瑞星卡卡电脑诊断日志 v1.30 (2007-7-18 14:58:27) 北京瑞星科技股份有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
NVSvc
[AM] 1. c:\windows\system32\nvsvc32.exe
ose
[A ] 2. c:\program files\common files\microsoft shared\source engine\ose.exe
RsCCenter
[A ] 3. f:\rising\rav\ccenter.exe
RsRavMon
[A ] 4. f:\rising\rav\ravmond.exe
WMPNetworkSvc
[A ] 5. c:\program files\windows media player\wmpnetwk.exe
WudfSvc
[A ] 6. c:\windows\system32\wudfsvc.dll
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ALCXWDM
[A ] 7. c:\windows\system32\drivers\alcxwdm.sys
AmdK8
[A ] 8. c:\windows\system32\drivers\amdk8.sys
BaseTDI
[A ] 9. c:\windows\system32\drivers\basetdi.sys
EagleNT
[A ] 10. c:\windows\system32\drivers\eaglent.sys
ExpScaner
[A ] 11. f:\rising\rav\expscan.sys
HookCont
[A ] 12. f:\rising\rav\hookcont.sys
HookReg
[A ] 13. f:\rising\rav\hookreg.sys
HookSys
[A ] 14. f:\rising\rav\hooksys.sys
IPHOOK
[A ] 15. c:\program files\rising\rfw\2000\iphook.sys
MEMSCAN
[A ] 16. f:\rising\rav\memscan.sys
npkcrypt
[A ] 17. c:\windows\system32\npkcrypt.sys
npkycryp
[A ] 18. c:\windows\system32\npkycryp.sys
prodrv06
[A ] 19. c:\windows\system32\drivers\prodrv06.sys
prohlp02
[A ] 20. c:\windows\system32\drivers\prohlp02.sys
prosync1
[A ] 21. c:\windows\system32\drivers\prosync1.sys
RsAntiSpyware
[A ] 22. c:\windows\system32\drivers\rsboot.sys
RsNTGDI
[A ] 23. c:\windows\system32\drivers\rsntgdi.sys
RSPPSYS
[A ] 24. f:\rising\rav\rsppsys.sys
RTL8023xp
[A ] 25. c:\windows\system32\drivers\rtnicxp.sys
Secdrv
[A ] 26. c:\windows\system32\drivers\secdrv.sys
sfhlp01
[A ] 27. c:\windows\system32\drivers\sfhlp01.sys
TDIHOOK
[A ] 28. c:\program files\rising\rfw\2000\tdihook.sys
WudfPf
[A ] 29. c:\windows\system32\drivers\wudfpf.sys
WudfRd
[A ] 30. c:\windows\system32\drivers\wudfrd.sys
ZSMC301b
[A ] 31. c:\windows\system32\drivers\usbvm31b.sys
+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
WgaLogon
[AM] 32. c:\windows\system32\wgalogon.dll
+ HKCU\Control Panel\Desktop
Scrnsave.exe
[A ] 33. c:\windows\system32\夜光时钟.scr
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[A ] 34. c:\windows\system32\kakatool.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046}
[A ] 35. e:\program files\icqtoolbar\toolbaru.dll
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{855F3B16-6D32-4fe6-8A56-BBB695989046}
[A ] 35. e:\program files\icqtoolbar\toolbaru.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
{00000000-12C3-4305-82F9-43058F20E8D2}
[A ] 36. f:\超级旋风\qqiehelper01.dll
{00000000-12C4-4305-82F9-43058F20E8D2}
[AM] 37. f:\thunder\comdlls\xunleibho_now.dll
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[AM] 38. f:\thunder\comdlls\tdatonce_now.dll
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 39. f:\thunder\thunder.exe
Exec
[A ] 40. e:\program files\icqlite\icqlite.exe
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 41. c:\windows\system32\hticons.dll
WinRAR shell extension
[AM] 42. c:\program files\winrar\rarext.dll
Shell Extensions for RealOne Player
[A ] 43. c:\program files\real\realplayer\rpshell.dll
Web Folders
[A ] 44. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Portable Media Devices
[AM] 45. c:\windows\system32\audiodev.dll
Portable Devices
[AM] 46. c:\windows\system32\wpdshext.dll
Portable Devices Menu
[AM] 46. c:\windows\system32\wpdshext.dll
NvCpl DesktopContext Class
[A ] 47. c:\windows\system32\nvcpl.dll
Play on my TV helper
[A ] 47. c:\windows\system32\nvcpl.dll
Desktop Explorer
[A ] 48. c:\windows\system32\nvshell.dll
Desktop Explorer Menu
[A ] 48. c:\windows\system32\nvshell.dll
nView Desktop Context Menu
[A ] 48. c:\windows\system32\nvshell.dll
RISING
[AM] 49. c:\windows\system32\ravext.dll
Microsoft Office HTML Icon Handler
[AM] 50. c:\program files\microsoft office\office12\msohevi.dll
ICQ Lite Shell Extension
[AM] 51. e:\program files\icqlite\icqliteshell.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 49. c:\windows\system32\ravext.dll
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 52. c:\windows\system32\shlhook.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad
WPDShServiceObj
[AM] 53. c:\windows\system32\wpdshserviceobj.dll
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
switch
[A ] 54. c:\windows\system32\壁纸自动换.exe
nwiz
[A ] 55. c:\windows\system32\nwiz.exe
RavTask
[A ] 56. f:\rising\rav\ravtask.exe
hxgame-update
[AM] 57. c:\program files\hxupdate\hxgame-update.exe
rfw
[AM] 58. c:\program files\rising\rfw\rfw.exe
IMSCMIG40W
[A ] 59. c:\program files\common files\microsoft shared\ime\imsc40w\imscmig.exe
ISUSScheduler
[AM] 60. c:\program files\common files\installshield\updateservice\issch.exe
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub
[AM] 61. f:\rising\rav\ravstub.exe
KKDelay
[A ] 62. f:\瑞星卡卡\runonce.exe
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 63. c:\windows\system32\bsmain.exe
[A ] 64. c:\windows\system32\kknative.exe
+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 65. c:\program files\microsoft office\office12\msohtmed.exe
htmlfile\Print\Command
[A ] 65. c:\program files\microsoft office\office12\msohtmed.exe
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 65. c:\program files\microsoft office\office12\msohtmed.exe
htmlfile\Print\Command
[A ] 65. c:\program files\microsoft office\office12\msohtmed.exe
+ HKCR\.mp3
Audio.MP3\open\Command
[A ] 66. c:\program files\ttplayer\ttplayer.exe
Audio.MP3\PlayList\Command
[A ] 66. c:\program files\ttplayer\ttplayer.exe
+ 正在运行的进程
+ 0000009c(156) ctfmon.exe
+ 000000b0(176) DfrgFat.exe
+ 000000d0(208) svchost.exe
+ 000001b4(436) smss.exe
+ 000001fc(508) csrss.exe
+ 00000214(532) winlogon.exe
01390000[0003B000]
[AM] 32. c:\windows\system32\wgalogon.dll
72C80000[00008000]
[ M] 67. c:\windows\system32\msacm32.drv
+ 00000240(576) services.exe
47260000[0000F000]
[ M] 68. c:\windows\apppatch\acadproc.dll
+ 0000024c(588) lsass.exe
+ 000002e4(740) svchost.exe
+ 00000310(784) svchost.exe
+ 00000380(896) svchost.exe
50E60000[0000C000]
[ M] 69. c:\windows\system32\wups2.dll
+ 000003b4(948) svchost.exe
+ 000003f4(1012) svchost.exe
+ 00000514(1300) Explorer.EXE
10000000[0001B000]
[AM] 49. c:\windows\system32\ravext.dll
00CA0000[00011000]
[AM] 52. c:\windows\system32\shlhook.dll
164A0000[00023000]
[AM] 53. c:\windows\system32\wpdshserviceobj.dll
72C80000[00008000]
[ M] 67. c:\windows\system32\msacm32.drv
109C0000[0002C000]
[ M] 70. c:\windows\system32\portabledevicetypes.dll
10930000[00049000]
[ M] 71. c:\windows\system32\portabledeviceapi.dll
024D0000[0002B000]
[AM] 42. c:\program files\winrar\rarext.dll
23700000[0001A000]
[ M] 72. f:\rising\rav\rscommon.dll
00AE0000[0000F000]
[AM] 51. e:\program files\icqlite\icqliteshell.dll
3A600000[00102000]
[ M] 73. c:\windows\system32\imsc40w.ime
3AD70000[0005D000]
[ M] 74. c:\program files\common files\microsoft shared\ime\imsc40w\mscand20.dll
01F40000[00019000]
[AM] 37. f:\thunder\comdlls\xunleibho_now.dll
22280000[00009000]
[ M] 75. f:\thunder\components\resworker\dsbho_00.dll
22250000[0000C000]
[ M] 76. f:\thunder\components\resworker\dataprocessor_00.dll
02B90000[00022000]
[AM] 38. f:\thunder\comdlls\tdatonce_now.dll
6BD10000[00010000]
[AM] 50. c:\program files\microsoft office\office12\msohevi.dll
+ 00000530(1328) alg.exe
+ 00000578(1400) spoolsv.exe
00EA0000[00008000]
[ M] 77. c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 000005f0(1520) RavStub.exe
00400000[00018000]
[AM] 61. f:\rising\rav\ravstub.exe
10000000[0001B000]
[ M] 78. f:\rising\rav\rscommx.dll
23700000[0001A000]
[ M] 72. f:\rising\rav\rscommon.dll
+ 000006a0(1696) mmc.exe
+ 000006ec(1772) nvsvc32.exe
00400000[0002C000]
[AM] 1. c:\windows\system32\nvsvc32.exe
+ 0000077c(1916) hxgame-update.exe
00400000[0003B000]
[AM] 57. c:\program files\hxupdate\hxgame-update.exe
+ 000007b4(1972) Rfw.exe
00400000[0004D000]
[AM] 58. c:\program files\rising\rfw\rfw.exe
10000000[00033000]
[ M] 79. c:\program files\rising\rfw\bmpface.dll
00AC0000[00037000]
[ M] 80. c:\program files\rising\rfw\rfw.dll
00B10000[0002D000]
[ M] 81. c:\program files\rising\rfw\chn\rfw.lag
731B0000[0000A000]
[ M] 82. c:\program files\rising\rfw\psapi.dll
+ 000007e8(2024) issch.exe
00400000[00015000]
[AM] 60. c:\program files\common files\installshield\updateservice\issch.exe
+ 00000f24(3876) Ras.exe
00400000[0013F000]
[ M] 83. f:\瑞星卡卡\ras.exe
10000000[000A3000]
[ M] 84. f:\瑞星卡卡\rasgui.dll
01760000[0002F000]
[ M] 85. f:\瑞星卡卡\engine.dll
01890000[00012000]
[ M] 86. f:\瑞星卡卡\zip.dll
16210000[0027E000]
[AM] 46. c:\windows\system32\wpdshext.dll
10930000[00049000]
[ M] 71. c:\windows\system32\portabledeviceapi.dll
07160000[00046000]
[AM] 45. c:\windows\system32\audiodev.dll
