木马克星检查有木马.端星检查正常.电脑一直出现发送信息错误.请各位大侠看看.
瑞星卡卡电脑诊断日志 v1.30 (2007-12-1 11:28:37)  北京瑞星科技股份有限公司

注释:    [A]表示该文件存在自启动关联;
    [M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      ose
        [A ] 1. c:\program files\common files\microsoft shared\source engine\ose.exe


      RsCCenter
        [AM] 2. c:\program files\rising\rav\ccenter.exe


      RsRavMon
        [AM] 3. c:\program files\rising\rav\ravmond.exe


      UMWdf
        [AM] 4. c:\windows\system32\wdfmgr.exe


[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

接上.
+ 内核驱动
    + HKLM\System\CurrentControlSet\Services
      HookCont
        [A ] 5. c:\windows\system32\drivers\hookcont.sys


      HookNtos
        [A ] 6. c:\windows\system32\drivers\hookntos.sys


      HookReg
        [A ] 7. c:\windows\system32\drivers\hookreg.sys


      HookSys
        [A ] 8. c:\windows\system32\drivers\hooksys.sys


      RsAntiSpyware
        [A ] 9. c:\windows\system32\drivers\rsboot.sys


      RsNTGDI
        [A ] 10. c:\windows\system32\drivers\rsntgdi.sys


      Secdrv
        [A ] 11. c:\windows\system32\drivers\secdrv.sys


      SKNFW
        [A ] 12. c:\windows\system32\drivers\sknfw.sys
+ 内核驱动
    + HKLM\System\CurrentControlSet\Services
      HookCont
        [A ] 5. c:\windows\system32\drivers\hookcont.sys


      HookNtos
        [A ] 6. c:\windows\system32\drivers\hookntos.sys


      HookReg
        [A ] 7. c:\windows\system32\drivers\hookreg.sys


      HookSys
        [A ] 8. c:\windows\system32\drivers\hooksys.sys


      RsAntiSpyware
        [A ] 9. c:\windows\system32\drivers\rsboot.sys


      RsNTGDI
        [A ] 10. c:\windows\system32\drivers\rsntgdi.sys


      Secdrv
        [A ] 11. c:\windows\system32\drivers\secdrv.sys


      SKNFW
        [A ] 12. c:\windows\system32\drivers\sknfw.sys

接上.
+ 资源管理器加载模块
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
      text/xml
        [A ] 17. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll



    + HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
      mso-offdap11
        [A ] 18. c:\program files\common files\microsoft shared\web components\11\owc11.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 19. c:\windows\system32\hticons.dll


      WinRAR shell extension
        [AM] 20. c:\program files\winrar\rarext.dll


      Web Folders
        [A ] 21. c:\program files\common files\microsoft shared\web folders\msonsext.dll


      Microsoft Office HTML Icon Handler
        [A ] 22. c:\program files\microsoft office\office11\msohev.dll


      Portable Media Devices
        [A ] 23. c:\windows\system32\audiodev.dll


      Portable Media Devices Menu
        [A ] 23. c:\windows\system32\audiodev.dll
RISING
        [AM] 24. c:\windows\system32\ravext.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {32CD708B-60A7-4C00-9377-D73EAA495F0F}
        [AM] 24. c:\windows\system32\ravext.dll

接上.
+ 用户登陆自运行项目
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      SKYNET Personal FireWall
        [AM] 25. c:\program files\skynet\firewall\pfwmain.exe


      runeip
        [A ] 26. c:\program files\rising\antispyware\runiep.exe


      RavTask
        [AM] 27. c:\program files\rising\rav\ravtask.exe




  + 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 28. c:\windows\system32\bsmain.exe

        [A ] 29. c:\windows\system32\kknative.exe
+ 用户登陆自运行项目
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      SKYNET Personal FireWall
        [AM] 25. c:\program files\skynet\firewall\pfwmain.exe


      runeip
        [A ] 26. c:\program files\rising\antispyware\runiep.exe


      RavTask
        [AM] 27. c:\program files\rising\rav\ravtask.exe




  + 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 28. c:\windows\system32\bsmain.exe

        [A ] 29. c:\windows\system32\kknative.exe

接上.日志里有二个用户登陆自运行项目和开机执行.不知是否是木马造成?

+ 正在运行的进程
  + 000000ac(172) wdfmgr.exe
    01000000[0000C000]
      [AM] 4. c:\windows\system32\wdfmgr.exe



  + 00000194(404) smss.exe

  + 000001c4(452) RsAgent.exe
    00400000[00044000]
      [ M] 32. c:\program files\rising\rav\rsagent.exe


    7C140000[00103000]
      [ M] 33. c:\windows\system32\mfc71.dll


    7C340000[00056000]
      [ M] 34. c:\windows\system32\msvcr71.dll


    7C3A0000[0007B000]
      [ M] 35. c:\windows\system32\msvcp71.dll


    10000000[0001F000]
      [ M] 36. c:\program files\rising\rav\proccom.dll


    00B90000[00024000]
      [ M] 37. c:\program files\rising\rav\rscommx2.dll
+ 000001dc(476) alg.exe

  + 000001e4(484) csrss.exe

  + 000001fc(508) winlogon.exe
    72C80000[00008000]
      [ M] 38. c:\windows\system32\msacm32.drv



  + 00000228(552) services.exe

  + 00000234(564) lsass.exe

  + 000002a4(676) Ras.exe
    00400000[00170000]
      [ M] 39. c:\program files\rising\antispyware\ras.exe

接上.
780C0000[00061000]
      [ M] 40. c:\program files\rising\antispyware\msvcp60.dll


    10000000[00013000]
      [ M] 41. c:\program files\rising\antispyware\topsoft.dll


    7C140000[00103000]
      [ M] 42. c:\program files\rising\antispyware\mfc71.dll


    7C340000[00056000]
      [ M] 43. c:\program files\rising\antispyware\msvcr71.dll


    7C3A0000[0007B000]
      [ M] 44. c:\program files\rising\antispyware\msvcp71.dll


    00C50000[0001D000]
      [ M] 45. c:\program files\360safe\safemon\safemon.dll


    00E30000[0001F000]
      [ M] 36. c:\program files\rising\rav\proccom.dll


    00E50000[00024000]
      [ M] 37. c:\program files\rising\rav\rscommx2.dll


    00FA0000[000BD000]
      [ M] 46. c:\program files\rising\antispyware\rasgui.dll 00F60000[0001C000]
      [AM] 24. c:\windows\system32\ravext.dll



  + 000002c8(712) svchost.exe

  + 000002f4(756) svchost.exe

  + 00000334(820) CCenter.exe
    00400000[00028000]
      [AM] 2. c:\program files\rising\rav\ccenter.exe



  + 00000348(840) svchost.exe
    50E60000[0000C000]
      [ M] 47. c:\windows\system32\wups2.dll

接上.
+ 00000388(904) svchost.exe

  + 000003b4(948) AgentSvr.exe
    10000000[0001D000]
      [ M] 45. c:\program files\360safe\safemon\safemon.dll


    72C80000[00008000]
      [ M] 38. c:\windows\system32\msacm32.drv



  + 000003b8(952) svchost.exe

  + 000003f8(1016) Ravmond.exe
    00400000[0006C000]
      [AM] 3. c:\program files\rising\rav\ravmond.exe


    10000000[00042000]
      [ M] 48. c:\program files\rising\rav\bwlist.dll


    7C140000[00103000]
      [ M] 33. c:\windows\system32\mfc71.dll


    7C340000[00056000]
      [ M] 34. c:\windows\system32\msvcr71.dll


    7C3A0000[0007B000]
      [ M] 35. c:\windows\system32\msvcp71.dll


    00B20000[0000E000]
      [ M] 49. c:\program files\rising\rav\rsappmgr.dll
00B40000[00030000]
      [ M] 50. c:\program files\rising\rav\cfgdll.dll


    00EE0000[00066000]
      [ M] 51. c:\program files\rising\rav\rslog.dll


    00B80000[0001F000]
      [ M] 36. c:\program files\rising\rav\proccom.dll


    00F50000[00024000]
      [ M] 37. c:\program files\rising\rav\rscommx2.dll


    00F90000[00075000]
      [ M] 52. c:\program files\rising\rav\monrule.dll


    01020000[00013000]
      [ M] 53. c:\program files\rising\rav\hooksys.dll


    01180000[00013000]
      [ M] 54. c:\program files\rising\rav\hookreg.dll


    011E0000[00013000]
      [ M] 55. c:\program files\rising\rav\hookntos.dll


    01240000[0001C000]
      [ M] 56. c:\program files\rising\rav\rswalmon.dll

接上.
02070000[00028000]
      [ M] 57. c:\program files\rising\rav\recomp.dll


    020B0000[0002E000]
      [ M] 58. c:\program files\rising\rav\refs.dll


    020F0000[0001A000]
      [ M] 59. c:\program files\rising\rav\ffr.dll


    02120000[000D9000]
      [ M] 60. c:\program files\rising\rav\extfile.dll


    02410000[00020000]
      [ M] 61. c:\program files\rising\rav\rsstore.dll


    02640000[00013000]
      [ M] 62. c:\program files\rising\rav\hookcont.dll


    02670000[00027000]
      [ M] 63. c:\program files\rising\rav\fakescan.dll


    026B0000[00021000]
      [ M] 64. c:\program files\rising\rav\scanner.dll


    026E0000[0002C000]
      [ M] 65. c:\program files\rising\rav\viruslib.dll


    02820000[00027000]
      [ M] 66. c:\program files\rising\rav\relibldr.dll
02F10000[0000D000]
      [ M] 67. c:\program files\rising\rav\hookweb.dll


    03D60000[00027000]
      [ M] 68. c:\program files\rising\rav\pearc.dll


    03EA0000[00020000]
      [ M] 69. c:\program files\rising\rav\nvfile.dll


    13AB0000[00044000]
      [ M] 70. c:\program files\rising\rav\scanexec.dll


    05230000[002DC000]
      [ M] 71. c:\program files\rising\rav\unexe.dll


    03980000[00048000]
      [ M] 72. c:\program files\rising\rav\scanex.dll


    02D10000[00036000]
      [ M] 73. c:\program files\rising\rav\scanpack.dll


    04430000[000B4000]
      [ M] 74. c:\program files\rising\rav\revm.dll


    0C270000[000FF000]
      [ M] 75. c:\program files\rising\rav\uroutine.dll


    045F0000[00022000]
      [ M] 76. c:\program files\rising\rav\scansct.dll

接上.
+ 00000408(1032) PFWmain.exe
    00400000[001E0000]
      [AM] 25. c:\program files\skynet\firewall\pfwmain.exe


    10000000[0001D000]
      [ M] 45. c:\program files\360safe\safemon\safemon.dll


    72C80000[00008000]
      [ M] 38. c:\windows\system32\msacm32.drv



  + 00000458(1112) 360tray.exe
    00400000[0002A000]
      [ M] 77. c:\program files\360safe\safemon\360tray.exe


    10000000[0001D000]
      [ M] 45. c:\program files\360safe\safemon\safemon.dll


    00B40000[0000C000]
      [ M] 78. c:\program files\360safe\safemon\safekrnl.dll


    00B50000[00022000]
      [ M] 79. c:\program files\360safe\antiadwa.dll



  + 000004a4(1188) Explorer.EXE
    72C80000[00008000]
      [ M] 38. c:\windows\system32\msacm32.drv
10000000[0001D000]
      [ M] 45. c:\program files\360safe\safemon\safemon.dll


    019F0000[00029000]
      [AM] 20. c:\program files\winrar\rarext.dll


    01CA0000[0001C000]
      [AM] 24. c:\windows\system32\ravext.dll



  + 0000059c(1436) RavStub.exe
    00400000[00021000]
      [ M] 80. c:\program files\rising\rav\ravstub.exe


    10000000[0001F000]
      [ M] 36. c:\program files\rising\rav\proccom.dll


    00620000[00024000]
      [ M] 37. c:\program files\rising\rav\rscommx2.dll


    23700000[00028000]
      [ M] 81. c:\program files\rising\rav\rscommon.dll

接上,
+ 000005e0(1504) spoolsv.exe
    00AF0000[00008000]
      [AM] 31. c:\windows\system32\mdimon.dll


    00B00000[00008000]
      [ M] 82. c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll



  + 00000684(1668) RavTask.exe
    00400000[00034000]
      [AM] 27. c:\program files\rising\rav\ravtask.exe


    10000000[0001F000]
      [ M] 36. c:\program files\rising\rav\proccom.dll


    00A30000[00024000]
      [ M] 37. c:\program files\rising\rav\rscommx2.dll


    23700000[00028000]
      [ M] 81. c:\program files\rising\rav\rscommon.dll


    00C90000[0000E000]
      [ M] 49. c:\program files\rising\rav\rsappmgr.dll


    08CB0000[00030000]
      [ M] 50. c:\program files\rising\rav\cfgdll.dll
+ 00000694(1684) ctfmon.exe
    10000000[0001D000]
      [ M] 45. c:\program files\360safe\safemon\safemon.dll



  + 000006d8(1752) DfrgFat.exe
    10000000[0001D000]
      [ M] 45. c:\program files\360safe\safemon\safemon.dll



  + 00000724(1828) Ravmon.exe
    00400000[00057000]
      [ M] 83. c:\program files\rising\rav\ravmon.exe


    7C140000[00103000]
      [ M] 33. c:\windows\system32\mfc71.dll


    7C340000[00056000]
      [ M] 34. c:\windows\system32\msvcr71.dll


    7C3A0000[0007B000]
      [ M] 35. c:\windows\system32\msvcp71.dll


    10000000[0001F000]
      [ M] 36. c:\program files\rising\rav\proccom.dll


    00B10000[00024000]
      [ M] 37. c:\program files\rising\rav\rscommx2.dll