正常安装装瑞星以后，重新启动，瑞星监控显示红伞状态，运行瑞星杀毒程序，系统极其缓慢，并且无法关闭其进程，无法关机，在安全模式也有同样情况，运行瑞星杀毒程序，系统缓慢，重装和修复都无效。

我用的是索尼的笔记本，有迅驰移动技术，瑞星版本是2007，请技术人员解答一下

在线技术支持区得人说可能中毒了

下面的是卸载瑞星以后的诊断报告！！！！

诊断时间: 2007-02-16  10:23:44
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:510MB - 当前可用内存:283MB

O8 - 未知 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - 未知 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - 未知 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O23 - 未知 - Service: AcrSch2Svc [允许 Acronis 产品在这台计算机上自动排定任务。如果此项服务停止，这些任务将无法在预定时间内执行。] - "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" - (running)
O23 - 未知 - Service: PACSPTISVR [PACSPTISVR] - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe - (not running)
O23 - 未知 - Service: SPTISRV [Sony SPTI Service] - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe - (not running)

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - C:\WINDOWS\System32\Ati2evxx.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k LocalService
100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - C:\WINDOWS\system32\Ati2evxx.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: schedul2.exe [一款在windows下使用的系统备份软件相关程序。] - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
100 - 安全 - Process: SMAgent.exe [一个声卡相关软件。] - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k imgsvc
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINDOWS\system32\conime.exe
100 - 安全 - Process: Apoint.exe [alps公司为笔记本电脑生产的触控板的驱动程序。] - C:\Program Files\Apoint\Apoint.exe
100 - 安全 - Process: atiptaxx.exe [ati显卡相关工具软件。] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
100 - 安全 - Process: ico.exe [primax electronics 出品的鼠标相关程序。] - C:\WINDOWS\system32\ICO.EXE
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - C:\WINDOWS\system32\rundll32.exe
100 - 安全 - Process: HKServ.exe [索尼（sony）热键服务程序的一部分。] - C:\Program Files\Sony\HotKey Utility\HKserv.exe
100 - 安全 - Process: SPMgr.exe [索尼公司出品的相关产品。] - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
100 - 安全 - Process: ISBMgr.exe [索尼公司出品的相关产品的一部分。] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe
100 - 安全 - Process: ezSP_Px.exe [cd和 dvd 的光盘刻录相关软件。] - C:\WINDOWS\System32\ezSP_Px.exe
100 - 安全 - Process: schedhlp.exe [acronis公司出品的一款系统备份与恢复的相关软件。] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
100 - 安全 - Process: vsnpstd3.exe [一款数码相机相关程序。] - C:\WINDOWS\vsnpstd3.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: msmsgs.exe [microsoft出品的msn messenger即时通讯软件。] - C:\Program Files\Messenger\MSMSGS.EXE
100 - 安全 - Process: ApntEx.exe [阿尔卑斯电子公司的一款驱动程序。] - C:\Program Files\Apoint\Apntex.exe
100 - 安全 - Process: HKWnd.exe [索尼公司出品的热键客户端支持程序。] - C:\Program Files\Sony\HotKey Utility\HKWnd.exe
100 - 安全 - Process: wuauclt.exe [windows操作系统后台程序，用于系统升级。] - C:\WINDOWS\system32\wuauclt.exe
100 - 安全 - Process: wmiprvse.exe [wmi 提供程序 (wmi provider) 在 wmi 和操作系统、应用程序以及其他系统的组件之间充当中介.此进程为合法的系统进程。] - C:\WINDOWS\System32\wbem\wmiprvse.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360Safe.exe
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O2 - 安全 - BHO: (AcroIEHlprObj Class) - [Adobe Reader， 查看和打印 Adobe 便携文档格式 (PDF) 文件。] - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - 安全 - HKLM\..\Run: [IMJPMIG8.1] [微软Microsoft输入法编辑器程序。] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 安全 - HKLM\..\Run: [PHIME2002ASync] [输入法软件相关程序。] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 安全 - HKLM\..\Run: [PHIME2002A] [输入法软件相关程序。] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 安全 - HKLM\..\Run: [Apoint] [alps公司为笔记本电脑生产的触控板的驱动程序。] C:\Program Files\Apoint\Apoint.exe
O4 - 默认 - HKLM\..\Run: [ATIModeChange] [ati系统托盘图标] Ati2mdxx.exe
O4 - 安全 - HKLM\..\Run: [ATIPTA] [ati显卡驱动的系统托盘图标，可调节显卡属性] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 安全 - HKLM\..\Run: [Mouse Suite 98 Daemon] [sony vaio笔记本相关应用程序。] ICO.EXE
O4 - 安全 - HKLM\..\Run: [BluetoothAuthenticationAgent] [蓝牙相关程序。] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - 安全 - HKLM\..\Run: [HKSERV.EXE] [sony笔记本hotkey热键工具。] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - 安全 - HKLM\..\Run: [SonyPowerCfg] [索尼公司出品的相关产品。] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - 安全 - HKLM\..\Run: [ISBMgr.exe] [索尼公司出品的相关产品。] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - 安全 - HKLM\..\Run: [ezShieldProtector for Px] [easy systems drag’n drop cd & dvd刻录软件。] C:\WINDOWS\System32\ezSP_Px.exe
O4 - 安全 - HKLM\..\Run: [IMEKRMIG6.1] [一种输入法] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - 安全 - HKLM\..\Run: [MSPY2002] [是微软Microsoft翻译工具的一部分。] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 安全 - HKLM\..\Run: [StormCodec_Helper] [是暴风影音的插件。] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 安全 - HKLM\..\Run: [Acronis Scheduler2 Service] [一款磁盘镜像备份相关程序。] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - 安全 - HKLM\..\Run: [snpstd3] [摄像驱动相关程序。] C:\WINDOWS\vsnpstd3.exe
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [MSMSGS] [是MSN Messenger网络聊天工具的主程序] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - 安全 - Startup folder: [Microsoft Office.lnk] [是offfice的一个快捷方式。 ] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk
O4 - 安全 - Startup folder: [腾讯QQ.lnk] [qq：即时通讯软件] C:\Documents and Settings\sony\「开始」菜单\程序\启动\腾讯QQ.lnk
O9 - 安全 - Extra button: Windows Messenger(HKLM) - C:\Program Files\Messenger\msmsgs.exe
O16 - 安全 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - 安全 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java虚拟机插件) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - 安全 - Service: Ati HotKey Poller [ati显卡相关后台程序。] - C:\WINDOWS\System32\Ati2evxx.exe - (running)
O23 - 安全 - Service: McAfeeFramework [是Network Associates公司的E-policy反病毒套装的一部分。] - "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart - (error)
O23 - 安全 - Service: SoundMAX Agent Service (default) [是Analog SoundMAX声卡产品相关程序。] - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe - (running)

=======================================

=======================================

O41 - 0000700b - 0000700b - C:\WINDOWS\system32\drivers\0000700b.SYS - (running) -  -  - 91bd9f0bae649704881d8f22bb27a17f
O41 - BaseTDI - basetdi - C:\WINDOWS\system32\drivers\basetdi.sys - (running) - basetdi - Beijing Rising Technology Co., Ltd. - 0064810c1b03f2c889130b669a4ce937
O41 - npkcrypt - nProtect KeyCrypt Driver - C:\Program Files\Tencent\QQ\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - PxHelp20 - Px Engine Device Driver for Windows 2000/XP - C:\WINDOWS\system32\drivers\PxHelp20.sys - (running) - Px Engine Device Driver for Windows 2000/XP - Sonic Solutions - 25639ba81c01a3e0508901829479954f
O41 - snapman - Acronis Snapshot API - C:\WINDOWS\system32\drivers\snapman.sys - (running) - Acronis Snapshot API - Acronis - 56716d5f74fa7a52a000d8a89173e403
O41 - tifsfilter - TrueImage File System Filter - C:\WINDOWS\system32\drivers\tifsfilt.sys - (running) - TrueImage File System Filter - Acronis - 5ee50d23274e6b209f55832730d1de91
O41 - timounter - True Image Backup Archive Explorer( Server Edition ) - C:\WINDOWS\system32\drivers\timntr.sys - (running) - True Image Backup Archive Explorer( Server Edition ) - Acronis - 89decd8ae4d40e54dfbb16e1513cabbc
O41 - Cdsys - Cdsys - C:\WINDOWS\system32\cdcd.sys - (not running) -  -  -
O41 - kmsinput - kmsinput - C:\WINDOWS\system32\drivers\kmsinput.sys - (not running) -  -  - f8d6ebcb50c02b42c5ffd5393229c6b6
O41 - Lcpcmcia - Lcpcmcia - C:\WINDOWS\System32\DRIVERS\Lcpcmcia.sys - (not running) -  -  -
O41 - mferkdk - mferkdk - C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys - (not running) -  -  -
O41 - npkycryp - npkycryp - C:\Program Files\Tencent\QQ\npkycryp.sys - (not running) -  -  -
O41 - SNPSTD3 - PC Camera driver - C:\WINDOWS\system32\drivers\snpstd3.sys - (not running) - PC Camera driver -  -

=======================================
360Safe.exe=3.1.0.1002
AntiAdwa.dll=2.2.5.1000
AntiEng.dll=3.0.2.2000
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
safelive.exe=1.0.0.2007
live.dll=1.0.0.1011

=======================================
操作历史报告：
----------查杀恶意软件历史----------

2007-2-11 14:36
手工查杀[36sqgw7],已清除

2007-02-12 12:34
查杀恶意软件 - 17key.net Winkld - 危险 -
查杀恶意软件 - WinStdup - 危险 - C:\WINDOWS\system32\alstd.dat
查杀恶意软件 - 易趣购物按钮 - 危险 - C:\Documents and Settings\All Users\Favorites\易趣购物.lnk
查杀恶意软件 - 彩信通 - 危险 - C:\WINDOWS\system32\albus.dll

2007-02-13 15:46
查杀恶意软件 - 网际快车附带的工具栏 - 安全 -
2007-02-13 16:08
查杀恶意软件 - 阿里巴巴商务直通车 - 危险 - C:\WINDOWS\system32\alitb1\bar.dll

2007-02-15 14:33
查杀恶意软件 - 阿里巴巴商务直通车 - 危险 -

----------插件卸载操作历史----------

2007-02-13 10:31
插件管理 - 网际快车附带的工具栏 - C:\PROGRA~1\FlashGet\fgiebar.dll
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2007-02-13 10:32
插件管理 - yok搜索工具栏 -
插件管理 - 网际快车附带的工具栏 - C:\PROGRA~1\FlashGet\jccatch.dll
2007-02-13 10:32
插件管理 - 网际快车附带的工具栏 - C:\PROGRA~1\FlashGet\jccatch.dll
2007-02-13 10:32
插件管理 - 网际快车附带的工具栏 - C:\PROGRA~1\FlashGet\jccatch.dll
2007-02-13 10:32
插件管理 - 网际快车附带的工具栏 - C:\PROGRA~1\FlashGet\jccatch.dll
2007-02-16 00:21
插件管理 - 卡卡上网安全助手 - C:\Program Files\Rising\AntiSpyware

----------全面诊断修复历史----------

2007-02-12 11:31
100 - 未知 - shstat.exe - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
100 - 未知 - UdaterUI.exe - C:\Program Files\McAfee\Common Framework\UdaterUI.exe
100 - 未知 - FrameworkService.exe - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
100 - 未知 - Mctray.exe - C:\Program Files\McAfee\Common Framework\Mctray.exe
100 - 未知 - Mcshield.exe - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
100 - 未知 - VsTskMgr.exe - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
100 - 未知 - rundll32.exe - C:\WINDOWS\system32\stdupnet.dll
100 - 未知 - naPrdMgr.exe - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
100 - 未知 - Au_.exe - C:\Documents and Settings\sony\Local Settings\Temp\~nsu.tmp\Au_.exe
O4 - 未知 - yokUninstall - cmd /c rd /s /q C:\PROGRA~1\yok
O30 - 未知 - Scrnsave.exe - C:\WINDOWS\System32\vaioslic.scr
2007-02-12 11:32
O23 - 未知 - AcrSch2Svc - "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
O23 - 未知 - McShield - "C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"
O23 - 未知 - McTaskManager - "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"
O23 - 未知 - PACSPTISVR - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - 未知 - stdupnet - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\stdupnet.dll,Service -s
2007-02-16 00:22
O4 - 安全 - McAfeeUpdaterUI - "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
2007-02-16 00:22
O4 - 未知 - E-Flyer.lnk - C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\E-Flyer.lnk

肯定中了瑞星奈何不了的毒了。扫SREng日志粘上来，操作法在这个板块帖子里找。不要说不会。360的日志一般没人看的。

引用:

【两个铁球的贴子】肯定中了瑞星奈何不了的毒了。扫SREng日志粘上来，操作法在这个板块帖子里找。不要说不会。360的日志一般没人看的。 ………………

不是没人看，是根本没法看，有问题的东西根本扫不出来

2007-02-16,18:33:04

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\MSMSGS.EXE" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <Apoint><C:\Program Files\Apoint\Apoint.exe>  [(Verified)Alps Electric Co., Ltd.]
    <ATIModeChange><Ati2mdxx.exe>  [(Verified)ATI Technologies, Inc.]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <Mouse Suite 98 Daemon><ICO.EXE>  [(Verified)Primax Electronics Ltd.]
    <BluetoothAuthenticationAgent><rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Corporation]
    <HKSERV.EXE><C:\Program Files\Sony\HotKey Utility\HKserv.exe>  [Sony Corporation]
    <SonyPowerCfg><C:\Program Files\Sony\VAIO Power Management\SPMgr.exe>  [Sony Corporation]
    <ISBMgr.exe><C:\Program Files\Sony\ISB Utility\ISBMgr.exe>  [Sony Corporation]
    <ezShieldProtector for Px><C:\WINDOWS\System32\ezSP_Px.exe>  [Easy Systems Japan Ltd.]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <Acronis Scheduler2 Service><"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe">  [Acronis]
    <snpstd3><C:\WINDOWS\vsnpstd3.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\vaioslic.scr>  [Sony Corporation]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[腾讯QQ]
  <C:\Documents and Settings\sony\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================

服务
[Acronis Scheduler2 Service / AcrSch2Svc][Running/Auto Start]
  <"C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"><Acronis>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[McAfee Framework Service / McAfeeFramework][Stopped/Auto Start]
  <"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><N/A>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
  <C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe><>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
  <C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe><Sony Corporation>

==================================
驱动程序
[0000700b / 0000700b][Running/Boot Start]
  <\SystemRoot\System32\drivers\0000700b.SYS><N/A>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
  <System32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Cdsys / Cdsys][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\cdcd.sys><N/A>
[Sony DMI Call service / DMICall][Running/System Start]
  <System32\DRIVERS\DMICall.sys><Sony Corporation>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <System32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[Lcpcmcia / Lcpcmcia][Stopped/Manual Start]
  <System32\DRIVERS\Lcpcmcia.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[VSCore mferkdk / mferkdk][Stopped/System Start]
  <\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Acronis Snapshots Manager / snapman][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\snapman.sys><Acronis>
[Sony Notebook Control Device / SNC][Running/Manual Start]
  <System32\Drivers\SonyNC.sys><Sony Corporation>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
  <System32\DRIVERS\snpstd3.sys><N/A>
[Sony Programmable I/O Control Device / SPI][Running/Manual Start]
  <System32\DRIVERS\SonyPI.sys><Sony Corporation>
[tifmsony / tifmsony][Running/Manual Start]
  <system32\drivers\tifmsony.sys><Texas Instruments>
[Acronis TrueImage FS Filter / tifsfilter][Running/Auto Start]
  <System32\DRIVERS\tifsfilt.sys><Acronis>
[Acronis TrueImage Backup Archive Explorer / timounter][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\timntr.sys><Acronis>
[Intel(R) PRO/Wireless 2200 Adapter 驱动程序 / w22n51][Running/Manual Start]
  <System32\DRIVERS\w22n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Java Plug-in 1.4.2_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Java Plug-in 1.4.2_03]
  {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 844][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 920][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [N/A, N/A]
[PID: 992][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1148][C:\WINDOWS\System32\Ati2evxx.exe]  [N/A, N/A]
[PID: 1160][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1296][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1336][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1508][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1632][C:\WINDOWS\system32\Ati2evxx.exe]  [N/A, N/A]
[PID: 1688][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
[PID: 1928][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 416][C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe]  [Acronis, 1,0,0,216]
[PID: 568][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 588][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1700][C:\Program Files\Apoint\Apoint.exe]  [Alps Electric Co., Ltd., 5.5.7.136]
    [C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.2.65]
    [C:\Program Files\Apoint\ApWheel.dll]  [ALPS ELECTRIC CO., LTD., 4.2.0.9]
    [C:\Program Files\Apoint\Apoint.DLL]  [Alps Electric Co., Ltd., 5.5.6.177]
    [C:\Program Files\Apoint\ApRes.dll]  [Alps Electric Co., Ltd., 5.5.6.17]
    [C:\Program Files\Apoint\EzAuto.dll]  [Alps Electric Co., Ltd., 4.5.1.83]
    [C:\Program Files\Apoint\EzLaunch.DLL]  [Alps Electric Co., Ltd., 5.5.1.59]
[PID: 1720][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5090]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5090]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5090]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5090]
[PID: 1728][C:\WINDOWS\system32\ICO.EXE]  [Primax Electronics Ltd., 1, 0, 0, 8]
[PID: 1744][C:\Program Files\Sony\HotKey Utility\HKserv.exe]  [Sony Corporation, 4, 1, 0, 4010]
    [C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll]  [Sony Corporation, 4, 1, 0, 2110]
    [C:\Program Files\Sony\HotKey Utility\SuEvent.dll]  [Sony Corporation, 1, 1, 0, 2250]
    [C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll]  [Sony Corporation, 4.02.8170]
    [C:\WINDOWS\system32\Atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2488]
[PID: 1752][C:\Program Files\Sony\VAIO Power Management\SPMgr.exe]  [Sony Corporation, 1.3.00.03100]
    [C:\Program Files\Sony\VAIO Power Management\SPMDAM.dll]  [Sony Corporation, 1.0.00.08250]
    [C:\Program Files\Sony\VAIO Power Management\SPMRes.dll]  [Sony Corporation, 1.3.00.03230]
    [C:\Program Files\Sony\VAIO Power Management\SPMDrv.dll]  [Sony Corporation, 1.2.00.13230]
    [C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll]  [Sony Corporation, 4, 1, 0, 2110]
    [C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll]  [Sony Corporation, 4.02.8170]
    [C:\WINDOWS\system32\Atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2488]
[PID: 1784][C:\Program Files\Sony\ISB Utility\ISBMgr.exe]  [Sony Corporation, 1, 0, 0, 2180]
    [C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll]  [Sony Corporation, 4, 1, 0, 2110]
    [C:\Program Files\Sony\ISB Utility\ISBRes.dll]  [Sony Corporation, 1, 0, 0, 4080]
    [C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll]  [Sony Corporation, 4.02.8170]
    [C:\WINDOWS\system32\Atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2488]
[PID: 1804][C:\WINDOWS\System32\ezSP_Px.exe]  [Easy Systems Japan Ltd., 1, 0, 0, 0]
[PID: 1872][C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe]  [Acronis, 1,0,0,216]
[PID: 2024][C:\WINDOWS\vsnpstd3.exe]  [, 1, 0, 2, 2]
[PID: 2036][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 228][C:\Program Files\Messenger\MSMSGS.EXE]  [Microsoft Corporation, 4.7.3001]
[PID: 584][C:\Program Files\Apoint\Apntex.exe]  [Alps Electric Co., Ltd., 5.0.1.15]
    [C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.2.65]
[PID: 816][C:\Program Files\Sony\HotKey Utility\HKWnd.exe]  [Sony Corporation, 4, 1, 0, 4010]
    [C:\Program Files\Sony\HotKey Utility\HKRes.dll]  [Sony Corporation, 4, 1, 0, 4010]
    [C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll]  [Sony Corporation, 4, 1, 0, 2110]
    [C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll]  [Sony Corporation, 4.02.8170]
    [C:\WINDOWS\system32\Atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2488]
[PID: 2880][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 3352][D:\Downloads\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================

没人了？？救命啊

删除驱动服务
0000700b / 0000700b][Running/Boot Start]
<\SystemRoot\System32\drivers\0000700b.SYS><N/A>
[Cdsys / Cdsys][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\cdcd.sys><N/A>

重启删除
\SystemRoot\System32\drivers\0000700b.SYS
C:\WINDOWS\system32\cdcd.sys

修复文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]


QQ的npkycryp.sys丢失，重装下QQ

最后修复瑞星

以下的驱动不识：

[0000700b / 0000700b][Running/Boot Start]
<\SystemRoot\System32\drivers\0000700b.SYS><N/A>
Cdsys / Cdsys][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\cdcd.sys><N/A>

npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>（这个好象不是真正的qq加密驱动）