百分之百不是病毒因为是新机器(我认为就是和联想的某个驱动冲突)
以下是检测结果
瑞星卡卡电脑诊断日志 v1.30 (2008-9-15 16:4:12) 北京瑞星信息技术有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
RsCCenter
[AM] 1. c:\program files\rising\rav\ccenter.exe
RsRavMon
[AM] 2. c:\program files\rising\rav\ravmond.exe
SYBBCK_TSSERVER1_BS
[AM] 3. d:\sybase\ase-12_5\bin\bcksrvr.exe
SYBMON_TSSERVER1_MS
[A ] 4. d:\sybase\ase-12_5\bin\monsrvr.exe
SYBSQL_TSSERVER1
[AM] 5. d:\sybase\ase-12_5\bin\sqlsrvr.exe
SYBXPS_TSSERVER1_XP
[A ] 6. d:\sybase\ase-12_5\bin\xpserver.exe
SYSAM
[AM] 7. d:\sybase\sysam-1_0\bin\lmgrd.exe
WmdmPmSN
[A ] 8. c:\winnt\system32\mspmsnsv.dll
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
Cdr4_2K
[A ] 9. c:\winnt\system32\drivers\cdr4_2k.sys
Cdralw2k
[A ] 10. c:\winnt\system32\drivers\cdralw2k.sys
HDAudBus
[A ] 11. c:\winnt\system32\drivers\hdaudbus.sys
HookCont
[A ] 12. c:\winnt\system32\drivers\hookcont.sys
HookNtos
[A ] 13. c:\winnt\system32\drivers\hookntos.sys
HookReg
[A ] 14. c:\winnt\system32\drivers\hookreg.sys
HookSys
[A ] 15. c:\winnt\system32\drivers\hooksys.sys
ialm
[A ] 16. c:\winnt\system32\drivers\igxpmp32.sys
IntcAzAudAddService
[A ] 17. c:\winnt\system32\drivers\rtkhdaud.sys
RsNTGDI
[A ] 18. c:\winnt\system32\drivers\rsntgdi.sys
usbehci
[A ] 19. c:\winnt\system32\drivers\usbehci.sys
usbhub20
[A ] 20. c:\winnt\system32\drivers\usbhub20.sys
yukonw2k
[A ] 21. c:\winnt\system32\drivers\yk50x86.sys
+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
igfxcui
[AM] 22. c:\winnt\system32\igfxdev.dll
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{406F94F0-504F-4a40-8DFD-58B0666ABEBD}
[AM] 23. c:\program files\yahoo!\assistant\assist\yasbar.dll
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{406F94F0-504F-4a40-8DFD-58B0666ABEBD}
[AM] 23. c:\program files\yahoo!\assistant\assist\yasbar.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{406F94F0-504F-4a40-8DFD-58B0666ABEBD}
[AM] 23. c:\program files\yahoo!\assistant\assist\yasbar.dll
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}
[AM] 24. c:\winnt\system32\urlfilter.dll
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Script
[A ] 25. c:\winnt\web\related.htm
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
[A ] 26. c:\winnt\system32\updcrl.exe
[A ] 27. c:\winnt\system32\verisignpub1.crl
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Multimedia File Property Sheet
[A ] 28. c:\winnt\system32\mmsys.cpl
HyperTerminal Icon Ext
[A ] 29. c:\winnt\system32\hticons.dll
Shell Application Manager
[A ] 30. c:\winnt\system32\appwiz.cpl
Installed Apps Enumerator
[A ] 30. c:\winnt\system32\appwiz.cpl
Darwin App Publisher
[A ] 30. c:\winnt\system32\appwiz.cpl
WinRAR shell extension
[AM] 31. c:\program files\winrar\rarext.dll
RISING
[AM] 32. c:\winnt\system32\ravext.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 32. c:\winnt\system32\ravext.dll
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RavTask
[AM] 33. c:\program files\rising\rav\ravtask.exe
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 34. c:\winnt\system32\bsmain.exe
+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 35. c:\program files\microsoft office\office\msohtmed.exe
htmlfile\Print\Command
[A ] 35. c:\program files\microsoft office\office\msohtmed.exe
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 35. c:\program files\microsoft office\office\msohtmed.exe
htmlfile\Print\Command
[A ] 35. c:\program files\microsoft office\office\msohtmed.exe
+ HKCR\.mp3
mp3file\open\Command
[A ] 36. c:\program files\windows media player\wmplayer.exe
mp3file\play\Command
[A ] 36. c:\program files\windows media player\wmplayer.exe
+ 程序初始化和已知动态连接库
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
[AM] 37. c:\winnt\system32\kmon.dll
+ 其他自启动项目
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Microsoft Office.lnk
[A ] 38. c:\program files\microsoft office\office\osa9.exe
+ 正在运行的进程
+ 000000d0(208) smss.exe
+ 000000ec(236) csrss.exe
+ 00000100(256) winlogon.exe
77520000[00008000]
[ M] 39. c:\winnt\system32\wdmaud.drv
773C0000[00008000]
[ M] 40. c:\winnt\system32\msacm32.drv
10000000[00036000]
[AM] 22. c:\winnt\system32\igfxdev.dll
+ 0000011c(284) services.exe
+ 00000128(296) lsass.exe
+ 000001ec(492) ravmond.exe
00400000[00069000]
[AM] 2. c:\program files\rising\rav\ravmond.exe
10000000[00042000]
[ M] 41. c:\program files\rising\rav\bwlist.dll
7C140000[00103000]
[ M] 42. c:\winnt\system32\mfc71.dll
7C340000[00056000]
[ M] 43. c:\winnt\system32\msvcr71.dll
7C3A0000[0007B000]
[ M] 44. c:\winnt\system32\msvcp71.dll
00F00000[0000E000]
[ M] 45. c:\program files\rising\rav\rsappmgr.dll
00F20000[00030000]
[ M] 46. c:\program files\rising\rav\cfgdll.dll
01080000[00067000]
[ M] 47. c:\program files\rising\rav\rslog.dll
010F0000[0001F000]
[ M] 48. c:\program files\rising\rav\proccom.dll
01110000[00024000]
[ M] 49. c:\program files\rising\rav\rscommx2.dll
01160000[00075000]
[ M] 50. c:\program files\rising\rav\monrule.dll
011F0000[00013000]
[ M] 51. c:\program files\rising\rav\hooksys.dll
01350000[00013000]
[ M] 52. c:\program files\rising\rav\hookreg.dll
013B0000[00013000]
[ M] 53. c:\program files\rising\rav\hookntos.dll
01410000[0001D000]
[ M] 54. c:\program files\rising\rav\rswalmon.dll
02240000[00035000]
[ M] 55. c:\program files\rising\rav\recomp.dll
024F0000[00036000]
[ M] 56. c:\program files\rising\rav\refs.dll
02540000[00023000]
[ M] 57. c:\program files\rising\rav\ffr.dll
02680000[00020000]
[ M] 58. c:\program files\rising\rav\rsstore.dll
028B0000[00013000]
[ M] 59. c:\program files\rising\rav\hookcont.dll
028E0000[00028000]
[ M] 60. c:\program files\rising\rav\fakescan.dll
02920000[00022000]
[ M] 61. c:\program files\rising\rav\scanner.dll
02A60000[0002F000]
[ M] 62. c:\program files\rising\rav\viruslib.dll
02BA0000[00028000]
[ M] 63. c:\program files\rising\rav\relibldr.dll
03170000[00012000]
[ M] 64. c:\program files\rising\rav\hookweb.dll
03F00000[00021000]
[ M] 65. c:\program files\rising\rav\nvfile.dll
13AB0000[0004A000]
[ M] 66. c:\program files\rising\rav\scanexec.dll
05A30000[002DC000]
[ M] 67. c:\program files\rising\rav\unexe.dll
05D20000[000D4000]
[ M] 68. c:\program files\rising\rav\scanex.dll
067D0000[00027000]
[ M] 69. c:\program files\rising\rav\pearc.dll
0D2A0000[000DC000]
[ M] 70. c:\program files\rising\rav\extfile.dll
0F3C0000[00036000]
[ M] 71. c:\program files\rising\rav\scanpack.dll
0F410000[000B7000]
[ M] 72. c:\program files\rising\rav\revm.dll
17D20000[00020000]
[ M] 73. c:\program files\rising\rav\urutils.dll
17D50000[00018000]
[ M] 74. c:\program files\rising\rav\ur000.dat
14210000[00038000]
[ M] 75. c:\program files\rising\rav\extmail.dll
14460000[00023000]
[ M] 76. c:\program files\rising\rav\scansct.dll
+ 00000200(512) svchost.exe
+ 00000264(612) RavMon.exe
00400000[00067000]
[ M] 77. c:\program files\rising\rav\ravmon.exe
7C140000[00103000]
[ M] 42. c:\winnt\system32\mfc71.dll
7C340000[00056000]
[ M] 43. c:\winnt\system32\msvcr71.dll
7C3A0000[0007B000]
[ M] 44. c:\winnt\system32\msvcp71.dll
10000000[0001F000]
[ M] 48. c:\program files\rising\rav\proccom.dll
00DB0000[00024000]
[ M] 49. c:\program files\rising\rav\rscommx2.dll
23700000[00028000]
[ M] 78. c:\program files\rising\rav\rscommon.dll
01010000[00035000]
[ M] 55. c:\program files\rising\rav\recomp.dll
012C0000[00036000]
[ M] 56. c:\program files\rising\rav\refs.dll
01420000[0002F000]
[ M] 62. c:\program files\rising\rav\viruslib.dll
01560000[00028000]
[ M] 63. c:\program files\rising\rav\relibldr.dll
015E0000[0000E000]
[ M] 45. c:\program files\rising\rav\rsappmgr.dll
01600000[00030000]
[ M] 46. c:\program files\rising\rav\cfgdll.dll
01760000[00075000]
[ M] 50. c:\program files\rising\rav\monrule.dll
23900000[00040000]
[ M] 79. c:\program files\rising\rav\pngdll.dll
26600000[000A8000]
[ M] 80. c:\program files\rising\rav\rsguilib.dll
23800000[00022000]
[ M] 81. c:\program files\rising\rav\rsxml.dll
+ 000002a8(680) RavStub.exe
00400000[00021000]
[ M] 82. c:\program files\rising\rav\ravstub.exe
10000000[0001F000]
[ M] 48. c:\program files\rising\rav\proccom.dll
005C0000[00024000]
[ M] 49. c:\program files\rising\rav\rscommx2.dll
23700000[00028000]
[ M] 78. c:\program files\rising\rav\rscommon.dll
+ 000002cc(716) spoolsv.exe
+ 000002f0(752) svchost.exe
+ 00000314(788) llssrv.exe
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
+ 00000334(820) ras.exe
00400000[0000B000]
[ M] 83. c:\program files\rising\antispyware\ras.exe
7C140000[00103000]
[ M] 84. c:\program files\rising\antispyware\mfc71.dll
7C340000[00056000]
[ M] 85. c:\program files\rising\antispyware\msvcr71.dll
10000000[00047000]
[ M] 86. c:\program files\rising\antispyware\kakamgr.dll
7C3A0000[0007B000]
[ M] 87. c:\program files\rising\antispyware\msvcp71.dll
00950000[00019000]
[ M] 88. c:\program files\rising\antispyware\syslay.dll
00980000[0001F000]
[ M] 48. c:\program files\rising\rav\proccom.dll
009A0000[00024000]
[ M] 49. c:\program files\rising\rav\rscommx2.dll
00AF0000[0002E000]
[ M] 89. c:\program files\rising\antispyware\comx3.dll
011E0000[00058000]
[ M] 90. c:\program files\rising\antispyware\dbmgr.dll
23800000[00022000]
[ M] 91. c:\program files\rising\antispyware\rsxml.dll
01340000[0002D000]
[ M] 92. c:\program files\rising\antispyware\pweb.dll
013E0000[000C1000]
[ M] 93. c:\program files\rising\antispyware\pscan.dll
014D0000[0002F000]
[ M] 94. c:\program files\rising\antispyware\ncomm.dll
01520000[00070000]
[ M] 95. c:\program files\rising\antispyware\pset.dll
01590000[0002A000]
[ M] 96. c:\program files\rising\antispyware\pdefend.dll
015C0000[000B6000]
[ M] 97. c:\program files\rising\antispyware\ptools.dll
01680000[0008C000]
[ M] 98. c:\program files\rising\antispyware\psysinfo.dll
01910000[0001C000]
[AM] 32. c:\winnt\system32\ravext.dll
23900000[00040000]
[ M] 99. c:\program files\rising\antispyware\pngdll.dll
+ 00000374(884) regsvc.exe
+ 00000380(896) CCenter.exe
00400000[0002A000]
[AM] 1. c:\program files\rising\rav\ccenter.exe
+ 0000038c(908) MSTask.exe
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
+ 000003d8(984) bcksrvr.exe
00400000[00048000]
[AM] 3. d:\sybase\ase-12_5\bin\bcksrvr.exe
10000000[00062000]
[ M] 100. d:\sybase\ase-12_5\bin\libsrv.dll
00230000[0000B000]
[ M] 101. d:\sybase\ase-12_5\bin\libintl.dll
00240000[00067000]
[ M] 102. d:\sybase\ase-12_5\bin\libcomn.dll
002B0000[0002A000]
[ M] 103. d:\sybase\ase-12_5\bin\libtcl.dll
002E0000[0000E000]
[ M] 104. d:\sybase\ase-12_5\bin\libcs.dll
002F0000[00065000]
[ M] 105. d:\sybase\ase-12_5\bin\libct.dll
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
+ 00000424(1060) sqlsrvr.exe
00400000[010B7000]
[AM] 5. d:\sybase\ase-12_5\bin\sqlsrvr.exe
10000000[0001A000]
[ M] 106. d:\sybase\ase-12_5\bin\libblk.dll
00170000[00065000]
[ M] 105. d:\sybase\ase-12_5\bin\libct.dll
001E0000[0000B000]
[ M] 101. d:\sybase\ase-12_5\bin\libintl.dll
001F0000[00067000]
[ M] 102. d:\sybase\ase-12_5\bin\libcomn.dll
00260000[0002A000]
[ M] 103. d:\sybase\ase-12_5\bin\libtcl.dll
00290000[0000E000]
[ M] 104. d:\sybase\ase-12_5\bin\libcs.dll
002A0000[00062000]
[ M] 100. d:\sybase\ase-12_5\bin\libsrv.dll
00310000[00022000]
[ M] 107. d:\sybase\ocs-12_5\lib3p\libsb.dll
00340000[00005000]
[ M] 108. d:\sybase\ocs-12_5\lib3p\defaultmem.dll
00350000[0005F000]
[ M] 109. d:\sybase\ase-12_5\bin\libunic.dll
780C0000[00061000]
[ M] 110. d:\sybase\ase-12_5\bin\msvcp60.dll
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
01B10000[00009000]
[ M] 111. d:\sybase\ase-12_5\dll\sybevent.dll
02090000[0005F000]
[ M] 112. d:\sybase\ase-12_5\bin\libntlog.dll
023F0000[00091000]
[ M] 113. d:\sybase\ocs-12_5\lib3p\nsldapssl32v40.dll
02490000[00008000]
[ M] 114. d:\sybase\ocs-12_5\lib3p\libplc21.dll
024A0000[00029000]
[ M] 115. d:\sybase\ocs-12_5\lib3p\libnspr21.dll
024D0000[00008000]
[ M] 116. d:\sybase\ocs-12_5\lib3p\libplds21.dll
+ 00000430(1072) lmgrd.exe
00400000[000A5000]
[AM] 7. d:\sybase\sysam-1_0\bin\lmgrd.exe
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
+ 00000448(1096) WinMgmt.exe
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
+ 00000454(1108) svchost.exe
+ 00000478(1144) Dfssvc.exe
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
+ 00000490(1168) svchost.exe
+ 000004a8(1192) SYBASE.exe
00400000[000BF000]
[ M] 117. d:\sybase\sysam-1_0\bin\sybase.exe
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
+ 000004c0(1216) msdtc.exe
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
+ 000004e8(1256) Explorer.EXE
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
10000000[0001C000]
[AM] 32. c:\winnt\system32\ravext.dll
01940000[00034000]
[ M] 118. c:\winnt\system32\igfxpph.dll
01980000[0001A000]
[ M] 119. c:\winnt\system32\hccutils.dll
019C0000[0001B000]
[ M] 120. c:\winnt\system32\igfxres.dll
019E0000[00324000]
[ M] 121. c:\winnt\system32\igfxress.dll
01D50000[00011000]
[ M] 122. c:\winnt\system32\igfxsrvc.dll
01500000[0002B000]
[AM] 31. c:\program files\winrar\rarext.dll
+ 000005b8(1464) RavTask.exe
00400000[00034000]
[AM] 33. c:\program files\rising\rav\ravtask.exe
10000000[0001F000]
[ M] 48. c:\program files\rising\rav\proccom.dll
00CE0000[00024000]
[ M] 49. c:\program files\rising\rav\rscommx2.dll
23700000[00028000]
[ M] 78. c:\program files\rising\rav\rscommon.dll
00F40000[0000E000]
[ M] 45. c:\program files\rising\rav\rsappmgr.dll
08F60000[00030000]
[ M] 46. c:\program files\rising\rav\cfgdll.dll
+ 000005c0(1472) internat.exe
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
+ 000005dc(1500) hkcmd.exe
00400000[00029000]
[ M] 123. c:\winnt\system32\hkcmd.exe
10000000[0001A000]
[ M] 119. c:\winnt\system32\hccutils.dll
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
01020000[00011000]
[ M] 122. c:\winnt\system32\igfxsrvc.dll
01040000[0001B000]
[ M] 120. c:\winnt\system32\igfxres.dll
+ 00000618(1560) iexplore.exe
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
37190000[0002F000]
[AM] 23. c:\program files\yahoo!\assistant\assist\yasbar.dll
10000000[00018000]
[AM] 24. c:\winnt\system32\urlfilter.dll
01870000[00011000]
[ M] 124. c:\program files\rising\antispyware\urlrule.dll
77520000[00008000]
[ M] 39. c:\winnt\system32\wdmaud.drv
773C0000[00008000]
[ M] 40. c:\winnt\system32\msacm32.drv
75CE0000[00006000]
[ M] 125. c:\winnt\system32\msadp32.acm
+ 00000690(1680) svchost.exe
63B50000[00034000]
[ M] 126. c:\winnt\system32\unimdm.tsp
63BC0000[00008000]
[ M] 127. c:\winnt\system32\kmddsp.tsp
63BB0000[0000C000]
[ M] 128. c:\winnt\system32\ndptsp.tsp
63BD0000[00006000]
[ M] 129. c:\winnt\system32\ipconf.tsp
63BE0000[00044000]
[ M] 130. c:\winnt\system32\h323.tsp
+ 000006c0(1728) knownsvr.exe
00400000[00072000]
[ M] 131. c:\program files\rising\antispyware\knownsvr.exe
10000000[0002F000]
[ M] 94. c:\program files\rising\antispyware\ncomm.dll
60000000[00074000]
[AM] 37. c:\winnt\system32\kmon.dll
00D60000[0002E000]
[ M] 89. c:\program files\rising\antispyware\comx3.dll
00D90000[00019000]
[ M] 88. c:\program files\rising\antispyware\syslay.dll
