瑞星都起不来了!怎么办! - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛瑞星都起不来了!怎么办!

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

瑞星都起不来了!怎么办!

zshyes2008 初生襁褓狮帖子:4 注册: 2007-01-02 来自:	发表于： 2007-01-02 21:09 \| 显示全部短消息资料字号：小中大 1楼瑞星都起不来了!怎么办! 我这里有很多的机子瑞星都起不来了,手动打开就会自动关掉,从装瑞星都没有用. "任务管理器"和"注册表"也同样一打开就会自动关掉. 现有其中一台机子的日志. 麻烦各位给点意见! 启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><internat.exe> [Microsoft Corporation] <svcshare><C:\WINNT\system32\drivers\spoclsv.exe> [N/A] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <eSafeMon><C:\Program Files\eSafe\eSafe_monitor.exe> [N/A] <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe"> [N/A] <WinHelp><C:\WINNT\system32\WinHelp.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\ravext.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServ iceObjectDelayLoad] <Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll> [Microsoft Corporation] <WebCheck><%SystemRoot%\system32\webcheck.dll> [Microsoft Corporation] <SysTray><stobject.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] <WinlogonNotify: crypt32chain><crypt32.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] <WinlogonNotify: cryptnet><cryptnet.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] <WinlogonNotify: cscdll><cscdll.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] <WinlogonNotify: sclgntfy><sclgntfy.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] <WinlogonNotify: SensLogn><WlNotify.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] <WinlogonNotify: wzcnotif><wzcdlg.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui .dll> [Microsoft Corporation] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui .dll> [Microsoft Corporation] ================================== 启动文件夹 [EPSON Status Monitor 3 Environment Check 2] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Status Monitor 3 Environment Check 2.lnk --> C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [SEIKO EPSON CORPORATION]><N> [Microsoft Office] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\Program Files\Microsoft Office\Office\OSA9.EXE [N/A]><N> ================================== 服务 [Alerter / Alerter] <C:\WINNT\System32\services.exe><Microsoft Corporation> [Application Management / AppMgmt] <C:\WINNT\system32\services.exe><Microsoft Corporation> [ASP.NET State Service / aspnet_state] <C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe><Microsof t Corporation> [Background Intelligent Transfer Service / BITS] <C:\WINNT\System32\svchost.exe -k BITSgroup-->C:\WINNT\System32\qmgr.dll><Microsoft Corporation> [Computer Browser / Browser] <C:\WINNT\System32\services.exe><Microsoft Corporation> [Indexing Service / cisvc] <C:\WINNT\System32\cisvc.exe><Microsoft Corporation> [ClipBook / ClipSrv] <C:\WINNT\system32\clipsrv.exe><Microsoft Corporation> [.NET Runtime Optimization Service v2.0.50727_X86 / clr_optimization_v2.0.50727_32] <C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe><Microsoft Corporation> [DHCP Client / Dhcp] <C:\WINNT\System32\services.exe><Microsoft Corporation> [Logical Disk Manager Administrative Service / dmadmin] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Logical Disk Manager / dmserver] <C:\WINNT\System32\services.exe><Microsoft Corporation> [DNS Client / Dnscache] <C:\WINNT\System32\services.exe><Microsoft Corporation> [eSafe notification service / eSafeService] <C:\WINNT\system32\eSafeService.exe><DMWZ> [Event Log / Eventlog] <C:\WINNT\system32\services.exe><Microsoft Corporation> [COM+ Event System / EventSystem] <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\es.dll><Microsoft Corporation> [Fax Service / Fax] <C:\WINNT\system32\faxsvc.exe><Microsoft Corporation> [Server / lanmanserver] <C:\WINNT\System32\services.exe><Microsoft Corporation> [Workstation / lanmanworkstation] <C:\WINNT\System32\services.exe><Microsoft Corporation> [TCP/IP NetBIOS Helper Service / LmHosts] <C:\WINNT\System32\services.exe><Microsoft Corporation> [Messenger / Messenger] <C:\WINNT\System32\services.exe><Microsoft Corporation> [NetMeeting Remote Desktop Sharing / mnmsrvc] <C:\WINNT\System32\mnmsrvc.exe><Microsoft Corporation> [Distributed Transaction Coordinator / MSDTC] <C:\WINNT\System32\msdtc.exe><Microsoft Corporation> [Windows Installer / MSIServer] <C:\WINNT\system32\msiexec.exe /V><Microsoft Corporation> [Network DDE / NetDDE] <C:\WINNT\system32\netdde.exe><Microsoft Corporation> [Network DDE DSDM / NetDDEdsdm] <C:\WINNT\system32\netdde.exe><Microsoft Corporation> [Net Logon / Netlogon] <C:\WINNT\System32\lsass.exe><Microsoft Corporation> [Network Connections / Netman] <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\netman.dll><Microsoft Corporation> [NT LM Security Support Provider / NtLmSsp] <C:\WINNT\System32\lsass.exe><Microsoft Corporation> [Removable Storage / NtmsSvc] <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\NtmsSvc.dll><Microsoft Corporation> [Visibroker Activation Daemon / oad] <C:\PROGRA~1\Borland\vbroker\bin\oad.exe><N/A> [Oracle%ORACLE_HOME_SERVICE%ClientCache80 / Oracle%ORACLE_HOME_SERVICE%ClientCache80] <C:\ORANT\BIN\ONRSD80.EXE><N/A> [VisiBroker Smart Agent / osagent] <C:\PROGRA~1\Borland\vbroker\bin\osagent.exe><N/A> [Plug and Play / PlugPlay] <C:\WINNT\system32\services.exe><Microsoft Corporation> [IPSEC Policy Agent / PolicyAgent] <C:\WINNT\System32\lsass.exe><Microsoft Corporation> [Protected Storage / ProtectedStorage] <C:\WINNT\system32\services.exe><Microsoft Corporation> [Remote Access Auto Connection Manager / RasAuto] <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasauto.dll><Microsoft Corporation> [Remote Access Connection Manager / RasMan] <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation> [RavService / RavService] <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.> [Routing and Remote Access / RemoteAccess] <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mprdim.dll><Microsoft Corporation> [Remote Registry Service / RemoteRegistry] <C:\WINNT\system32\regsvc.exe><Microsoft Corporation> [Remote Procedure Call (RPC) Locator / RpcLocator] <C:\WINNT\System32\locator.exe><Microsoft Corporation> [Remote Procedure Call (RPC) / RpcSs] <C:\WINNT\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation> [QoS RSVP / RSVP] <C:\WINNT\System32\rsvp.exe -s><Microsoft Corporation> [Security Accounts Manager / SamSs] <C:\WINNT\system32\lsass.exe><Microsoft Corporation> [Smart Card Helper / SCardDrv] <C:\WINNT\System32\SCardSvr.exe><Microsoft Corporation> [Smart Card / SCardSvr] <C:\WINNT\System32\SCardSvr.exe><Microsoft Corporation> [Task Scheduler / Schedule] <C:\WINNT\system32\MSTask.exe><Microsoft Corporation> [RunAs Service / seclogon] <C:\WINNT\system32\services.exe><Microsoft Corporation> [System Event Notification / SENS] <C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\sens.dll><Microsoft Corporation> [Internet Connection Sharing / SharedAccess] <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\ipnathlp.dll><Microsoft Corporation> [Print Spooler / Spooler] <C:\WINNT\system32\spoolsv.exe><Microsoft Corporation> [Performance Logs and Alerts / SysmonLog] <C:\WINNT\system32\smlogsvc.exe><Microsoft Corporation> [Telephony / TapiSrv] <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation> [Telnet / TlntSvr] <C:\WINNT\system32\tlntsvr.exe><Microsoft Corporation> [Distributed Link Tracking Client / TrkWks] <C:\WINNT\system32\services.exe><Microsoft Corporation> [Uninterruptible Power Supply / UPS] <C:\WINNT\System32\ups.exe><Microsoft Corporation> [Utility Manager / UtilMan] <C:\WINNT\System32\UtilMan.exe><Microsoft Corporation> [VRVWatchServer / VRVWatchServer] <"C:\WINNT\system32\WatchClient.exe" -service><N/A> [Windows Time / W32Time] <C:\WINNT\System32\services.exe><Microsoft Corporation> [Windows Management Instrumentation / WinMgmt] <C:\WINNT\System32\WBEM\WinMgmt.exe><Microsoft Corporation> [Windows Management Instrumentation Driver Extensions / Wmi] <C:\WINNT\system32\Services.exe><Microsoft Corporation> 2007-01-02 21:53:29
zshyes2008 初生襁褓狮帖子:4 注册: 2007-01-02 来自:	分享到：

zshyes2008 初生襁褓狮帖子:4 注册: 2007-01-02 来自:	发表于： 2007-01-02 21:10 \| 显示全部短消息资料字号：小中大 2楼【回复“zshyes2008”的帖子】正在运行的进程 [PID: 112][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 140][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\VrvHook.dll] [edp, 6, 4, 19, 15] [PID: 160][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6898] [C:\WINNT\system32\vrvhook.dll] [edp, 6, 4, 19, 15] [PID: 188][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700] [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [C:\WINNT\system32\VrvHook.dll] [edp, 6, 4, 19, 15] [PID: 200][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902] [C:\WINNT\system32\VrvHook.dll] [edp, 6, 4, 19, 15] [PID: 360][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\vrvhook.dll] [edp, 6, 4, 19, 15] [PID: 388][C:\WINNT\system32\WatchClient.exe] [N/A, 6, 6, 16, 21] [C:\WINNT\system32\vrvhook.dll] [edp, 6, 4, 19, 15] [PID: 400][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100] [C:\WINNT\system32\vrvhook.dll] [edp, 6, 4, 19, 15] [PID: 408][C:\WINNT\system32\VrvEdp_m.exe] [N/A, 6, 6, 20, 536] [C:\WINNT\system32\Cipherop.dll] [Cipherop, 6, 6, 18, 17] [C:\WINNT\system32\VrvHook.dll] [edp, 6, 4, 19, 15] [PID: 468][C:\WINNT\system32\ntsd.exe] [Microsoft Corporation, 5.00.2184.1] [C:\WINNT\system32\vrvhook.dll] [edp, 6, 4, 19, 15] [PID: 440][C:\WINNT\system32\Vrvsafec.exe] [edp, 6, 4, 19, 15] [C:\WINNT\system32\vrvhook.dll] [edp, 6, 4, 19, 15] [PID: 488][C:\WINNT\system32\vrvrf_c.exe] [, 6, 6, 6, 11] [C:\WINNT\system32\vrvpwk.dll] [, 1, 0, 0, 1] [C:\WINNT\system32\VrvKeyBoard.dll] [, 1, 0, 0, 1] [C:\WINNT\system32\vrvhook.dll] [edp, 6, 4, 19, 15] [C:\WINNT\system32\vrvfw_c.dll] [, 1, 0, 0, 2] [C:\WINNT\system32\vrvrun_c.dll] [, 1, 0, 0, 1] [C:\WINNT\system32\bkfile.dll] [N/A, N/A] [C:\WINNT\system32\edpaudfliter.dll] [, 1, 0, 0, 1] [PID: 540][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690] [C:\WINNT\system32\vrvhook.dll] [edp, 6, 4, 19, 15] [C:\WINNT\system32\VrvKeyBoard.dll] [, 1, 0, 0, 1] [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] [N/A, N/A] [C:\WINNT\system32\ravext.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19] [C:\WINNT\system32\SIMPLE~1.DLL] [, 1, 0, 0, 1] [C:\PROGRA~1\WinZip\WZSHLSTB.DLL] [WinZip Computing, Inc., 3.0 (32-bit)] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [C:\PROGRA~1\GLOBAL~1\CuteFTP\CuteShell.dll] [, 1, 0, 0, 1] [C:\Program Files\UltraEdit\ue32ctmn.dll] [, 1.0] [PID: 564][C:\WINNT\system32\taskmgr.exe] [Microsoft Corporation, 5.00.2195.6620] [C:\WINNT\system32\VrvHook.dll] [edp, 6, 4, 19, 15] [C:\WINNT\system32\VrvKeyBoard.dll] [, 1, 0, 0, 1] [PID: 584][C:\Documents and Settings\kjk\桌面\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605] [C:\WINNT\system32\VrvHook.dll] [edp, 6, 4, 19, 15] [C:\WINNT\system32\VrvKeyBoard.dll] [, 1, 0, 0, 1] [C:\WINNT\system32\eScs.dll] [, 1, 0, 0, 1] [C:\WINNT\system32\ESAFEC.dll] [, 1, 1, 1, 3] [C:\WINNT\system32\eSUI.dll] [N/A, 1, 0, 0, 3] [C:\WINNT\system32\GAKeyPub.dll] [N/A, N/A] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 MSAFD Tcpip [TCP/IP] C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD Tcpip [UDP/IP] C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD Tcpip [RAW/IP] C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) RSVP UDP Service Provider C:\WINNT\system32\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider) RSVP TCP Service Provider C:\WINNT\system32\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{07A673E1-EFB4-4440-8536-200446E0CA9E}] SEQPACKET 0 C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{07A673E1-EFB4-4440-8536-200446E0CA9E}] DATAGRAM 0 C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A843CDE-81FB-42C4-ACD8-B7675C61375C}] SEQPACKET 1 C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A843CDE-81FB-42C4-ACD8-B7675C61375C}] DATAGRAM 1 C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{BBAE0781-4B1E-4A13-B1B4-11A70FE24CA4}] SEQPACKET 2 C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{BBAE0781-4B1E-4A13-B1B4-11A70FE24CA4}] DATAGRAM 2 C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost
zshyes2008 初生襁褓狮帖子:4 注册: 2007-01-02 来自:

zshyes2008 初生襁褓狮帖子:4 注册: 2007-01-02 来自:	发表于： 2007-01-02 21:23 \| 显示全部短消息资料字号：小中大 3楼我在安全模式下杀都杀出有病毒是"Trojan.Dl.html.spreader.a" 而且都是感染*.htm格式. 但杀完了还是没有用.
zshyes2008 初生襁褓狮帖子:4 注册: 2007-01-02 来自:

zshyes2008 初生襁褓狮帖子:4 注册: 2007-01-02 来自:	发表于： 2007-01-02 22:02 \| 显示全部短消息资料字号：小中大 4楼怎么没人说话了
zshyes2008 初生襁褓狮帖子:4 注册: 2007-01-02 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT