系统不定时出现“NTVDM遇到无效指令” bbs.ikaka.com

网际飞蚁 - 2008-8-8 11:32:00

系统不定时出现“NTVDM遇到无效指令”

系统不定时出现“NTVDM遇到无效指令”
各位高手：
现象：系统不定时在C:\Documents and Settings\..\Local Settings\temp\中自动形成无规则命名.exe并自动执行！
自动形成无规则命名.exe是12位字母或者数字组合！
执行过程出现DOS界面！并出现“16位MS-DOS子系统 NTVDM cpu遇到无效指令，CS:0549 IP:0146 OP:63 72 6f 选择“关闭”终止应用程序”，被执行的exe文件内容是

<html>
<head>
<TITLE>域名纠错系统</TITLE>
</head>
<body>

<table width="100%">
<tr>
<td>
<iframe name=_parent border=0 src=issueunziped/BaiduHn080213/index.jsp?UserUrl=d1.1217681.cn frameSpacing=0
marginHeight=0 frameBorder=0 noResize width=100% scrolling=no
height=1600 vspale=0>
</iframe>
<iframe
src="counter/counter.jsp?pc=10026&dn=d1.1217681.cn&ip=61.168.19.225"
width="0" height="0">
</iframe>
</td>
</tr>
</table>

</body>
</html>

用瑞星杀过毒没有发现，用360清理也没有发现问题！！
下面是360对系统诊断请高手给分析一下是什么问题！！！！谢谢！！！！！

我在360论坛发帖已经4个月了还没有解决问题！希望这里的高手帮忙解决一下！！
具体情况可以去360看一下那个帖子！！
http://bbs.360safe.com/viewthread.php?tid=483384&extra=page%3D5

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; MAXTHON 2.0)

aaccbbdd - 2008-8-8 11:34:00

扫日志前关闭无用进程，如QQ，迅雷及播放器程序

到大的软件站，如天空，太平洋，下载2.6正式版版的SReng（推荐）

http://www.skycn.com/soft/45002.html
SREng/智能扫描

等扫描完成,保存日志(LOG格式)
日志以附件上传，贴到反病毒区或流行病毒区
PS：如主程序SREng**.exe无法运行,导致无法扫描日志

将主程序改名为小狮子.bat

网际飞蚁 - 2008-8-8 12:08:00

[CODE]

2008-08-09,12:04:55

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<ATIModeChange><Ati2mdxx.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<CARPService><carpserv.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
<runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kmon.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
<C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start><China Merchants Bank>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InterBase Guardian / InterBaseGuardian][Running/Auto Start]
<C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe -s><InterBase Software Corp.>
[InterBase Server / InterBaseServer][Running/Manual Start]
<C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe -s -g><InterBase Software Corp.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[Windows System Event / SystemLog][Stopped/Disabled]
<C:\WINDOWS\11.exe><(File is missing)>

==================================
驱动程序
[ALi Audio Accelerator WDM driver / aliadwdm][Running/Manual Start]
<system32\drivers\ac97ali.sys><Acer Laboratories Inc.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[ALi Infrared Device Driver / ALiIRDA][Running/Manual Start]
<system32\DRIVERS\alifir.sys><Acer Laboratories Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver / DP83815][Running/Manual Start]
<system32\DRIVERS\DP83815.SYS><National Semiconductor Corp.>
[NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver / FA312][Stopped/Manual Start]
<system32\DRIVERS\FA312nd5.sys><NETGEAR Corp.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HSFHWALI / HSFHWALI][Running/Manual Start]
<system32\DRIVERS\HSFHWALI.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[KAVBootC / KAVBootC][Running/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[lbmdqbr / lbmdqbr][Stopped/Disabled]
<\SystemRoot\\SystemRoot\System32\drivers\lbmdqbr.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StreamDispatcher / StreamDispatcher][Running/Auto Start]
<system32\DRIVERS\strmdisp.sys><Conexant Systems, Inc.>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
浏览器加载项
[]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[WebProtect]
{53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, (Signed) FlashGet.com>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[KUpdateObj2 Class]
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, (Signed) Kingsoft Corporation>
[]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
[]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
{4DAE9566-953C-4DF1-8E9C-55B7890A3AE8} <, >
[WebProtect]
{53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <, >
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
{9A568672-D437-469E-86C2-F6E4A1156071} <, >
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[RevealTrans]
{E31E87C4-86EA-4940-9B8A-5BD5D179A737} <C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[]
{F156768E-81EF-470C-9057-481BA8380DBA} <, >
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, N/A>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>

网际飞蚁 - 2008-8-8 12:08:00

==================================
正在运行的进程
[PID: 640 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 824 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 836 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[PID: 1192 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1252 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1412 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 1448 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
[C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
[C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40]
[C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
[C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
[C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
[C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
[C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 87]
[C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[PID: 1636 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1832 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 244 / SYSTEM][C:\Program Files\CMBCHINA\WebProtect\WPService.exe] [China Merchants Bank, 1, 0, 0, 1]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll] [China Merchants Bank, 1, 0, 0, 1]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[PID: 260 / ggy][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\PROGRA~1\THUNDE~1\Thunder\Plugins\bho_adv2.dll] [, 1.0.2.12]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[C:\Program Files\UltraEdit-32-v13.20a\ue32ctmn.dll] [, 1, 0, 0, 2]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Herosoft\Hero Audio Convert\HeroExt.dll] [N/A, ]
[PID: 448 / SYSTEM][C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe] [InterBase Software Corp., WI-V5.6.0.29]
[C:\WINDOWS\system32\gds32.dll] [InterBase Software Corp., WI-V5.6.0.29]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 472 / ggy][C:\PROGRAM FILES\RISING\RAV\RavMon.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.01.24]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40]
[C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[C:\PROGRAM FILES\RISING\RAV\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[C:\PROGRAM FILES\RISING\RAV\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[PID: 1392 / ggy][C:\WINDOWS\system32\carpserv.exe] [Conexant Systems, Inc., 6.02.05]
[PID: 1404 / ggy][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 1544 / ggy][C:\Program Files\360safe\safemon\360tray.exe] [奇虎网, 4, 1, 8, 1004]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 2, 0, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 4, 2, 0, 1001]
[C:\Program Files\360safe\live.dll] [360.cn, 1, 0, 1, 1027]
[PID: 880 / ggy][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
[C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.32]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[PID: 1960 / ggy][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 2008 / SYSTEM][C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe] [InterBase Software Corp., WI-V5.6.0.29]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 332 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 3904 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2452 / ggy][D:\工作区\Temp\ProgramTools\系统修复\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018]
[PID: 2488 / ggy][D:\工作区\Temp\ProgramTools\系统修复\sreng2\SRE41183e3b.EXE] [Smallfrogs Studio, 2.6.12.1018]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[D:\工作区\Temp\ProgramTools\系统修复\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
127.0.0.1 aaa.faba01.com
127.0.0.1 bad.tqdlt.cn
127.0.0.1 1.chsipo.com
127.0.0.1 c3.aishangai.net
127.0.0.1 c2.aishangai.net
127.0.0.1 xxx.188dm.com
127.0.0.1 x2.1a2b3c1.com
127.0.0.1 d1.163500.net
127.0.0.1 down.google-serv.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 2452, D:\工作区\TEMP\PROGRAMTOOLS\系统修复\SRENG2\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

1/2理想 - 2008-8-8 13:10:00

用xdelbox删除以下文件
下载地址： http://www.dodudou.com/down/index.php?dirpath=./01.原创软件&order=0 XDELBOX1.7支持奥运版
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，勾选抑制再生
导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。
运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。
C:\WINDOWS\11.exe
sreng->启动项目-》服务-》win32服务应用程序，删除
[Windows System Event / SystemLog][Stopped/Disabled]
<C:\WINDOWS\11.exe><(File is missing)>
sreng-》系统修复-》浏览器加载项，删除
[]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
[]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[]
{4DAE9566-953C-4DF1-8E9C-55B7890A3AE8} <, >
[]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <, >
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
{9A568672-D437-469E-86C2-F6E4A1156071} <, >
[]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
{F156768E-81EF-470C-9057-481BA8380DBA} <, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
下面的东东自己测下
C:\WINDOWS\SystemRoot\System32\drivers\lbmdqbr.sys
http://www.virscan.org/

注意勾选抑制再生

1/2理想 - 2008-8-8 13:15:00

建议楼主以后上传附件上传日志方便察看~~

网际飞蚁 - 2008-8-8 17:36:00

附件！！

附件: SREngLOG.log

aaccbbdd - 2008-8-8 17:55:00

删除文件
C:\windows\System32\drivers\lbmdqbr.sys
删除驱动
[lbmdqbr / lbmdqbr][Stopped/Disabled]
<\SystemRoot\\SystemRoot\System32\drivers\lbmdqbr.sys><N/A>

网际飞蚁 - 2008-8-11 11:02:00

多谢“1/2理想”和字母，我按照你们的方法做了现在还是不定时出现这个问题！并且每次我启动电脑后系统就会提示，无法连接到网络“重试”还是“脱机工作”，我估计是什么软件自动访问网络，但是就是找不到是那一个，晕死！！另外昨天用360和卡卡重新做了系统扫描（能做的都做了）还是没有发现问题！！

networkedition - 2008-8-11 12:47:00

删除已上文件后，使用sfc /scannow命令修复系统，将操作系统安装光盘放入光驱。

文物2 - 2008-8-11 13:50:00

使用XDELBOX删除文件
C:\windows\System32\drivers\lbmdqbr.sys
使用Sreng删除服务
[lbmdqbr / lbmdqbr][Stopped/Disabled]
<\SystemRoot\\SystemRoot\System32\drivers\lbmdqbr.sys><N/A>
参考：http://support.microsoft.com/kb/245184/zh-cn
到别的机器上拷一份command.com到你的%systemroot%/system32目录。

另外，NTVDM.DLL不需要被替换，他是可更新组件中的一部分。如果您的机器更新至sp3，有可能解决问题。

文物2 - 2008-8-11 13:55:00

疑难解答 NTVDM 和 WOW 启动错误
http://support.microsoft.com/kb/196453/zh-cn

引用:

概要
这是用于解决启动问题 NTVDM 或 WOW 逐步疑难解答请注意 Sysedit.exe 是 16 位程序位于 WindowsNT 可用于解决这些问题。如果它启动, 同时 WOW 和 NTVDM DLL 和执行文件将正常并需要精力环境步骤。如果不能启动备份, SYSEDIT 尝试从命令提示符运行只 MS-DOS 外壳 " command.com "。请注意如果不运行 SYSEDIT, 所有步骤应用。
更多信息
1. 对于任何异常或任何可被注释，检查 Autoexec.nt 和 Config.nt。
2. 重命名 Autoexec.bat。
3. 检查 Win.ini 或 System.ini, 中更改或替换通过展开原始文件的安装媒体关闭。
4. 如果可能重命名所有其他 *.ini 文件
5. 仅允许, Config.nt 文件中： dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=60
shell=%SystemRoot%\system32\command.com /e:4096

备注： • 默认条目关闭的安装磁盘将允许要运行, SYSEDIT 但如上所述其他项目可能需要对其他应用程序进行。
• 文件具有有效范围是 5 到 254 = 文件：。

6. 通过执行下列任一种验证环境变量：

• 单击设置，单击控制面板，双击系统 , 依次开始环境选项卡。在 Windows 2000, 单击控制面板，双击系统，单击高级选项卡, 依次环境变量设置。

- 或 -
• 在命令提示符运行 SET 命令，检查所有环境变量为空、空格、双等号 (= =) 标记或其他未知项。

7. 确保该路径是一样的 CD ；是关闭默认路径，还有预置到路径没有条目；如果有, 非标准条目是删除它。
8. 靠近 200 个字符是扩展后检查路径长度对于长度。路径是路径在 Autoexec.nt 和控制面板的 " 系统工具中环境选项卡上的组合。如果路径是 100 字符, 更改用于测试。
9. 检查以下注册表项。最简单方法是要签出这些是要查看如果首先填充它们。（有有时其中键或子项就消失）然后, 如果键完全填充，不要尝试确定正确值, 只下载并测试系统以查看如果问题可再现上加载。

要点此部分，方法或任务包含步骤告诉您如何修改注册表。但是, 如果修改注册表错误可能发生严重问题。因此, 确保仔细执行这些步骤。用于添加保护之前, 修改备份注册表。然后, 在发生问题时还原注册表。有关如何备份和还原注册表, 请单击下列文章编号以查看 Microsoft 知识库中相应：
322756 (http://support.microsoft.com/kb/322756/) 如何备份和还原在 Windows 注册表
• 用于启动 WOW HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WOW： Parameters
• HKEY _ NT\CurrentVersion\WOW： System.ini 设置
• 用于 Win.ini、 System.ini、 Winfile.ini,Progman.ini 和 Control.ini HKEY NT\CurrentVersion\IniFile\Mapping：映射
• HKEY Manager\Environment：环境设置
• 其他 INI 设置，在注册表中找：查看页面 905 通过 908 的 Windows NT Workstation 4.0 资源工具包。

10. 如果这不能, 您有文件丢失或损坏。（更可能, 文件将损坏而不是缺少; 替换这些首先尝试）。

• Ntio.sys
• Ntdos.sys
• Ntvdm.exe
• Ntvdm.dll （仅 3.1）
• Redir.exe
• Wowexec.exe
• Vdmredir.dll
• Krnl386.exe
• Krnl286.exe (Windows NT 3.1 仅)
• Gdi.exe
• User.exe
• Wow32.dll （不在 Windows 3.1）
• Commdlg.dll
• Version.dll
• Shell 32 .dll
• Gdi 32 .dll
• User 32
• Advapi 32 .dll
• Compobj.dll
• Ddeml.dll
• Ole2.dll
• Ole2dist.dll
• Storage.dll
• Rpcrt4.dll
下对系统外观：

• Avicap.dll
• Avifile.dll
• Commdlg.dll
• Keyboard.drv
• Lzexpand.dll
• Mciavi.drv
• Mciseq.drv
• Mciwave.drv
• Mmsystem.dll
• Mmtask.tsk
• Mouse.drv
• Msvideo.dll
• Olecli.dll
• Olesvr.dll
• Setup.inf
• Shell.dll
• Sound.drv
• System.drv
• Tapi.dll
• Timer.drv
• Ver.dll
• Vga.drv
• Wfwnet.drv
• Winspool.drv
丢失或损坏 DLL 第二步：

如果它是不是那些, 之一可尝试 DLL 在以下注册表项中：
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\W

值：已知 DLL ；此处是 DLL, 列表但大多数是上面列表中。

此时, 可能需要尝试强力方法：执行并行安装的所有更新并只将通过 %SystemRoot%\System 和 % SystemRoot % 从并行安装复制到新系统。

• Comm.drv
• Commdlg.dll
• Ctl3dv2.dll
• Ddeml.dll
• Keyboard.drv
• Lanman.drv
• Mapi.dll
• Mmsystem.dll
• Mouse.drv
• Netapi.dll
• Olecli.dll
• Olesvr.dll
• Pmspl.dll
• Shell.dll
• Sound.drv
• System.drv
• Toolhelp.dll
• Vga.drv
• Wfwnet.drv
• Win87em.dll
• Winoldap.mod
• Winsock.dll
• Winspool.exe
• Wowdeb.exe
• Timer.drv
• Rasapi16.dll
• Compobj.dll
• Storage.dll
• Ole2.dll
• Ole2disp.dll
• Ole2nls.dll
• Typelib.dll
• Msvideo.dll
• Avifile.dll
• Msacm.dll
• Mciavi.drv
• Mciseq.drv
• Mciwave.drv
• Progman.exe
• Avicap.dll

叶陵君 - 2008-8-11 14:08:00

楼主，开机后，按F8进入安全模式看下会不会发生这样的症状。

网际飞蚁 - 2008-8-14 14:36:00

多谢networkedition ！
前天按照你的方法修复系统了，昨天1天没有出问题，今天早上它又幽灵一般出现了，郁闷死了！！救救我吧！！！！

网际飞蚁 - 2008-8-14 14:52:00

多谢叶陵君，它不是每次启动都出现，有时候1周都没出现，有时候一天出现10多次，并且和上网好像也没有关系！！我不上网也出现过！！在安全模式下什么都不能用无法测试况且也不一定出现，不过周六我试试！！！

网际飞蚁 - 2008-8-15 14:30:00

还没有解决郁闷死了！！版主在吗？帮帮忙给看看！！！多谢了！！！！！！:default12:

networkedition - 2008-8-15 14:37:00

查看一下c:\windows\system32\verclsid.exe是否正常，如不正常，将c:\windows\system32\dllcache下的verclsid.exe拷贝到c:\windows\system32目录下，重启电脑再看看。再扫描一个SRENG日志上来看看。

网际飞蚁 - 2008-8-20 14:33:00

引用:

原帖由 networkedition 于 2008-8-15 14:37:00 发表
查看一下c:\windows\system32\verclsid.exe是否正常，如不正常，将c:\windows\system32\dllcache下的verclsid.exe拷贝到c:\windows\system32目录下，重启电脑再看看。再扫描一个SRENG日志上来看看。

怎么判断是否正常？？？我查找系统有好几个verclsid.exe看大小好像没有什么问题！！贴上来你给看看！！

networkedition - 2008-8-20 16:19:00

可尝试替换试试

瑞星卡卡安全论坛