小红伞撑不开，2000系统出问题了，有请高手（附日志）

bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	发表于： 2007-04-16 21:34 \| 只看楼主短消息资料字号：小中大 1楼小红伞撑不开，2000系统出问题了，有请高手（附日志）单位机器，小红伞撑不开，但能够在线升到最新版，每次杀毒都说iExplorer.EXE有毒，能清除，再扫描还有。具体疹状是：1，IE中链接失效，使得我不能在线杀毒，不能下载软件。2，资源管理器中文件不能拷贝和移动，但能创建和删除，我的System Repair Engineer都是在别的机器上下载到U盘，在U 盘上执行和保存日志。3，瑞星的监控死活启动不了。4，“我的连接”内为空，但能上网，BT正常。5，桌面图标不能移动。 ========= 2007-04-19 01:59:50
bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	分享到：

bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	发表于： 2007-04-16 21:36 \| 只看楼主短消息资料字号：小中大 2楼 [复制到剪贴板] CODE: 2007-04-16,18:19:36 System Repair Engineer 2.4.12.806 Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher] <NvCplDaemon><; RUNDLL32.EXE NvQTwk,NvCplDaemon initialize> [N/A] <nwiz><; nwiz.exe /install> [NVIDIA Corporation] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 2052> [DAEMON'S HOME] <Super Rabbit Desktop Set><C:\Program Files\Super Rabbit\IEG\DS.EXE /Load> [N/A] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.] <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher] <Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><(无)> [N/A] ================================== 启动文件夹 [Adobe Reader Speed Launch] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><H> [SATARaid] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\SATARaid.lnk --> C:\PROGRA~1\SILICO~1\SIISAT~1\SATARaid.exe [Silicon Image, Inc.]><N> ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart][Stopped/Auto Start] <C:\WINNT\system32\ati2sgag.exe><> [C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start] <C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision> [Data Protected / Data Protected][Stopped/Auto Start] <C:\WINNT\system32\isass><N/A> [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start] <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation> [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Rising Process Communication Center / RsCCenter][Stopped/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start] <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation> ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [ati2mtag / ati2mtag][Running/Manual Start] <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [CdaC15BA / CdaC15BA][Running/Auto Start] <\??\C:\WINNT\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd> [d344bus / d344bus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\d344bus.sys><> [d344prt / d344prt][Running/Boot Start] <\SystemRoot\System32\Drivers\d344prt.sys><> [dmboot / dmboot][Stopped/Disabled] <System32\drivers\dmboot.sys><VERITAS Software Corp.> [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.> [Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start] <system32\DRIVERS\e1000nt5.sys><Intel Corporation> [Intel(R) PRO Network Connection Driver / E100B][Stopped/Manual Start] <system32\DRIVERS\e100bnt5.sys><Intel Corporation> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys><> [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司> [mProcRs / mProcRs][Running/Auto Start] <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.> [nv / nv][Stopped/Manual Start] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [nv4 / nv4][Stopped/Manual Start] <system32\DRIVERS\nv4.sys><NVIDIA Corporation> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsFwDrv / RsFwDrv][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising> [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Silicon Image SiI 3112 SATARaid Controller / Si3112r][Running/Boot Start] <\SystemRoot\system32\DRIVERS\si3112r.sys><Silicon Image, Inc> [SVKP / SVKP][Running/Auto Start] <\??\C:\WINNT\system32\SVKP.sys><AntiCracking> [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> ================================== 浏览器加载项 [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [快车] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com> [@msdxmLC.dll,-1@2052,电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> ================================== 正在运行的进程 N/A ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== API HOOK N/A ================================== 隐藏进程 [172] \SystemRoot\System32\smss.exe [196] \??\C:\WINNT\system32\csrss.exe [216] \??\C:\WINNT\system32\winlogon.exe [244] C:\WINNT\system32\services.exe [256] C:\WINNT\system32\lsass.exe [372] C:\WINNT\system32\Ati2evxx.exe [432] C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [460] c:\program files\rising\rfw\rfwsrv.exe [540] C:\WINNT\system32\drivers\CDAC11BA.EXE [560] C:\Program Files\Rising\Rav\Ravmon.exe [592] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [608] C:\WINNT\SOUNDMAN.EXE [652] C:\WINNT\Explorer.EXE [660] C:\WINNT\system32\internat.exe [672] C:\WINNT\system32\regsvc.exe [768] c:\program files\rising\rfw\RfwMain.exe [804] C:\Program Files\Rising\Rav\RavTask.exe [844] I:\系统安全\sreng2\SREng.EXE ==================================
bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:

bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	发表于： 2007-04-16 23:15 \| 只看楼主短消息资料字号：小中大 3楼急啊，我在线等，请高手帮忙看看，先谢谢了。另外，进系统时，声音过后几十秒才显示桌面（以前很快），貌似后台在不干好事。而且桌面出来的头一秒，瑞星的监控是开启状态，紧接着眼看小绿伞变红，再也打不开监控了，而且右键菜单不对了。
bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:

鸟儿天上飞叱咤花甲狮帖子:2332 注册: 2006-11-30 来自:	发表于： 2007-04-16 23:18 \| 短消息资料字号：小中大 4楼运行sreng 启动项目服务..WIN32服务删除: [Data Protected / Data Protected][Stopped/Auto Start] <C:\WINNT\system32\isass><N/A> 安全模式下删除 C:\WINNT\system32\isass 看看会不会好一点......
鸟儿天上飞叱咤花甲狮帖子:2332 注册: 2006-11-30 来自:

bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	发表于： 2007-04-17 00:40 \| 只看楼主短消息资料字号：小中大 5楼谢谢啦，鸟儿飞兄弟。明天去单位试试看，有问题再请教。另外我现在用的本子上，有次杀毒后，U盘如果是H盘符，就不显示，非得去磁盘管理改成其他的盘符才能在资源管理器中看到，听说也是病毒引起的，大侠能指导一下吗。
bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:

bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	发表于： 2007-04-17 11:06 \| 只看楼主短消息资料字号：小中大 6楼按3楼鸟儿飞兄弟的指示做了，疹状如旧。再请大侠们帮我看看吧。到底是什么原因使瑞星的监控全部失效。因在资源管理器中文件不能拷贝和移动，不敢重做系统。
bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:

自信弱冠狮

帖子:385
注册: 2005-09-09
来自:

发表于： 2007-04-17 14:07 | 短消息资料

字号：小中大 7楼

引用:

【bigheadbear的贴子】

[复制到剪贴板]

CODE:

2007-04-16,18:19:36

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<NvCplDaemon><; RUNDLL32.EXE NvQTwk,NvCplDaemon initialize> [N/A]
<nwiz><; nwiz.exe /install> [NVIDIA Corporation]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 2052> [DAEMON''S HOME]
<Super Rabbit Desktop Set><C:\Program Files\Super Rabbit\IEG\DS.EXE /Load> [N/A]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><(无)> [N/A]

==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><H>
[SATARaid]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\SATARaid.lnk --> C:\PROGRA~1\SILICO~1\SIISAT~1\SATARaid.exe [Silicon Image, Inc.]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINNT\system32\ati2sgag.exe><>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[Data Protected / Data Protected][Stopped/Auto Start]
<C:\WINNT\system32\isass><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
<C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[d344bus / d344bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d344bus.sys><>
[d344prt / d344prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d344prt.sys><>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start]
<system32\DRIVERS\e1000nt5.sys><Intel Corporation>
[Intel(R) PRO Network Connection Driver / E100B][Stopped/Manual Start]
<system32\DRIVERS\e100bnt5.sys><Intel Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nv4 / nv4][Stopped/Manual Start]
<system32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Silicon Image SiI 3112 SATARaid Controller / Si3112r][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\si3112r.sys><Silicon Image, Inc>
[SVKP / SVKP][Running/Auto Start]
<\??\C:\WINNT\system32\SVKP.sys><AntiCracking>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash ]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>

==================================
正在运行的进程
N/A

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
隐藏进程
[172] \SystemRoot\System32\smss.exe
[196] \??\C:\WINNT\system32\csrss.exe
[216] \??\C:\WINNT\system32\winlogon.exe
[244] C:\WINNT\system32\services.exe
[256] C:\WINNT\system32\lsass.exe
[372] C:\WINNT\system32\Ati2evxx.exe
[432] C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
[460] c:\program files\rising\rfw\rfwsrv.exe
[540] C:\WINNT\system32\drivers\CDAC11BA.EXE
[560] C:\Program Files\Rising\Rav\Ravmon.exe
[592] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[608] C:\WINNT\SOUNDMAN.EXE
[652] C:\WINNT\Explorer.EXE
[660] C:\WINNT\system32\internat.exe
[672] C:\WINNT\system32\regsvc.exe
[768] c:\program files\rising\rfw\RfwMain.exe
[804] C:\Program Files\Rising\Rav\RavTask.exe
[844] I:\系统安全\sreng2\SREng.EXE

==================================

………………

好奇怪的进程哦！

什么都不知道啊初生襁褓狮帖子:104 注册: 2007-04-14 来自:	发表于： 2007-04-17 14:19 \| 短消息资料字号：小中大 8楼注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher] 挺可疑的! 修复下把那个EXE文件做个备份放到其他地方,再删除看下服务里 [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Rising Process Communication Center / RsCCenter][Stopped/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> 把STOPPED该成RUNNING
什么都不知道啊初生襁褓狮帖子:104 注册: 2007-04-14 来自:

bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	发表于： 2007-04-17 15:19 \| 只看楼主短消息资料字号：小中大 9楼谢谢楼上，我马上去试试。
bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:

bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	发表于： 2007-04-17 22:53 \| 只看楼主短消息资料字号：小中大 10楼下午开会没有试成，明天再杀。还有，我下午下载了金山灰鸽子专杀，一扫描专杀就退出去。安全模式也一样。可能是什么原因。帖子沉得太快，自顶一下。
bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	发表于： 2007-04-16 21:34 \| 只看楼主短消息资料字号：小中大 1楼小红伞撑不开，2000系统出问题了，有请高手（附日志）单位机器，小红伞撑不开，但能够在线升到最新版，每次杀毒都说iExplorer.EXE有毒，能清除，再扫描还有。具体疹状是：1，IE中链接失效，使得我不能在线杀毒，不能下载软件。2，资源管理器中文件不能拷贝和移动，但能创建和删除，我的System Repair Engineer都是在别的机器上下载到U盘，在U 盘上执行和保存日志。3，瑞星的监控死活启动不了。4，“我的连接”内为空，但能上网，BT正常。5，桌面图标不能移动。 ========= 2007-04-19 01:59:50
bigheadbear 初生襁褓狮帖子:22 注册: 2007-04-16 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 小红伞撑不开，2000系统出问题了，有请高手（附日志）

小红伞撑不开，2000系统出问题了，有请高手（附日志）

小红伞撑不开，2000系统出问题了，有请高手（附日志）

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛小红伞撑不开，2000系统出问题了，有请高手（附日志）