卡卡扫描的电脑诊断日志有没有问题啊? bbs.ikaka.com

dqfgigi - 2007-10-12 10:19:00

瑞星卡卡电脑诊断日志 v1.30 (2007-10-12 9:44:38) 北京瑞星科技股份有限公司

注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
Ati HotKey Poller
[AM] 1. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,

RsCCenter
[A ] 2. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,

RsRavMon
[A ] 3. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,

UMWdf
[AM] 4. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,

+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
BaseTDI
[A ] 5. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,

ExpScaner
[A ] 6. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,

gdrv
[A ] 7. c:\windows\gdrv.sys
Windows (R) 2000 DDK provider
GIGABYTE Tools
.text,.rdata,INIT,.rsrc,.reloc,

HDAudBus
[A ] 8. c:\windows\system32\drivers\hdaudbus.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Bus Driver v1.0a
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

HookCont
[A ] 9. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,

HookReg
[A ] 10. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,

HookSys
[A ] 11. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,

IntcAzAudAddService
[A ] 12. c:\windows\system32\drivers\rtkhdaud.sys
Realtek Semiconductor Corp.
Realtek(r) High Definition Audio Function Driver
.text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,

iteraid
[A ] 13. c:\windows\system32\drivers\iteraid.sys
Integrated Technology Express, Inc.
ITE IT8212 ATA RAID SCSI miniport
.text,.rdata,.data,INIT,.rsrc,.reloc,

MEMSCAN
[A ] 14. c:\program files\rising\rav\memscan.sys
Beijing Rising Technology Co., Ltd.
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

pfc
[A ] 15. c:\windows\system32\drivers\pfc.sys
Padus, Inc.
Padus(R) ASPI Shell
.text,.rdata,.data,INIT,.rsrc,.reloc,

qildn
[A ] 16. c:\windows\system32\drivers\qildn.sys
北京三七二一科技有限公司
sys 应用程序
.text,.rdata,.data,INIT,.rsrc,.reloc,

RsAntiSpyware
[A ] 17. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

RsNTGDI
[A ] 18. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,

RSPPSYS
[A ] 19. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,

Secdrv
[A ] 20. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,

+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent
[AM] 21. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,

+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[A ] 22. c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe PDF Helper for Internet Explorer
.text,.rdata,.data,.rsrc,.reloc,

+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}
[AM] 23. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.orpc,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Portable Media Devices
[A ] 24. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,

Portable Media Devices Menu
[A ] 24. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,

WinRAR shell extension
[AM] 25. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,

RISING
[AM] 26. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,

EPSON STM3 Shell Extension
[A ] 27. c:\windows\system32\spool\drivers\w32x86\3\e_shel01.dll
SEIKO EPSON CORPORATION
EPSON Status Monitor 3
.text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 28. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,

{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 26. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,

+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
runeip
[AM] 29. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,

RavTask
[A ] 30. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 31. c:\program files\rising\antispyware\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

dqfgigi - 2007-10-12 10:20:00

+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 32. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,

[A ] 33. c:\windows\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,

+ 打印机监控
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
EPSON V3 2KMonitor59
[AM] 34. c:\windows\system32\e_sl2059.dll
SEIKO EPSON CORPORATION
EPSON Bidirectional Monitor
.text,.data,.rsrc,.reloc,

EPSON V3 2KMonitor60
[AM] 35. c:\windows\system32\e_sl2060.dll
SEIKO EPSON CORPORATION
EPSON Bidirectional Monitor
.text,.data,.rsrc,.reloc,

EPSON V5 2KMonitor
[AM] 36. c:\windows\system32\ebpmon2.dll
SEIKO EPSON CORPORATION
EPSON Bidirectional Monitor
.text,.data,.rsrc,.reloc,

+ 其他自启动项目
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
EPSON Status Monitor 3 Environment Check(3).lnk
[A ] 37. c:\windows\system32\spool\drivers\w32x86\3\e_srcv03.exe
SEIKO EPSON CORPORATION
StatusMonitor3 Environment Check
.text,.rdata,.data,.rsrc,

+ 正在运行的进程
+ 0000010c(268) wdfmgr.exe
01000000[0000C000]
[AM] 4. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,

+ 00000198(408) smss.exe

+ 000001d8(472) ctfmon.exe
10000000[0001B000]
[ M] 38. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

+ 0000020c(524) Ras.exe
00400000[00160000]
[ M] 39. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,

10000000[00013000]
[ M] 40. c:\program files\rising\antispyware\topsoft.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware TopSoft
.text,.rdata,.data,.rsrc,.reloc,

7C140000[00103000]
[ M] 41. c:\program files\rising\antispyware\mfc71.dll
Microsoft Corporation
MFCDLL Shared Library - Retail Version
.text,.data,.rsrc,.reloc,

7C340000[00056000]
[ M] 42. c:\program files\rising\antispyware\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

7C3A0000[0007B000]
[ M] 43. c:\program files\rising\antispyware\msvcp71.dll
Microsoft Corporation
Microsoft? C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

00E10000[000BD000]
[ M] 44. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,

01510000[00011000]
[AM] 28. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,

01540000[0001B000]
[AM] 26. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,

015D0000[0001B000]
[ M] 38. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

02DD0000[0002F000]
[ M] 45. c:\program files\rising\antispyware\engine.dll
Beijing Rising Technology Co., Ltd.
kaka engine
.text,.rdata,.data,.rsrc,.reloc,

01A60000[00012000]
[ M] 46. c:\program files\rising\antispyware\zip.dll
rising
zip
UPX0,UPX1,.rsrc,

022A0000[00019000]
[ M] 47. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,

+ 0000029c(668) csrss.exe

+ 000002b8(696) winlogon.exe
10000000[00010000]
[AM] 21. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,

72C80000[00008000]
[ M] 48. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

+ 000002e8(744) services.exe

+ 000002f4(756) lsass.exe

+ 00000390(912) Ati2evxx.exe
00400000[00061000]
[AM] 1. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,

003E0000[0000F000]
[ M] 49. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,

+ 0000039c(924) svchost.exe

+ 000003ec(1004) svchost.exe

+ 00000464(1124) alg.exe

+ 00000470(1136) svchost.exe
50E60000[0000C000]
[ M] 50. c:\windows\system32\wups2.dll
Microsoft Corporation
Windows Update client proxy stub 2
.text,.orpc,.data,.rsrc,.reloc,

+ 000004d4(1236) svchost.exe

+ 00000510(1296) svchost.exe

+ 00000630(1584) Ati2evxx.exe
00400000[00061000]
[AM] 1. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,

003E0000[0000F000]
[ M] 49. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,

10000000[0001B000]
[ M] 38. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

+ 00000678(1656) Explorer.EXE
72C80000[00008000]
[ M] 48. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

018C0000[0005B000]
[AM] 23. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.orpc,.rdata,.data,.rsrc,.reloc,

01940000[0004C000]
[ M] 51. c:\program files\common files\adobe\acrobat\activex\pdfshell.chs
Adobe Systems, Inc.
PDF Shell Extension
.rsrc,.reloc,

019D0000[0001B000]
[ M] 38. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

015D0000[0001B000]
[AM] 26. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,

01110000[0002E000]
[AM] 25. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,

23700000[0001A000]
[ M] 52. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

10000000[00011000]
[AM] 28. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,

+ 000006f4(1780) spoolsv.exe
50400000[00011000]
[AM] 34. c:\windows\system32\e_sl2059.dll
SEIKO EPSON CORPORATION
EPSON Bidirectional Monitor
.text,.data,.rsrc,.reloc,

00AE0000[00011000]
[AM] 35. c:\windows\system32\e_sl2060.dll
SEIKO EPSON CORPORATION
EPSON Bidirectional Monitor
.text,.data,.rsrc,.reloc,

00B00000[00012000]
[AM] 36. c:\windows\system32\ebpmon2.dll
SEIKO EPSON CORPORATION
EPSON Bidirectional Monitor
.text,.data,.rsrc,.reloc,

+ 000007e4(2020) RavStub.exe
00400000[00018000]
[ M] 53. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,

10000000[0001B000]
[ M] 54. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,

23700000[0001A000]
[ M] 52. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

+ 00000c2c(3116) runiep.exe
00400000[00013000]
[AM] 29. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,

00C50000[0001B000]
[ M] 38. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

千寻旅 - 2007-10-12 10:23:00

在这提日志，用下面的工具，提取后你另外新开一帖吧

下载 System Repair Engineer系统扫描工具软件，下载地址如下：
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法：
1、解压缩所下载的sreng2.zip压缩包；
2、打开已经解压缩的SRENG文件夹，双击运行其中的SREngPS.exe；
3、依次按“智能扫描”、“扫描”、“保存报告”，将日志保存到硬盘上；
4、找到并打开日志，把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上，不要修改地传上来（日志很长，一个帖子搞不完，请手动将全部内容在同一个主题帖下分多个回复帖子传上来）。
友情提示：
1、扫描日志前请先关闭所有打开的软件（如QQ、迅雷等下载程序什么的程序）和IE窗口（请注意，是关闭而不是最小化窗口）
2、注意在没有进一步提示前，请勿用SRENG工具胡乱修复，否则系统可能变的情况更糟。
3、SRENG操作图文详解：http://forum.ikaka.com/topic.asp?board=201&artid=8343881

瑞星卡卡安全论坛