瑞星卡卡安全论坛

制作好的GHOST 7
貌似有点乱，能不能帮我判断下哪些驱动是不用加载的？
我想应该还能继续整合

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)

附件: SREngLOG.log

8认识

只看到一堆儿字母，还不是公滴:kaka15:

。。。。。。。。。。。

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RisTray><"d:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <runeip><"d:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <Adobe Reader Speed Launcher><"D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)Adobe Systems, Incorporated]
    <Adobe ARM><"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe">  [(Verified)Adobe Systems, Incorporated]

[Nero BackItUp Scheduler 4.0 / Nero BackItUp Scheduler 4.0][Stopped/Disabled]
  <C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe><Nero AG>

[VMware Agent Service / ufad-ws60][Stopped/Manual Start]
  <"E:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "E:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml><VMware, Inc.>
[VMware Authorization Service / VMAuthdService][Stopped/Manual Start]
  <"E:\Program Files\VMware\VMware Workstation\vmware-authd.exe"><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP][Stopped/Manual Start]
  <C:\Windows\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware Virtual Mount Manager Extended / vmount2][Stopped/Manual Start]
  <"C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"><VMware, Inc.>
[VMware NAT Service / VMware NAT Service][Stopped/Manual Start]
  <C:\Windows\system32\vmnat.exe><VMware, Inc.>


[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>

[VMware hcmon / hcmon][Running/Auto Start]
  <\??\C:\Windows\system32\Drivers\hcmon.sys><VMware, Inc.>

[Rising RfwARP Driver / RFWARP][Running/Auto Start]
  <system32\DRIVERS\rfwarp.sys><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwBase Driver / RfwBase9][Running/System Start]
  <system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\d:\Program Files\Rising\Ris\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsassist / rsassist][Running/Auto Start]
  <system32\drivers\rsassist.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/System Start]
  <\??\d:\Program Files\Rising\Ris\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[RsProtect / RsProtect][Stopped/System Start]
  <system32\drivers\RsPtect.sys><Beijing Rising Information Technology Co., Ltd.>

[Vstor2 Virtual Storage Driver / vstor2][Running/Auto Start]
  <\??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys><VMware, Inc.>
[Vstor2 WS60 Virtual Storage Driver / vstor2-ws60][Running/Auto Start]
  <\??\E:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys><VMware, Inc.>
浏览器加载项都不需要

计划任务
[已启用] \\RunAsStdUser Task31882
        d:\Program Files\Rising\Ris\rslogvw.exe

:kaka6: Nero都有

除此之外没有什么的了？
这个是本机已经GHO好了··老爸那台封装完毕
唉，终于开机内存占用200M以内了
哇哈哈哈哈

期待楼主的东东早日面世，偶好先得月啊！

看不懂