瑞星卡卡电脑诊断日志 v1.30 (2007-9-14 14:30:5)  北京瑞星科技股份有限公司

注释:    [A]表示该文件存在自启动关联;
    [M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      Ati HotKey Poller
        [AM] 1. c:\windows\system32\ati2evxx.exe


      ose
        [AM] 2. c:\program files\common files\microsoft shared\source engine\ose.exe


      RfwProxySrv
        [A ] 3. c:\program files\rising\rfw\rfwproxy.exe


      RfwService
        [AM] 4. c:\program files\rising\rfw\rfwsrv.exe


      RsCCenter
        [AM] 5. c:\program files\rising\rav\ccenter.exe


      RsRavMon
        [A ] 6. c:\program files\rising\rav\ravmond.exe


      WMPNetworkSvc
        [A ] 7. c:\program files\windows media player\wmpnetwk.exe


      WudfSvc
        [A ] 8. c:\windows\system32\wudfsvc.dll




  + 内核驱动
    + HKLM\System\CurrentControlSet\Services
      ALCXWDM
        [A ] 9. c:\windows\system32\drivers\alcxwdm.sys


      AmdK8
        [A ] 10. c:\windows\system32\drivers\amdk8.sys


      BaseTDI
        [A ] 11. c:\windows\system32\drivers\basetdi.sys


      ExpScaner
        [A ] 12. c:\program files\rising\rav\expscan.sys


      HookCont
        [A ] 13. c:\program files\rising\rav\hookcont.sys


      HookReg
        [A ] 14. c:\program files\rising\rav\hookreg.sys


      HookSys
        [A ] 15. c:\program files\rising\rav\hooksys.sys


      HookUrl
        [A ] 16. c:\program files\rising\rfw\hookurl.sys


      MEMSCAN
        [A ] 17. c:\program files\rising\rav\memscan.sys


      mProcRs
        [A ] 18. c:\program files\rising\rfw\mprocrs.sys


      npkcrypt
        [A ] 19. d:\program files\qq2007\npkcrypt.sys


      NVATABUS
        [A ] 20. c:\windows\system32\drivers\nvatabus.sys


      nv_agp
        [A ] 21. c:\windows\system32\drivers\nv_agp.sys


      RsAntiSpyware
        [A ] 22. c:\windows\system32\drivers\rsboot.sys


      RsFwDrv
        [A ] 23. c:\program files\rising\rfw\rsfwdrv.sys


      RsNTGDI
        [A ] 24. c:\windows\system32\drivers\rsntgdi.sys


      RSPPSYS
        [A ] 25. c:\program files\rising\rav\rsppsys.sys


      Secdrv
        [A ] 26. c:\windows\system32\drivers\secdrv.sys


      WudfPf
        [A ] 27. c:\windows\system32\drivers\wudfpf.sys


      WudfRd
        [A ] 28. c:\windows\system32\drivers\wudfrd.sys


      yukonwxp
        [A ] 29. c:\windows\system32\drivers\yk51x86.sys




  + 系统登陆自运行
    + HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
      AtiExtEvent
        [AM] 30. c:\windows\system32\ati2evxx.dll




  + IE浏览器加载模块
    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
        [A ] 31. c:\windows\system32\kakatool.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {01443AEC-0FD1-40fd-9C87-E93D1494C233}
        [A ] 32. c:\program files\thunder\comdlls\tdatonce_now.dll


      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
        [A ] 33. c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll


      {C2626E66-D21B-E628-C1DF-1DACCFA36ED2}
        [A ] 34. c:\program files\common files\fjos0r.dll


      {F08555AF-9CC3-11D2-AA8E-000000000000}
        [A ] 35. c:\program files\thunder\comdlls\xunleibho_now.dll




  + 资源管理器加载模块
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
      text/xml
        [A ] 36. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll



    + HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
      {F9DB5320-233E-11D1-9F84-707F02C10627}
        [A ] 37. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 38. c:\windows\system32\hticons.dll


      WinRAR shell extension
        [A ] 39. c:\program files\winrar\rarext.dll


      Shell Extensions for RealOne Player
        [A ] 40. c:\program files\real\realplayer\rpshell.dll


      Microsoft Office HTML Icon Handler
        [A ] 41. c:\program files\microsoft office\office11\msohev.dll


      Web Folders
        [A ] 42. c:\program files\common files\microsoft shared\web folders\msonsext.dll


      Portable Media Devices
        [A ] 43. c:\windows\system32\audiodev.dll


      Portable Devices
        [A ] 44. c:\windows\system32\wpdshext.dll


      Portable Devices Menu
        [A ] 44. c:\windows\system32\wpdshext.dll


      RISING
        [AM] 45. c:\windows\system32\ravext.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {32CD708B-60A7-4C00-9377-D73EAA495F0F}
        [AM] 45. c:\windows\system32\ravext.dll


      {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
        [AM] 46. c:\windows\system32\shlhook.dll


      {CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}
        [AM] 47. c:\program files\internet explorer\onlo0r.dll


      {3422FB0F-95EB-458A-8B56-39552017A4EF}
        [AM] 48. c:\windows\system32\mhdoor0.dll


      {5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}
        [AM] 49. c:\windows\system32\wodoor0.dll


      {E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}
        [AM] 50. c:\windows\system32\wldoor0.dll


      {E952B8F8-D91A-4EDD-851C-EE1A0F944469}
        [AM] 51. c:\windows\system32\ztdoor0.dll


      {A3C95A74-638D-4C6B-A856-4B27664A7F47}
        [AM] 52. c:\windows\system32\wgdoor0.dll


      {D8CC4845-441C-44F8-9053-28F2EF67655B}
        [AM] 53. c:\windows\system32\dadoor0.dll


      {08E909A4-B236-48DD-8BCC-90A604B93E68}
        [AM] 54. c:\windows\system32\tldoor1.dll


      {781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}
        [AM] 55. c:\windows\system32\zxdoor1.dll


      {4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}
        [AM] 56. c:\windows\system32\mydoor1.dll


      {ABD0935D-B35A-47BD-BA9A-81678DDE74DD}
        [AM] 57. c:\windows\system32\qhdoor1.dll


      {EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}
        [AM] 58. c:\windows\system32\rxdoor0.dll


      {6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}
        [AM] 59. c:\windows\system32\qjdoor0.dll


      {0DAEBA6A-86CA-4B96-AF96-0C8C2C358FBD}
        [AM] 60. c:\windows\system32\dhdoor0.dll


      {68F7767A-090C-4BBF-A015-720ACC6706E2}
        [AM] 61. c:\windows\system32\wddoor0.dll


      {04A0CB31-FDEB-4EB8-889B-E00ED87BCE23}
        [AM] 62. c:\windows\system32\cqdoor0.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
      WPDShServiceObj
        [AM] 63. c:\windows\system32\wpdshserviceobj.dll




  + 用户登陆自运行项目
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      QQNetbar
        [AM] 64. d:\同吧\qqnetbar\qqnetbar.exe


      Adobe Reader Speed Launcher
        [A ] 65. d:\program files\adobe\reader 8.0\reader\reader_sl.exe


      RavTask
        [AM] 66. c:\program files\rising\rav\ravtask.exe


      runeip
        [AM] 67. c:\program files\rising\antispyware\runiep.exe



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      KKDelay
        [A ] 68. c:\program files\rising\antispyware\runonce.exe




  + 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 69. c:\windows\system32\bsmain.exe

        [A ] 70. c:\windows\system32\kknative.exe




  + 映像劫持
    + HKCR\.html
      htmlfile\Edit\Command
        [A ] 71. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\Print\Command
        [A ] 71. c:\program files\microsoft office\office11\msohtmed.exe



    + HKCR\.htm
      htmlfile\Edit\Command
        [A ] 71. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\Print\Command
        [A ] 71. c:\program files\microsoft office\office11\msohtmed.exe

瑞星打不开，就修复一下看看，实在不成，只能是重装瑞星了。