瑞星卡卡电脑诊断日志 v1.20 (2007-7-11 13:52:39) 北京瑞星科技股份有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ Win32 Services
+ HKLM\System\CurrentControlSet\Services
aspnet_state
[A ] 1. c:\winnt\microsoft.net\framework\v1.1.4322\aspnet_state.exe
Microsoft Corporation
aspnet_state.exe
.text,.data,.rsrc,
6A 28 68 E0 11 42 00 E8 D0 02 00 00 33 FF 57 FF
scel
[AM] 2. c:\program files\nxzg\xhjq.dll
AdDm
.text,.rdata,.data,.idata,.didat,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
ServiceCopyremd8
[AM] 3. c:\windows\system32\md8\svchost.exe
CODE,DATA,BSS,.idata,.tls,.rdata,.reloc,.rsrc,
55 8B EC 83 C4 F0 53 B8 A4 37 46 00 E8 5B 2F FA
WmdmPmSN
[A ] 4. c:\winnt\system32\mspmsnsv.dll
Microsoft Corporation
Microsoft Media Device Service Provider
.text,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D
+ Kernel Drivers
+ HKLM\System\CurrentControlSet\Services
50xiwkggx
[A ] 5. c:\winnt\system32\drivers\50xiwkggx.sys
.text,.data,INIT,.reloc,
55 8B EC 83 EC 1C 53 56 57 68 B4 0C 01 00 E8 67
ac97intc
[A ] 6. c:\winnt\system32\drivers\ac97intc.sys
Intel Corporation
Intel(r) Integrated Controller Hub Audio Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
E8 19 FC FF FF 85 C0 0F 8C 81 00 00 00 56 8B 74
Cdr4_2K
[A ] 7. c:\winnt\system32\drivers\cdr4_2k.sys
Roxio
CDR4_2k CDR Helper
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 0C C7 45 F8 00 00 00 00 C7 45 F4
Cdralw2k
[A ] 8. c:\winnt\system32\drivers\cdralw2k.sys
Roxio
CDRAL for Windows 2000 Kernel Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 8D 45 F4 68 C0 02 01
FIDMOU
[A ] 9. c:\winnt\system32\drivers\fidmou.sys
Fujitsu Takamisawa Component Limited
Fujitsu Touch Panel Driver for Win2000
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8B EC 83 EC 30 53 8B 1D 3C 0D 01 00 57 8D 45
FUJ02B1
[A ] 10. c:\winnt\system32\drivers\fuj02b1.sys
FUJITSU LIMITED
WDM driver for FUJ02B1 PnP device
.text,.rdata,INIT,.rsrc,.reloc,
8B 44 24 04 C7 40 38 EC 03 01 00 C7 40 40 EC 03
gvtnhg43
[A ] 11. c:\winnt\system32\drivers\gvtnhg43.sys
A&B
.text,.data,INIT,.rsrc,.reloc,
55 8D 6C 24 90 81 EC 98 00 00 00 53 56 57 33 C0
ibnkjqya3x
[A ] 12. c:\winnt\system32\drivers\ibnkjqya3x.sys
.text,.data,INIT,.reloc,
55 8B EC 83 EC 20 53 56 57 52 53 51 50 57 56 BA
MPE
[A ] 13. c:\winnt\system32\drivers\mpe.sys
Microsoft Corporation
Microsoft MPE to IP Filter
.text,.rdata,.data,PAGECONS,INIT,.rsrc,.reloc,
A1 1C 2E 01 00 8B 00 35 9C 31 01 00 A3 9C 31 01
NABTSFEC
[A ] 14. c:\winnt\system32\drivers\nabtsfec.sys
Microsoft Corporation
WDM NABTS/FEC VBI Codec
.text,.rdata,.data,PAGECONS,INIT,.rsrc,.reloc,
A1 C8 92 01 00 8B 00 35 74 C9 01 00 A3 74 C9 01
PnpWmkDrv
[A ] 15. c:\winnt\system32\drivers\pnpwmkdrv.sys
.text,.rdata,.data,INIT,.reloc,
55 8B EC 83 EC 1C 53 33 C0 56 68 4C 0E 01 00 89
rilmrb65
[A ] 16. c:\winnt\system32\drivers\rilmrb65.sys
A&B
.text,.data,INIT,.rsrc,.reloc,
55 8D 6C 24 90 81 EC 98 00 00 00 53 56 57 33 C0
RsAntiSpyware
[A ] 17. c:\winnt\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 20 53 56 33 F6 57 89 75 F4 60 8D
rzauor06
[A ] 18. c:\winnt\system32\drivers\rzauor06.sys
C
.text,.data,INIT,.rsrc,.reloc,
55 8D 6C 24 90 81 EC 98 00 00 00 53 56 57 33 C0
SLIP
[A ] 19. c:\winnt\system32\drivers\slip.sys
Microsoft Corporation
Microsoft Slip Deframing Filter Minidriver
.text,.rdata,.data,PAGECONS,INIT,.rsrc,.reloc,
A1 9C 1A 01 00 8B 00 35 40 22 01 00 A3 40 22 01
streamip
[A ] 20. c:\winnt\system32\drivers\streamip.sys
Microsoft Corporation
Microsoft IP Driver
.text,.rdata,.data,PAGECONS,INIT,.rsrc,.reloc,
A1 34 2B 01 00 8B 00 35 18 30 01 00 A3 18 30 01
WmRegProDrv
[A ] 21. c:\winnt\system32\drivers\wmregprodrv.sys
WSTCODEC
[A ] 22. c:\winnt\system32\drivers\wstcodec.sys
Microsoft Corporation
WDM WST Codec Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
A1 9C 26 01 00 8B 00 35 10 41 01 00 A3 10 41 01
+ Winlogon
+ HKCU\Control Panel\Desktop
Scrnsave.exe
[A ] 23. c:\winnt\system32\sstext3d.scr
Microsoft Corporation
OpenGL 3D Text Screen Saver
.text,.data,.rsrc,
55 8B EC 6A FF 68 50 19 00 01 68 88 9E 00 01 64
+ Internet Explorer
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
{00000000-12C9-4305-82F9-43058F20E8D2}
[A ] 24. c:\program files\tencent\qqdownload\qqiehelper01.dll
腾讯公司
超级旋风下载组件
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{B69F34DD-F0F9-42DC-9EDD-957187DA688D}
[AM] 25. c:\360safe\safemon\safemon.dll
360安全卫士实时保护模块
.text,.rdata,.data,.share,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Script
[A ] 26. c:\winnt\web\related.htm
Exec
[A ] 27. c:\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 08 54 52 00 68 AE 54 48 00 64
+ Explorer
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[A ] 28. c:\winnt\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D
application/x-complus
[A ] 28. c:\winnt\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D
application/x-msdownload
[A ] 28. c:\winnt\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
ic32pp
[A ] 29. c:\winnt\wc98pp.dll
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
55 8B EC 83 C4 B4 B8 1C A8 40 00 E8 18 A0 FF FF
+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
[A ] 30. c:\winnt\system32\updcrl.exe
Microsoft Corporation
UPDCRL
.text,.data,.rsrc,
[A ] 31. c:\winnt\system32\verisignpub1.crl
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Multimedia File Property Sheet
[A ] 32. c:\winnt\system32\mmsys.cpl
Microsoft Corporation
Control Panel Drivers Applet
.text,.data,.rsrc,.reloc,
55 8B EC 56 8B 75 08 FF 75 10 FF 75 0C 56 E8 0E
HyperTerminal Icon Ext
[A ] 33. c:\winnt\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
Shell Application Manager
[A ] 34. c:\winnt\system32\appwiz.cpl
Microsoft Corporation
Shell Application Manager
.text,.data,.rsrc,.reloc,
8B 44 24 08 56 85 C0 74 5B 83 F8 01 75 60 8B 74
Installed Apps Enumerator
[A ] 34. c:\winnt\system32\appwiz.cpl
Microsoft Corporation
Shell Application Manager
.text,.data,.rsrc,.reloc,
8B 44 24 08 56 85 C0 74 5B 83 F8 01 75 60 8B 74
Darwin App Publisher
[A ] 34. c:\winnt\system32\appwiz.cpl
Microsoft Corporation
Shell Application Manager
.text,.data,.rsrc,.reloc,
8B 44 24 08 56 85 C0 74 5B 83 F8 01 75 60 8B 74
Fusion Cache
[A ] 28. c:\winnt\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D
WinRAR shell extension
[A ] 35. c:\压缩解压工具\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[A ] 36. c:\winnt\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Logon
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FTMSFLT
[AM] 37. c:\program files\fidmou\win2k\ftmsflt.exe
Fujitsu Takamisawa Component Limited
Fujitsu Touch Panel (PS/2) Message Notifier
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 51 40 00 68 84 30 40 00 64
360Safetray
[AM] 38. c:\360safe\safemon\360tray.exe
奇虎网
360安全卫士实时保护模块
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 45 41 00 68 72 FB 40 00 64
runeip
[AM] 39. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
+ Image Hijacks
+ HKCR\.html
htmlfile\Maxthon\Command
[A ] 40. c:\program files\多特软件合集\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
.text,.rdata,.data,.rsrc,
6A 60 68 48 7F 53 00 E8 39 5A 00 00 BF 94 00 00
+ HKCR\.htm
htmlfile\Maxthon\Command
[A ] 40. c:\program files\多特软件合集\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
.text,.rdata,.data,.rsrc,
6A 60 68 48 7F 53 00 E8 39 5A 00 00 BF 94 00 00
+ HKCR\.mp3
mp3file\open\Command
[A ] 41. c:\program files\windows media player\wmplayer.exe
Microsoft Corporation
Windows Media Player
.text,.data,.rsrc,
55 8D 6C 24 88 81 EC AC 00 00 00 53 33 DB 53 89
mp3file\play\Command
[A ] 41. c:\program files\windows media player\wmplayer.exe
Microsoft Corporation
Windows Media Player
.text,.data,.rsrc,
55 8D 6C 24 88 81 EC AC 00 00 00 53 33 DB 53 89
