alantis - 2007-7-19 16:27:00
瑞星卡卡电脑诊断日志 v1.30 (2007-7-19 16:9:57) 北京瑞星科技股份有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
Ati HotKey Poller
[AM] 1. c:\windows\system32\ati2evxx.exe
ATI Smart
[A ] 2. c:\windows\system32\ati2sgag.exe
RfwProxySrv
[A ] 3. c:\program files\rising\rfw\rfwproxy.exe
RfwService
[AM] 4. c:\program files\rising\rfw\rfwsrv.exe
RsCCenter
[AM] 5. c:\program files\rising\rav\ccenter.exe
RsRavMon
[AM] 6. c:\program files\rising\rav\ravmond.exe
Trial
[AM] 7. c:\windows\system32\whylb.dll
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ALCXSENS
[A ] 8. c:\windows\system32\drivers\alcxsens.sys
ALCXWDM
[A ] 9. c:\windows\system32\drivers\alcxwdm.sys
BaseTDI
[A ] 10. c:\windows\system32\drivers\basetdi.sys
BootScreen
[A ] 11. c:\windows\system32\drivers\vidstub.sys
d347bus
[A ] 12. c:\windows\system32\drivers\d347bus.sys
d347prt
[A ] 13. c:\windows\system32\drivers\d347prt.sys
ddsxeiservice
[A ] 14. d:\sxe injected\ddsxei.sys
EagleNT
[A ] 15. c:\windows\system32\drivers\eaglent.sys
ExpScaner
[A ] 16. c:\program files\rising\rav\expscan.sys
giveio
[A ] 17. c:\windows\system32\giveio.sys
HOOKAPI
[A ] 18. c:\program files\rising\rav\hookapi.sys
HookCont
[A ] 19. c:\program files\rising\rav\hookcont.sys
HookReg
[A ] 20. c:\program files\rising\rav\hookreg.sys
HookSys
[A ] 21. c:\program files\rising\rav\hooksys.sys
HookUrl
[A ] 22. c:\program files\rising\rfw\hookurl.sys
k4c0owp3g1
[A ] 23. c:\windows\system32\drivers\k4c0owp3g1.sys
lbsdjdli
[A ] 24. c:\windows\system32\drivers\lbsdjdli.sys
MEMSCAN
[A ] 25. c:\program files\rising\rav\memscan.sys
mProcRs
[A ] 26. c:\program files\rising\rfw\mprocrs.sys
NPF
[A ] 27. c:\windows\system32\drivers\npf.sys
npkcrypt
[A ] 28. c:\program files\tencent\qq\npkcrypt.sys
npkcusb
[A ] 29. c:\program files\tencent\qq\npkcusb.sys
npkycryp
[A ] 30. c:\program files\tencent\qq\npkycryp.sys
oreans32
[A ] 31. c:\windows\system32\drivers\oreans32.sys
ppmoucls
[A ] 32. c:\windows\system32\drivers\ppmoucls.sys
pptchpad
[A ] 33. c:\windows\system32\drivers\pptchpd5.sys
QuakeDRV
[A ] 34. c:\windows\system32\drivers\quakedrv.sys
RsAntiSpyware
[A ] 35. c:\windows\system32\drivers\rsboot.sys
RsFwDrv
[A ] 36. c:\program files\rising\rfw\rsfwdrv.sys
RsNTGDI
[A ] 37. c:\windows\system32\drivers\rsntgdi.sys
RSPPSYS
[A ] 38. c:\program files\rising\rav\rsppsys.sys
rtl8139
[A ] 39. c:\windows\system32\drivers\r8139n51.sys
safemon
[A ] 40. c:\windows\system32\drivers\safemon.sys
Secdrv
[A ] 41. c:\windows\system32\drivers\secdrv.sys
SISAGP
[A ] 42. c:\windows\system32\drivers\sisagpx.sys
snpstd
[A ] 43. c:\windows\system32\drivers\snpstd.sys
yljyahq
[A ] 44. c:\windows\system32\drivers\yljyahq.sys
+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
ADProt
[A ] 45. c:\windows\system32\drivers\adprot.sys
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[A ] 46. c:\windows\system32\kakatool.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
[A ] 47. c:\program files\flashget\jccatch.dll
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 48. c:\program files\flashget\flashget.exe
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 49. c:\windows\system32\hticons.dll
Shell Extensions for RealOne Player
[A ] 50. c:\program files\real\realone player\rpshell.dll
RISING
[A ] 51. c:\windows\system32\ravext.dll
WinRAR shell extension
[A ] 52. c:\program files\winrar\rarext.dll
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RavTask
[AM] 53. c:\program files\rising\rav\ravtask.exe
RfwMain
[AM] 54. c:\program files\rising\rfw\rfwmain.exe
runeip
[AM] 55. c:\program files\rising\kakatoolbar\runiep.exe
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 56. c:\windows\system32\bsmain.exe
+ 映像劫持
+ HKCR\Folder\shell
Super Rabbit CDROM Eject
[A ] 57. c:\program files\super rabbit\magicset\srcd2.exe
+ HKCR\.mp3
RealPlayer.MP3.6\open\Command
[A ] 58. c:\program files\real\realone player\realplay.exe
+ 正在运行的进程
+ 00000190(400) Explorer.EXE
10000000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
72C80000[00008000]
[ M] 60. c:\windows\system32\msacm32.drv
02B60000[0003B400]
[AM] 7. c:\windows\system32\whylb.dll
+ 000001d4(468) smss.exe
+ 000001f8(504) RavTask.exe
00400000[0001F000]
[AM] 53. c:\program files\rising\rav\ravtask.exe
23700000[0001A000]
[ M] 61. c:\program files\rising\rav\rscommon.dll
10000000[0000E000]
[ M] 62. c:\program files\rising\rav\rsappmgr.dll
08A10000[0002F000]
[ M] 63. c:\program files\rising\rav\cfgdll.dll
08CA0000[0001B000]
[ M] 64. c:\program files\rising\rav\rscommx.dll
08E00000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
+ 00000200(512) rfwmain.exe
00400000[00073000]
[AM] 54. c:\program files\rising\rfw\rfwmain.exe
26600000[0007D000]
[ M] 65. c:\program files\rising\rfw\rsguilib.dll
23700000[0001A000]
[ M] 66. c:\program files\rising\rfw\rscommon.dll
10000000[0000F000]
[ M] 67. c:\program files\rising\rfw\rfwctrl.dll
23800000[0001A000]
[ M] 68. c:\program files\rising\rfw\rsxml.dll
23900000[00031000]
[ M] 69. c:\program files\rising\rfw\pngdll.dll
010D0000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
+ 00000204(516) ctfmon.exe
10000000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
+ 00000210(528) runiep.exe
00400000[00012000]
[AM] 55. c:\program files\rising\kakatoolbar\runiep.exe
00BB0000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
+ 00000214(532) csrss.exe
+ 0000022c(556) winlogon.exe
72C80000[00008000]
[ M] 60. c:\windows\system32\msacm32.drv
+ 00000258(600) services.exe
+ 00000264(612) lsass.exe
+ 000002f4(756) Ati2evxx.exe
00400000[00069000]
[AM] 1. c:\windows\system32\ati2evxx.exe
003E0000[0000C000]
[ M] 70. c:\windows\system32\ati2edxx.dll
+ 00000304(772) svchost.exe
+ 0000034c(844) svchost.exe
+ 00000394(916) CCenter.exe
00400000[0001E000]
[AM] 5. c:\program files\rising\rav\ccenter.exe
alantis - 2007-7-19 16:28:00
【回复“alantis”的帖子】
+ 000003a8(936) svchost.exe
10000000[0003B400]
[AM] 7. c:\windows\system32\whylb.dll
+ 000003e8(1000) svchost.exe
+ 00000428(1064) svchost.exe
+ 00000474(1140) rfwsrv.exe
00400000[00028000]
[AM] 4. c:\program files\rising\rfw\rfwsrv.exe
10000000[0000B000]
[ M] 71. c:\program files\rising\rfw\rfwrule.dll
003F0000[00008000]
[ M] 72. c:\program files\rising\rfw\rfwlog.dll
00820000[00011000]
[ M] 73. c:\program files\rising\rfw\rfwdrv.dll
731B0000[0000A000]
[ M] 74. c:\program files\rising\rfw\psapi.dll
00940000[00011000]
[ M] 75. c:\program files\rising\rfw\mondrv.dll
00B70000[00010000]
[ M] 76. c:\program files\rising\rfw\proclib.dll
01560000[00012000]
[ M] 77. c:\program files\rising\rfw\mports.dll
+ 000004cc(1228) Ras.exe
00400000[0013F000]
[ M] 78. c:\program files\rising\kakatoolbar\ras.exe
10000000[000A3000]
[ M] 79. c:\program files\rising\kakatoolbar\rasgui.dll
01590000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
+ 000004f4(1268) spoolsv.exe
+ 00000580(1408) dllhost.exe
+ 000005b0(1456) svchost.exe
10000000[0000E000]
[ M] 80. c:\windows\system32\dsnpstd.dll
+ 000006dc(1756) alg.exe
+ 000008fc(2300) HNMainUI.exe
00400000[00084000]
[ M] 81. c:\program files\hellonet\hnmainui.exe
5FFD0000[0002B000]
[ M] 82. c:\program files\hellonet\hnutils.dll
5FF90000[0003C000]
[ M] 83. c:\program files\hellonet\hnkernel.dll
10000000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
+ 000009c8(2504) RAVMON.EXE
00400000[00099000]
[ M] 84. c:\program files\rising\rav\ravmon.exe
26600000[0007C000]
[ M] 85. c:\program files\rising\rav\rsguilib.dll
10000000[0002E000]
[ M] 86. c:\program files\rising\rav\bwlist.dll
003F0000[0000E000]
[ M] 62. c:\program files\rising\rav\rsappmgr.dll
08A20000[0002F000]
[ M] 63. c:\program files\rising\rav\cfgdll.dll
23700000[0001A000]
[ M] 61. c:\program files\rising\rav\rscommon.dll
08CC0000[0001B000]
[ M] 64. c:\program files\rising\rav\rscommx.dll
23800000[0001A000]
[ M] 87. c:\program files\rising\rav\rsxml.dll
23900000[00031000]
[ M] 88. c:\program files\rising\rav\pngdll.dll
099B0000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
+ 00000d48(3400) msdtc.exe
+ 00000d68(3432) ATIPTAXX.EXE
00400000[00056000]
[ M] 89. c:\program files\ati technologies\ati control panel\atiptaxx.exe
10000000[00040000]
[ M] 90. c:\program files\ati technologies\ati control panel\atipdsxx.dll
00AE0000[0001A000]
[ M] 91. c:\program files\ati technologies\ati control panel\atrpuixx.chs
00D10000[00013000]
[ M] 92. c:\program files\ati technologies\ati control panel\atipdxxx.dll
00FD0000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
+ 00000dec(3564) QQ.exe
00400000[00187000]
[ M] 93. c:\program files\tencent\qq\qq.exe
10000000[00251000]
[ M] 94. c:\program files\tencent\qq\qqbaseclassindll.dll
616C0000[00099000]
[ M] 95. c:\program files\tencent\qq\qqhelperdll.dll
60090000[00040000]
[ M] 96. c:\program files\tencent\qq\basicctrldll.dll
60B00000[000F2000]
[ M] 97. c:\program files\tencent\qq\mfc42.dll
61EB0000[00005000]
[ M] 98. c:\program files\tencent\qq\riched32.dll
61E40000[00068000]
[ M] 99. c:\program files\tencent\qq\riched20.dll
612D0000[00038000]
[ M] 100. c:\program files\tencent\qq\qqapi.dll
62230000[00007000]
[ M] 101. c:\program files\tencent\qq\timproxy.dll
012B0000[0001B000]
[ M] 59. c:\program files\rising\kakatoolbar\ieprot.dll
01500000[0008B000]
[ M] 102. c:\program files\tencent\qq\loginctrl.dll
01A90000[00464000]
[ M] 103. c:\program files\tencent\qq\qqres.dll
61790000[0008A000]
[ M] 104. c:\program files\tencent\qq\qqmainframe.dll
025D0000[00118000]
[ M] 105. c:\program files\tencent\qq\cqqapplication.dll
03360000[0005D000]
[ M] 106. c:\program files\tencent\qq\newskin.dll
034D0000[000C4000]
[ M] 107. c:\program files\tencent\qq\hostingmgr.dll
600F0000[00022000]
[ M] 108. c:\program files\tencent\qq\cameradll.dll
609D0000[0002F000]
[ M] 109. c:\program files\tencent\qq\mailsummary.dll
61760000[00015000]
[ M] 110. c:\program files\tencent\qq\qqknowledgesearch.dll
03650000[001DB000]
[ M] 111. c:\program files\tencent\qq\qqallinone.dll
60640000[00034000]
[ M] 112. c:\program files\tencent\qq\grouplive.dll
62110000[0002A000]
[ M] 113. c:\program files\tencent\qq\sccore.dll
60350000[001A3000]
[ M] 114. c:\program files\tencent\qq\gdiplus.dll
61F50000[0001E000]
[ M] 115. c:\program files\tencent\qq\qqspace.dll
62340000[00071000]
[ M] 116. c:\program files\tencent\qq\vbscript.dll
61650000[0006B000]
[ M] 117. c:\program files\tencent\qq\qqgroupmng.dll
60310000[0003E000]
[ M] 118. c:\program files\tencent\qq\flashavatardll.dll
72C80000[00008000]
[ M] 60. c:\windows\system32\msacm32.drv
61310000[00032000]
[ M] 119. c:\program files\tencent\qq\qqavatar.dll
61F70000[0003D000]
[ M] 120. c:\program files\tencent\qq\qqsysmsgmng.dll
62260000[00017000]
[ M] 121. c:\program files\tencent\qq\userdefinedhead.dll
61960000[000CE000]
[ M] 122. c:\program files\tencent\qq\qqplugin.dll
615B0000[0000C000]
[ M] 123. c:\program files\tencent\qq\qqconfigplugin.dll
615C0000[00032000]
[ M] 124. c:\program files\tencent\qq\qqcustomface.dll
62060000[00016000]
[ M] 125. c:\program files\tencent\qq\qringmng.dll
61920000[00029000]
[ M] 126. c:\program files\tencent\qq\qqpet.dll
05870000[000A6000]
[ M] 127. c:\program files\tencent\qq\longconnection.dll
60D00000[00028000]
[ M] 128. c:\program files\tencent\qq\phoneapi.dll
602C0000[0000D000]
[ M] 129. c:\program files\tencent\qq\dialerallinone.dll
600D0000[0001F000]
[ M] 130. c:\program files\tencent\qq\bqqapplication.dll
60C80000[0000F000]
[ M] 131. c:\program files\tencent\qq\personaldesktop.dll
60120000[0004F000]
[ M] 132. c:\program files\tencent\qq\commercesmng.dll
05E20000[0028B000]
[ M] 133. c:\program files\tencent\qq\qqaddr.dll
02850000[00044000]
[ M] 134. c:\program files\tencent\qq\npkcntc.dll
02820000[0000E000]
[ M] 135. c:\program files\tencent\qq\npkpdb.dll
026F0000[0002D000]
[ M] 136. c:\program files\tencent\qq\qqscenemng.dll
72C60000[00007000]
[ M] 137. c:\windows\system32\msadp32.acm
61780000[0000E000]
[ M] 138. c:\program files\tencent\qq\qqmagicface.dll
60750000[0001A000]
[ M] 139. c:\program files\tencent\qq\imageole.dll
60610000[00024000]
[ M] 140. c:\program files\tencent\qq\groupconnection.dll
62590000[00062000]
[ M] 141. c:\program files\tencent\qq\videodevice.dll
60780000[000DD000]
[ M] 142. c:\program files\tencent\qq\inplus.dll
041C0000[0008A000]
[ M] 143. c:\windows\system32\l3codeca.acm
+ 00000fc0(4032) Ravmond.exe
00400000[0004E000]
[AM] 6. c:\program files\rising\rav\ravmond.exe
10000000[0002E000]
[ M] 86. c:\program files\rising\rav\bwlist.dll
00740000[0001B000]
[ M] 64. c:\program files\rising\rav\rscommx.dll
00A70000[0000F000]
[ M] 144. c:\program files\rising\rav\rfwctrl.dll
00C80000[0000D000]
[ M] 145. c:\program files\rising\rav\rsppsys.dll
00CA0000[0000E000]
[ M] 62. c:\program files\rising\rav\rsappmgr.dll
08CC0000[0002F000]
[ M] 63. c:\program files\rising\rav\cfgdll.dll
23700000[0001A000]
[ M] 61. c:\program files\rising\rav\rscommon.dll
08F60000[0000B000]
[ M] 146. c:\program files\rising\rav\rslog.dll
08F70000[0000D000]
[ M] 147. c:\program files\rising\rav\hooksys.dll
090A0000[00029000]
[ M] 148. c:\program files\rising\rav\scanner.dll
13100000[0002E000]
[ M] 149. c:\program files\rising\rav\libload.dll
09200000[0002C000]
[ M] 150. c:\program files\rising\rav\viruslib.dll
09340000[00010000]
[ M] 151. c:\program files\rising\rav\regmon.dll
731B0000[0000A000]
[ M] 152. c:\program files\rising\rav\psapi.dll
09590000[0000D000]
[ M] 153. c:\program files\rising\rav\hookweb.dll
096B0000[00014000]
[ M] 154. c:\program files\rising\rav\memmon.dll
096E0000[0000E000]
[ M] 155. c:\program files\rising\rav\expscan.dll
096F0000[00012000]
[ M] 156. c:\program files\rising\rav\mports.dll
09A10000[0000D000]
[ M] 157. c:\program files\rising\rav\hookcont.dll
09A30000[00085000]
[ M] 158. c:\program files\rising\rav\spameng.dll
09AD0000[0003C000]
[ M] 159. c:\program files\rising\rav\engine.dll
0A360000[0002B000]
[ M] 160. c:\program files\rising\rav\posttrt.dll
0A4A0000[002DC000]
[ M] 161. c:\program files\rising\rav\unexe.dll
13AB0000[00038000]
[ M] 162. c:\program files\rising\rav\scanexec.dll
0AD10000[0003B000]
[ M] 163. c:\program files\rising\rav\scanex.dll
0A8A0000[000D6000]
[ M] 164. c:\program files\rising\rav\extfile.dll
0A990000[0001C000]
[ M] 165. c:\program files\rising\rav\nvfile.dll
13AF0000[00020000]
[ M] 166. c:\program files\rising\rav\scanmac.dll
0ABA0000[00029000]
[ M] 167. c:\program files\rising\rav\scansct.dll
0BFD0000[0003B000]
[ M] 168. c:\program files\rising\rav\extole.dll
Leoooo - 2007-7-19 17:00:00
c:\windows\system32\drivers\k4c0owp3g1.sys
c:\windows\system32\drivers\lbsdjdli.sys
c:\windows\system32\drivers\pptchpd5.sys
c:\windows\system32\drivers\quakedrv.sys
把这些可疑文件打包上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
© 2000 - 2026 Rising Corp. Ltd.