瑞星卡卡安全论坛

电脑信息检查,小菜鸟请求大侠帮助!
  检测日期: 2009-10-15 13:55
  Windows: Microsoft Windows XP ServicePack: Service Pack 2 Update: 2600.xpsp_sp2_qfe.090804-1435
  Internet Explorer: 8.0.6001.18702
  本报告由:木马清理王生成 网站: http://www.esesoft.com

  0 - 运行进程 - \SystemRoot\System32\smss.exe - 未知
  1 - 运行进程 - \??\C:\WINDOWS\system32\winlogon.exe - 未知
  2 - 运行进程 - C:\WINDOWS\system32\services.exe - Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.
  3 - 运行进程 - C:\WINDOWS\system32\lsass.exe - Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.
  4 - 运行进程 - C:\WINDOWS\system32\svchost.exe - Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.
  5 - 运行进程 - C:\Program Files\Rising\Ris\CCENTER.EXE - Rising AntiVirus 2009 Copyright (C) 2008
  6 - 运行进程 - C:\WINDOWS\System32\svchost.exe - Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.
  7 - 运行进程 - C:\Program Files\Rising\Ris\RavTask.exe - ravtask .exe Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
  8 - 运行进程 - C:\Program Files\Rising\Ris\RavMonD.exe - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
  9 - 运行进程 - f:\Program Files\360\360safe\deepscan\zhudongfangyu.exe - 360安全卫士 Copyright (C) 2006-2009 360安全中心
  10 - 运行进程 - C:\Program Files\Kingsoft\KSWebShieldSVC\KSWebShield.exe - 金山网盾 Copyright (C) 1998-2009 Kingsoft Corporation
  11 - 运行进程 - C:\WINDOWS\Explorer.EXE - Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.
  12 - 运行进程 - C:\WINDOWS\system32\spoolsv.exe - Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.
  13 - 运行进程 - C:\Program Files\Kingsoft\KSWebShieldSVC\kwstray.exe - 金山网盾 Copyright (C) 1998-2009 Kingsoft Corporation
  14 - 运行进程 - C:\Program Files\Rising\Ris\RsTray.exe - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
  15 - 运行进程 - F:\Program Files\360\360safe\safemon\360tray.exe -  版权所有 (C) 2008 360.cn
  16 - 运行进程 - F:\Program Files\EseSoft\AttMain.exe - 木马清理王 - 抗病毒软件 版权所有 (C) 2009 EseSoft
  17 - 运行进程 - F:\Program Files\EseSoft\FwProApp.exe - FwProApp 应用程序 版权所有 (C) 2008
  18 - 运行进程 - C:\Program Files\Common Files\Kingsoft\CommonService_Beta\kxeserv.exe - Kingsoft Antivirus XEngine System Copyright (C) 1998-2009 Kingsoft Corporation
    26 - 运行进程 - F:\Program Files\EseSoft\UsbMod.exe - 木马清理王 - USB 模块 版权所有 (C) 2009 EseSoft
  27 - 运行进程 - F:\Program Files\360\360safe\360Safe.exe - 360安全卫士 版权所有 (C) 2006-2009 奇虎网
  28 - 运行进程 - C:\Program Files\Internet Explorer\iexplore.exe - Windows? Internet Explorer ? Microsoft Corporation. All rights reserved.
  29 - 运行进程 - C:\Program Files\Internet Explorer\iexplore.exe - Windows? Internet Explorer ? Microsoft Corporation. All rights reserved.
  30 - 运行进程 - C:\WINDOWS\system32\svchost.exe - Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.
  31 - 运行进程 - F:\Program Files\EseSoft\SysAdMin.exe - 木马清理王 系统信息管理 版权所有 (C) 2008


  .
  94 - 已加载DLL - f:\Program Files\360\360safe\deepscan\CloudCom2.dll - 360安全卫士 Copyright (C) 2006-2009 360安全中心
  95 - 已加载DLL - f:\Program Files\360\360safe\deepscan\heavygate.dll - 360安全卫士 Copyright (C) 2006-2009 360安全中心
  96 - 已加载DLL - f:\Program Files\360\360safe\SoftMgr\360SoftMgrS.dll - 360软件管家 Copyright ? 2009
  97 - 已加载DLL - f:\Program Files\360\360safe\deepscan\qutmload.dll -  版权所有(C) 2006-2008 360.CN
  98 - 已加载DLL - C:\Program Files\Kingsoft\KSWebShieldSVC\kwssp.dll - 金山网盾 Copyright (C) 1998-2009 Kingsoft Corporation
  99 - 已加载DLL - C:\Program Files\Kingsoft\KSWebShieldSVC\kwsui.dll - 金山网盾 Copyright (C) 1998-2009 Kingsoft Corporation
100 - 已加载DLL - F:\Program Files\360\360safe\safemon\safemon.dll -  版权所有(C) 2006-2008 360.CN
101 - 已加载DLL - C:\Program Files\Rising\Ris\RavScrCh.dll - rising Copyright(C) 2009-2010 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
102 - 已加载DLL - C:\Program Files\Rising\Ris\ComServ.dll - comservice Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
103 - 已加载DLL - C:\Program Files\Rising\Ris\rslang.dll - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
104 - 已加载DLL - C:\Program Files\Rising\Ris\rsxml.dll - Rising AntiVirus 2009 Copyright(C) 2008 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
105 - 已加载DLL - C:\Program Files\Rising\Ris\MonState.dll - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
106 - 已加载DLL - C:\Program Files\Rising\Ris\ScanEvnt.dll - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
107 - 已加载DLL - C:\Program Files\Rising\Ris\rsguilib.dll - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
108 - 已加载DLL - C:\Program Files\Rising\Ris\rspalvd.dll - Rising Antivirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
109 - 已加载DLL - C:\Program Files\Rising\Ris\ravbintl.dll - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
110 - 已加载DLL - C:\Program Files\Rising\Ris\mruleui.dll - Rising Antivirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
111 - 已加载DLL - C:\Program Files\Rising\Ris\MonTray.dll - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
心
128 - 已加载DLL - F:\Program Files\360\360safe\efiproc.dll - 360Safe efiproc Copyright  2009
129 - 已加载DLL - F:\Program Files\360\360safe\LiveUpd360.dll - 360升级加速模块 版权所有 (C) 2006-2008 奇虎网
130 - 已加载DLL - F:\Program Files\360\360safe\360net.dll - 奇虎网 HttpDown 版权所有 (C) 2008 360Safe.com
131 - 已加载DLL - F:\Program Files\EseSoft\ScanEngine.dll - ScanEngine 电脑医生查杀引擎 版权所有 (C) 2009 EseSoft
132 - 已加载DLL - F:\Program Files\EseSoft\CheckTrust.dll - 木马清理王Module 版权所有 (C) 2009 EseSoft
133 - 已加载DLL - F:\Program Files\EseSoft\SkinPlusPlus.dll - Skin Module Skin Module
134 - 已加载DLL - C:\WINDOWS\system32\RavExt.dll - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
135 - 已加载DLL - C:\Program Files\Common Files\Kingsoft\CommonService_Beta\jsonv6.dll - Kingsoft Antivirus XEngine System Copyright (C) 1998-2009 Kingsoft Corporation
136 - 已加载DLL - C:\Program Files\Common Files\Kingsoft\CommonService_Beta\kxedump.dll - Kingsoft Antivirus XEngine System Copyright (C) 1998-2009 Kingsoft Corporation
137 - 已加载DLL - C:\Program Files\Common Files\Kingsoft\CommonService_Beta\scom.dll - Kingsoft Antivirus XEngine System Copyright (C) 1998-2009 Kingsoft Corporation
138 - 已加载DLL - C:\Program Files\Common Files\Kingsoft\CommonService_Beta\kxebase.dll - Kingsoft Antivirus XEngine System Copyright (C) 1998-2009 Kingsoft Corporation
139 - 已加载DLL - C:\Program Files\Common Files\Kingsoft\CommonService_Beta\kxecore\kxelog.dll - Kingsoft Antivirus XEngine System Copyright (C) 1998-2009 Kingsoft Corporation
140 - 已加载DLL - C:\Program Files\Common Files\Kingsoft\CommonService_Beta\kxecore\kxecore.dll - Kingsoft Antivirus XEngine System Copyright (C) 1998-2009 Kingsoft Corporation
141 - 已加载DLL - C:\Program Files\Common Files\Kingsoft\CommonService_Beta\kxecore\kxestat.dll - Kingsoft Antivirus XEngine System Copyright (C) 1998-2009 Kingsoft Corporation
142 - 已加载DLL - C:\Program Files\Rising\Ris\scansrvp.dll - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
143 - 已加载DLL - C:\Program Files\Rising\Ris\ScanSrv.dll - Rising AntiVirus 2009 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
144 - 已加载DLL - C:\Program Files\Rising\Ris\NComm.dll - 瑞星卡卡上网安全助手 Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
145 - 已加载DLL - F:\Program Files\360\360safe\AntiEng.dll - 360安全卫士诊断模块 Copyright (C) 2006-2008 360Safe.com
146 - 已加载DLL - F:\Program Files\360\360safe\deepscan\cloudsec.dll - 360安全卫士 Copyright (C) 2006-2009 360安全中心
147 - 已加载DLL - F:\Program Files\360\360safe\CleanHis.dll - History Purge Copyright (C) 2006-2007 奇虎网
148 - 已加载DLL - F:\Program Files\360\360safe\360Examin.dll - 360安全卫士 Copyright (C) 2009 360安全中心
149 - 已加载DLL - F:\Program Files\360\360safe\IEScan.dll - 360safe IEScan Copyright ? 2009
150 - 已加载DLL - F:\Program Files\360\360safe\LeakCheck.dll - LeakCheck Module 版权所有 (C) 2006 360Safe.com
151 - 已加载DLL - F:\Program Files\360\360safe\deepscan\cloudsec2.dll - 360安全卫士 Copyright (C) 2006-2009 360安全中心
152 - 已加载DLL - F:\Program Files\360\360safe\deepscan\deepscan.dll - 360安全卫士 Copyright (C) 2006-2009 360安全中心
153 - 已加载DLL - F:\Program Files\360\360safe\deepscan\bfsdll.dll - bfsdll 版权所有(C) 2006-2008 360安全中心
154 - 已加载DLL - F:\Program Files\360\360safe\deepscan\bregdll.dll - 版权所有(C) 2006-2008 360安全中心 版权所有(C) 2006-2008 360安全中心
155 - 已加载DLL - C:\Program Files\Kingsoft\KSWebShieldSVC\kswebshield.dll - 金山网盾 Copyright (C) 1998-2009 Kingsoft Corporation
156 - 已加载DLL - C:\Program Files\Kingsoft\KSWebShieldSVC\kswbc.dll - 金山网盾 Copyright (C) 1998-2009 Kingsoft Corporation
157 - 已加载DLL - C:\Program Files\QvodPlayer\QvodExtend.dll - QvodExtend Copyright(C) 2006-2008 QVOD
158 - 已加载DLL - C:\PROGRA~1\baidu\bar\baidubar.dll - BaiduBar Module Copyright 2005
159 - 已加载DLL - C:\WINDOWS\system32\UrlFilter.dll - 瑞星卡卡上网安全助手6.0 Copyright(C) 2008 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
160 - 已加载DLL - C:\Program Files\Rising\AntiSpyware\UrlRule.dll - rising Copyright(C) 2008 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.


162 - 开机启动 - RisTray - "C:\Program Files\Rising\Ris\RsTray.exe" -system
163 - 开机启动 - NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
164 - 开机启动 - 360Safetray - "f:\Program Files\360\360safe\safemon\360tray.exe" /start
165 - 开机启动 - AntiVirusWmSrv - F:\Program Files\EseSoft\AttMain.exe -PowerOn
166 - 开机启动 - AntiVirusWmSrv-FWMon - f:\Program Files\EseSoft\FwProApp.exe -Power
167 - 开机启动 - KernelFaultCheck - %systemroot%\system32\dumprep 0 -k
168 - 开机启动 - ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe


170 - 自动播放文件 - C:\Autorun.inf -
171 - 自动播放程序 - C:\\ -
172 - 自动播放文件 - D:\Autorun.inf -
173 - 自动播放程序 - D:\\ -
174 - 自动播放文件 - E:\Autorun.inf -
175 - 自动播放程序 - E:\\ -
176 - 自动播放文件 - F:\Autorun.inf -
177 - 自动播放程序 - F:\\ -


179 - 服务 - 360SelfProtection - C:\WINDOWS\system32\drivers\360selfprotection.sys
180 - 服务 - AFD - \SystemRoot\System32\drivers\afd.sys
181 - 服务 - BC - C:\WINDOWS\system32\drivers\bc.sys
182 - 服务 - BdGuard - C:\WINDOWS\system32\drivers\bdguard.sys
183 - 服务 - BFSDRV - c:\windows\system32\drivers\bfsdrv.sys
184 - 服务 - bootsafe - C:\WINDOWS\system32\drivers\bootsafe.sys
185 - 服务 - BREGDRV - c:\windows\system32\drivers\bregdrv.sys
186 - 服务 - Coach Digital Camera on USB - C:\WINDOWS\system32\drivers\coachusb.sys
187 - 服务 - Coach Video Capture - C:\WINDOWS\system32\drivers\coachvc.sys
188 - 服务 - ComputerZ - e:\program files\ludashi\computerz.sys
189 - 服务 - DCOM Server Process Launcher - C:\WINDOWS\system32\svchost
190 - 服务 - Intel(R) PRO/1000 Network Connection Driver - C:\WINDOWS\system32\drivers\e1000325.sys
191 - 服务 - EfiSystemMon - C:\WINDOWS\system32\drivers\efimon.sys
192 - 服务 - hookcont - C:\WINDOWS\system32\drivers\hookcont.sys
193 - 服务 - HookPort - C:\WINDOWS\system32\drivers\hookport.sys
194 - 服务 - hooksys - C:\WINDOWS\system32\drivers\hooksys.sys
195 - 服务 - Kingsoft Antivirus WebShield Service - C:\Program Files\Kingsoft\KSWebShieldSVC\KSWebShield.exe
196 - 服务 - Kingsoft Rescue Service - C:\Program Files\kingsoft\KSM2\KSMSvc.exe
197 - 服务 - Kingsoft Antivirus XEngine Service(Beta) - C:\Program Files\Common Files\Kingsoft\CommonService_Beta\kxeserv.exe
198 - 服务 - MidiSyn - C:\WINDOWS\system32\drivers\midisyn.sys
199 - 服务 - ATK0110 ACPI UTILITY - C:\WINDOWS\system32\drivers\asacpi.sys
200 - 服务 - npkcrypt - c:\program files\tencent\qq\npkcrypt.sys
201 - 服务 - NVIDIA Display Driver Service - C:\WINDOWS\system32\nvsvc32.exe
202 - 服务 - Quantum DeepScanner Servers - c:\windows\system32\drivers\qutmdrv.sys
203 - 服务 - Rising RfwBase Driver - C:\WINDOWS\system32\drivers\rfwbase.sys
204 - 服务 - rfwtdi - c:\program files\rising\ris\rfwtdi.sys
205 - 服务 - Ris Process Communication Center - C:\Program Files\Rising\Ris\CCENTER.EXE
206 - 服务 - Rising RisTask Manager - "C:\Program Files\Rising\Ris\RavTask.exe" RisTask
207 - 服务 - Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost
208 - 服务 - rsfwdrv - c:\program files\rising\ris\rsfwdrv.sys
209 - 服务 - RsNTGDI - C:\WINDOWS\system32\drivers\rsntgdi.sys
210 - 服务 - Rising RealTime Monitor - C:\Program Files\Rising\Ris\RavMonD.exe
211 - 服务 - Rising Scan Service - C:\Program Files\Rising\Ris\ScanFrm.exe
212 - 服务 - SKNFW - c:\windows\system32\drivers\sknfw.sys
213 - 服务 - SoundMAX Agent Service - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
214 - 服务 - Terminal Services - C:\WINDOWS\system32\svchost
215 - 服务 - TesSafe - c:\windows\system32\tessafe.sys
216 - 服务 - Tencent Software Update Service - "C:\Program Files\Tencent\QQSoftMgr\TencentUpdateSvc.exe" -run
217 - 服务 - 主动防御 - "f:\Program Files\360\360safe\deepscan\zhudongfangyu.exe"


219 - IE主页-当前用户 - Start Page - http://www.2345.com/?1236
220 - IE搜索-当前用户 - Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
221 - IE主页-所有用户 - Start Page - about:blank
222 - IE搜索-所有用户 - Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
223 - 默认IE主页-所有用户 - Default_Page_URL - http
224 - 默认IE搜索-所有用户 - Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


226 - IE 嵌入对象 - ThunderAtOnce Class - d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
227 - IE 嵌入对象 - QQ工具栏 - C:\Program Files\Tencent\QQToolbar\IEBar.dll
228 - IE 嵌入对象 - RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
229 - IE 嵌入对象 - QvodExtend - C:\Program Files\QvodPlayer\QvodExtend.dll
230 - IE 嵌入对象 - wybhotool Class - wybh
231 - IE 嵌入对象 - BandIE Class - C:\PROGRA~1\baidu\bar\baidubar.dll
232 - IE 嵌入对象 - Thunder Browser Helper - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
233 - IE 嵌入对象 - 卡卡上网安全助手 - C:\WINDOWS\system32\UrlFilter.dll
234 - IE 嵌入对象 - SafeMon Class - f:\Program Files\360\360safe\safemon\safemon.dll


236 - Outlook Express Address Book <IE控件> - {233A9694-667E-11D1-9DFB-006097D50408} - %ProgramFiles%\Outlook Express\msoe.dll


238 - Explorer嵌入对象 - PostBootReminder - %SystemRoot%\system32\SHELL32.dll
239 - Explorer嵌入对象 - CDBurn - %SystemRoot%\system32\SHELL32.dll
240 - Explorer嵌入对象 - WebCheck - C:\WINDOWS\system32\webcheck.dll


242 - EXE关联 -  - "%1" %*
243 - TXT关联 -  - C:\WINDOWS\notepad.exe %1
244 - vbs关联 -  - %SystemRoot%\System32\WScript.exe "%1" %*
245 - Js关联 -  - %SystemRoot%\System32\WScript.exe "%1" %*
246 - htmlfile关联 -  - "C:\Program Files\internet explorer\iexplore.exe" "%1"
247 - HTTP协议 -  - "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
248 - FTP协议 -  - "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1


  【怀疑有恶意的项目,建议由安全专家诊断】
170 - 自动播放文件 - C:\Autorun.inf -
171 - 自动播放程序 - C:\\ -
172 - 自动播放文件 - D:\Autorun.inf -
173 - 自动播放程序 - D:\\ -
174 - 自动播放文件 - E:\Autorun.inf -
175 - 自动播放程序 - E:\\ -
176 - 自动播放文件 - F:\Autorun.inf -
177 - 自动播放程序 - F:\\ -
196 - 服务 - Kingsoft Rescue Service - C:\Program Files\kingsoft\KSM2\KSMSvc.exe
201 - 服务 - NVIDIA Display Driver Service - C:\WINDOWS\system32\nvsvc32.exe
212 - 服务 - SKNFW - c:\windows\system32\drivers\sknfw.sys

查什么，把要求说出来，同时系统目前什么症状。
另外日志以附件的形式发上了，这样看太费劲。
最好提供sreng日志。