tasks\ybmux4mu6funqjehwu.inf 72C80000[00008000] [ M] 33. c:\windows\system32\msacm32.drv 02ED0000[00020000] [AM] 19. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll + 00000640(1600) spoolsv.exe + 000006ac(1708) svchost.exe 10000000[00011000] [ M] 63. c:\documents and settings\administrator\local settings\temp\tmp.tmp 00A80000[00015000] [AM] 30. c:\windows\tasks\ybmux4mu6funqjehwu.inf 00B00000[00013000] [AM] 29. c:\windows\tasks\efepead4zpvmuxrdbs.inf 00B20000[00013000] [AM] 28. c:\windows\downloaded program files\uytbcaztxe23mezkgq.cur + 00000758(1880) ctfmon.exe 10000000[00015000] [AM] 30. c:\windows\tasks\ybmux4mu6funqjehwu.inf 00A60000[00013000] [AM] 29. c:\windows\tasks\efepead4zpvmuxrdbs.inf 00A80000[00013000] [AM] 28. c:\windows\downloaded program files\uytbcaztxe23mezkgq.cur + 000007b0(1968) wuauclt.exe 77020000[0000A000] [ M] 62. c:\windows\system\noy6.tmp + 000007bc(1980) alg.exe + 000007f8(2040) conime.exe 10000000[00015000] [AM] 30. c:\windows\tasks\ybmux4mu6funqjehwu.inf 009C0000[00013000] [AM] 29. c:\windows\tasks\efepead4zpvmuxrdbs.inf 009E0000[00013000] [AM] 28. c:\windows\downloaded program files\uytbcaztxe23mezkgq.cur